Release 16 RC#194
Merged
Merged
Conversation
Test -> dev
…etry-api-version [Dependency] OpenTelemetry.Api update
Security:
- Add path traversal and injection test cases to ValidateSqIdString
(dot-dot, backslash, URL-encoded, absolute path, null byte, SQL, shell,
CRLF, XSS, template injection)
- Add ValidateSqIdString guard to ReadSavedQueryFromFile and
ReadArchiveCubeFromFile in SqFileInterface
Frontend:
- Fix 6 moderate npm vulnerabilities (brace-expansion, postcss, ws,
uuid via jest-junit upgrade to v17)
- Update 64 snapshots to reflect new MUI/styled-components class name hashes
NLog:
- Fix internalLogFile using ${basedir} instead of unresolvable
${configsetting:...} (config not yet loaded at that point)
- Replace broken enabled="${when:...}" attributes with <filters> blocks;
NLog 6 does not evaluate layout renderers in the enabled attribute
- Fix audit log enabled check by wrapping with ${lowercase:...} to handle
.NET bool.ToString() returning "True" instead of "true"
- Add ColoredConsole target for Development environment, filtered after
Microsoft/System skip rules
…ile IDs; enhance null byte validation test
[Security] Security hardening, npm audit fixes, and nlog config corrections
…ates [Dependency] Update dependencies (frontend, backend, tests)
Contributor
There was a problem hiding this comment.
Pull request overview
“Release 16 RC” updates backend/frontend dependencies and tightens saved-query ID handling and logging configuration as part of a release-candidate stabilization pass.
Changes:
- Add stricter saved-query/archive ID validation at file read boundaries and expand unit tests for invalid SqId inputs.
- Refresh backend/frontend dependencies and bump version numbers.
- Update NLog rules/targets and update frontend Jest snapshots consistent with dependency/styling changes.
Reviewed changes
Copilot reviewed 44 out of 45 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| UnitTests/UtilityFunctionsTests/InputValidationTests.cs | Adds additional negative tests for ValidateSqIdString inputs (traversal/injection patterns). |
| UnitTests/UnitTests.csproj | Updates test package dependencies (NUnit/Test SDK/coverlet/Px.Utils). |
| PxGraf/Utility/SqFileInterface.cs | Adds ValidateSqIdString guard + exception for read operations. |
| PxGraf/PxGraf.csproj | Bumps backend version and updates backend package references (adds OpenTelemetry.Api, updates Px.Utils, etc.). |
| PxGraf/nlog.config | Adjusts log file paths, adds console target for Development, and changes audit/file rule enablement logic. |
| PxGraf.Frontend/src/views/TableTreeSelection/snapshots/TableTreeSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/TableListSelection/snapshots/TableListSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/Editor/snapshots/EditorPreviewSection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/Editor/snapshots/EditorMetaSection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/Editor/snapshots/EditorFooterSection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/Editor/snapshots/EditorFilterSection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/views/Editor/snapshots/Editor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/hooks/tests/useQueryParams.test.tsx | Updates mocked Location shape to match updated router typings. |
| PxGraf.Frontend/src/hooks/tests/useHierarchyParams.test.tsx | Updates mocked Location shape to match updated router typings. |
| PxGraf.Frontend/src/components/VisualizationSettingsControls/UtilityComponents/snapshots/VisualizationSettingsSwitch.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VisualizationSettingsControls/UtilityComponents/snapshots/MarkerScaler.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VisualizationSettingsControls/TypeSpecificControls/snapshots/TablePivotSettings.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VisualizationSettingsControls/snapshots/VisualizationSettingsControl.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/FilterComponents/snapshots/TopNDimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/FilterComponents/snapshots/StartingFromDimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/FilterComponents/snapshots/ManualPickDimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/FilterComponents/snapshots/AllDimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/snapshots/ResultList.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/snapshots/DimensionSelectionList.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/snapshots/DimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/VariableSelection/snapshots/DefaultSelectableDimensionSelection.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/TabPanel/snapshots/TabPanel.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/SaveResultDialog/snapshots/SuccessDialogContent.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/SaveResultDialog/snapshots/SaveResultDialog.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/SaveResultDialog/snapshots/LoadingDialogContent.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/Preview/snapshots/Preview.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/NestedList/snapshots/TableItem.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/NestedList/snapshots/NestedList.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/MetaEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/HeaderEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/EditorField.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/DimensionEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/ContentDimensionValueEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/ContentDimensionEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/MetaEditor/snapshots/BasicDimensionEditor.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/LanguageSelector/snapshots/LanguageSelector.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/InfoBubble/snapshots/InfoBubble.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/src/components/Header/snapshots/Header.test.tsx.snap | Snapshot update due to styling/classname changes. |
| PxGraf.Frontend/package.json | Bumps frontend version and updates dependencies (pxvisualizer, react-router-dom, react-query, jest-junit). |
| PxGraf.Frontend/package-lock.json | Lockfile updates reflecting dependency bumps and transitive changes. |
Files not reviewed (1)
- PxGraf.Frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jsaarimaa
approved these changes
Jun 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.