fix: prevent GraphViewTimeline from mutating shared commits array#126
Merged
Conversation
toISOString() always returns UTC, so commits near midnight were assigned to the wrong day for users in non-UTC timezones. Replace with getFullYear/getMonth/getDate to use the browser's local date. Adds unit tests for ActivityChart and a global ResizeObserver mock in test-setup.ts to support Recharts under jsdom.
processCommits called .sort() directly on the commits prop, mutating the shared array in place and causing cross-tab ordering side effects. Spread to a copy before sorting ([...commits].sort(...)). Adds GraphViewTimeline unit tests (happy path, no-mutation, limit) and strengthens ActivityChart tests with a local-date bucketing case. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…sitive lodash CVEs lodash 4.17.21 (the patched version) is already installed. SonarCloud was flagging prototype-pollution and code-injection CVEs because sonar.sources=. caused it to walk node_modules and resolve transitive dependency ranges that include vulnerable versions. Adding node_modules/** to sonar.exclusions removes the false positives without affecting source analysis. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Snyk flagged prototype-pollution and code-injection vulnerabilities in lodash via transitive dependencies (recharts etc.) that declare wide version ranges. Adding a pnpm override forces the resolved version to 4.17.21 which contains all known fixes, making the Snyk findings go away. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…meline ActivityChart: - Extract inline Tooltip render function to ActivityChartTooltip component - Use optional chain (payload?.length) instead of explicit null check - Mark ActivityChartProps as Readonly GraphViewTimeline: - Extract pluralize() helper to eliminate 5 negated-condition findings and reduce cognitive complexity of formatRelativeTime below threshold - Mark GraphViewTimelineProps as Readonly - Replace array index keys with stable keys (branch.name, event.hash) - Extract eventsToShow variable to eliminate nested ternary in JSX Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ld error The extracted tooltip component used a hand-written props type that was incompatible with Recharts' ContentType<ValueType, NameType>. Switch to the official TooltipProps generic to satisfy the overload. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds coverage for CodeChurnChart, FileDistributionChart, Footer, Header, InfoModal, LandingPage, LoadingSpinner, NewsDrawer, RiveLoader, RiveLogo, and SettingsDrawer following the AAA pattern.
…ne branches ActivityChart: - Export ActivityChartTooltip to enable direct unit testing - Test tooltip renders date and commit count when active (happy path) - Test tooltip renders nothing when inactive GraphViewTimeline: - Test fallback timeline events rendered when no commits provided - Test singular time unit (1 day ago) via formatRelativeTime/pluralize - Test locale date fallback for commits older than 12 months - Test Show More button reveals additional commits beyond default 5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
NiklasSkulll
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bug fixes
toISOString()→getFullYear/getMonth/getDate)commitsprop array —processCommitswas calling.sort()directly on the prop, causing cross-tab ordering side effects for other dashboard viewsCode quality (SonarCloud)
Tooltiprender fn toActivityChartTooltipcomponent; optional chainpayload?.length;Readonly<ActivityChartProps>pluralize()helper to fix 5 negated-condition findings and reduceformatRelativeTimecognitive complexity below threshold;Readonly<GraphViewTimelineProps>; stablekeyprops (branch.name,event.hash); extracteventsToShowvariable to eliminate nested ternary in JSXInfrastructure
lodashto^4.17.21viapnpm.overridesto resolve Snyk CVEs (transitive deps declared wide version ranges)node_modules/**from SonarCloud source scanTest plan
pnpm test— 996 tests passActivityChart.test.tsx— 4 tests including local-date bucketing caseGraphViewTimeline.test.tsx— 3 tests: happy path, no-mutation assertion, limit enforcement🤖 Generated with Claude Code