Skip to content

ui: Fix vite vulnerability#27131

Merged
harsh-vador merged 2 commits intomainfrom
fix-vite-vulnerability
Apr 7, 2026
Merged

ui: Fix vite vulnerability#27131
harsh-vador merged 2 commits intomainfrom
fix-vite-vulnerability

Conversation

@harsh-vador
Copy link
Copy Markdown
Contributor

@harsh-vador harsh-vador commented Apr 7, 2026

Describe your changes:

Updates the main UI workspace to use vite@7.3.2, which includes fixes for the current Dependabot alerts affecting the Vite dev server.

Changes

  • Bumped vite in openmetadata-ui/src/main/resources/ui/package.json
  • Updated openmetadata-ui/src/main/resources/ui/yarn.lock to resolve vite to 7.3.2

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@harsh-vador harsh-vador self-assigned this Apr 7, 2026
@harsh-vador harsh-vador requested a review from a team as a code owner April 7, 2026 13:16
@harsh-vador harsh-vador added safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch labels Apr 7, 2026
@gitar-bot
Copy link
Copy Markdown

gitar-bot bot commented Apr 7, 2026
edited
Loading

Code Review ✅ Approved

Updates Vite to a patched version to resolve a known security vulnerability. No issues found.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact 
gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 64%
 64.28% (59499/92558) 43.78% (31019/70851) 46.94% (9355/19928)

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 7, 2026

Quality Gate Passed Quality Gate passed for 'open-metadata-ui'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

🟡 Playwright Results — all passed (23 flaky)

✅ 3595 passed · ❌ 0 failed · 🟡 23 flaky · ⏭️ 207 skipped

Shard Passed Failed Flaky Skipped
🟡 Shard 1 454 0 3 2
🟡 Shard 2 641 0 1 32
🟡 Shard 3 646 0 5 26
🟡 Shard 4 614 0 8 47
🟡 Shard 5 605 0 2 67
🟡 Shard 6 635 0 4 33
🟡 23 flaky test(s) (passed on retry)
  • Features/DataAssetRulesDisabled.spec.ts › Verify the Topic entity item action after rules disabled (shard 1, 1 retry)
  • Features/DataAssetRulesDisabled.spec.ts › Verify the MlModel entity item action after rules disabled (shard 1, 1 retry)
  • Pages/UserCreationWithPersona.spec.ts › Create user with persona and verify on profile (shard 1, 1 retry)
  • Features/BulkEditEntity.spec.ts › Glossary (shard 2, 1 retry)
  • Features/IncidentManager.spec.ts › Complete Incident lifecycle with table owner (shard 3, 1 retry)
  • Features/Permissions/GlossaryPermissions.spec.ts › Team-based permissions work correctly (shard 3, 1 retry)
  • Features/QueryEntity.spec.ts › Query Entity (shard 3, 1 retry)
  • Flow/ExploreDiscovery.spec.ts › Should display deleted assets when showDeleted is checked and deleted is not present in queryFilter (shard 3, 1 retry)
  • Flow/PersonaFlow.spec.ts › Set default persona for team should work properly (shard 3, 1 retry)
  • Pages/Customproperties-part2.spec.ts › entityReferenceList shows item count, scrollable list, no expand toggle (shard 4, 1 retry)
  • Pages/DataContracts.spec.ts › Create Data Contract and validate for Table (shard 4, 1 retry)
  • Pages/DataContracts.spec.ts › Create Data Contract and validate for ApiEndpoint (shard 4, 1 retry)
  • Pages/DataContracts.spec.ts › Create Data Contract and validate for Directory (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Rename domain with data products attached at domain and subdomain levels (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Verify Domain entity API calls do not include invalid domains field in glossary term assets (shard 4, 1 retry)
  • Pages/Entity.spec.ts › Tag Add, Update and Remove (shard 4, 1 retry)
  • Pages/Entity.spec.ts › Announcement create, edit & delete (shard 4, 1 retry)
  • Pages/ExploreTree.spec.ts › Verify Database and Database Schema available in explore tree (shard 5, 1 retry)
  • Pages/Glossary.spec.ts › Glossary & terms creation for reviewer as team (shard 5, 1 retry)
  • Pages/HyperlinkCustomProperty.spec.ts › should accept valid http and https URLs (shard 6, 1 retry)
  • Pages/Lineage/LineageFilters.spec.ts › Verify lineage schema filter selection (shard 6, 1 retry)
  • Pages/ProfilerConfigurationPage.spec.ts › Non admin user (shard 6, 1 retry)
  • Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)

📦 Download artifacts

How to debug locally 
# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

@harsh-vador harsh-vador merged commit 18b2233 into main Apr 7, 2026
46 checks passed
@harsh-vador harsh-vador deleted the fix-vite-vulnerability branch April 7, 2026 15:38
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

Failed to cherry-pick changes to the 1.12.5 branch.
Please cherry-pick the changes manually.
You can find more details here.

anuj-kumary pushed a commit that referenced this pull request Apr 7, 2026
@harsh-vador @anuj-kumary
ui: Fix vite vulnerability (#27131)
f64346c 
* ui: Fix vite vulnerability

* vite version

(cherry picked from commit 18b2233)
SaaiAravindhRaja pushed a commit to SaaiAravindhRaja/OpenMetadata that referenced this pull request Apr 12, 2026
@harsh-vador @SaaiAravindhRaja
ui: Fix vite vulnerability (open-metadata#27131)
13e02f6 
* ui: Fix vite vulnerability

* vite version
SaaiAravindhRaja pushed a commit to SaaiAravindhRaja/OpenMetadata that referenced this pull request Apr 12, 2026
@harsh-vador @SaaiAravindhRaja
ui: Fix vite vulnerability (open-metadata#27131)
8813f74 
* ui: Fix vite vulnerability

* vite version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@karanh37 karanh37 karanh37 approved these changes

Assignees

@harsh-vador harsh-vador

Labels

safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harsh-vador @karanh37