Merged
Conversation
…ts in vector search components (#5695) * feat: Introduce SearchIndexDetailsSource enum for better telemetry tracking References: RI-7940
…onality (#5701) * Added isIndexPanelOpen prop to PageHeader for managing index panel state. * Updated ViewIndexButton to reflect active state based on isIndexPanelOpen. * Adjusted tests to accommodate new prop in PageHeader. References: #7947
Bumps [yaml](https://github.com/eemeli/yaml) from 2.4.1 to 2.8.3. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.4.1...v2.8.3) --- updated-dependencies: - dependency-name: yaml dependency-version: 2.8.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(ui): block external URL fetch in enablement area * fix(ui): escape dynamic attributes in markdown remark plugins * fix(ui): expand JsxParser tag and attribute restrictions * fix(ui): handle null language in remarkCode for allLangs option References: #RED-191666
…nges-from-main cherry pick important changes from main to release
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.3.2) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.3.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…5709) * fix(ui): Refactor QueryCardHeader styles and enhance tooltip display * fix(ui): update tooltip placement * fix(ui): update tooltip placement with multiple items
…out (#5710) * fix(ui): Update tooltip text for Workbench navigation in CodeButtonBlock and tests * fix(ui): Introduce AccordionBody styled component for improved layout in Recommendation panel * fix(ui): Adjust RiAccordion CollapseButton style for better layout * feat(ui): make the insight panel resizable * fix(ui): lift capability auto-open effect out of conditionally mounted SidePanels * feat(ui): enhance RiAccordion with custom label and toggle functionality
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.11 to 0.8.12. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.11...0.8.12) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
* fix(ui): restore tutorial links broken by JsxParser blacklist * fix(ui): strip HTML <link> elements to prevent external resource loading
Bumps [electron](https://github.com/electron/electron) from 39.2.1 to 39.8.4. - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v39.2.1...v39.8.4) --- updated-dependencies: - dependency-name: electron dependency-version: 39.8.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
* fix(api): add ip fallback for cluster node matching with hostnames * chore(e2e): add Docker cluster with cluster-announce-hostname * test(e2e): add Playwright cluster details tests for IP and hostname clusters * ci(e2e): wait for Redis clusters before running Playwright tests
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [electron](https://github.com/electron/electron) from 39.8.4 to 39.8.5. - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v39.8.4...v39.8.5) --- updated-dependencies: - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
* test(api): enhance cluster shards info strategy tests and add factory for mock data * test(api): add validations for cluster nodes in cluster details response * fix(api): add ip fallback for cluster node matching with hostnames * test(api): add ip field assertions to cluster shards unit tests
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 6.4.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) from 11.0.20 to 11.1.18. - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v11.1.18/packages/core) --- updated-dependencies: - dependency-name: "@nestjs/core" dependency-version: 11.1.18 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
* fix(security): bump Node.js to 22.22.0 for CVE-2025-55130 * add some missing deps
* chore(deps): replace sqlite3 with better-sqlite3 in project * chore(deps): migrate from sqlite3 to better-sqlite3 in e2e tests * fix(tests): improve feature flag assertions in GET-features tests
Node.js 22.22.0 security fix (CVE-2025-23084) changed path.win32.join behavior: strings containing a colon (like `https:`) now get a `.\` prefix to prevent path traversal. This broke the Windows release build because path.join was being used to concatenate URL segments, producing `.\https:\github.com\...` instead of a valid URL. Replace path.join with template literals since these values are URLs, not filesystem paths. Made-with: Cursor
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Release/3.4.0
Commented out Linux, Windows, and Docker build jobs, store publishing, and non-macOS S3 tags. Replaced blanket S3 rm with selective macOS-only deletes to preserve existing Linux/Windows artifacts. Made-with: Cursor
…-build-macos Setting target to "macos" caused the macOS pipeline to enter the custom (manual) build path which expects build_macos_x64/arm64 format strings. The grep would fail with exit code 1. Keeping target as "all" ensures the correct prod/staging build steps run, while the commented-out jobs in build.yml still prevent Linux/Windows/Docker builds. Made-with: Cursor
Backport #5773: Temporary macOS-only release pipeline
|
|
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
…stem The semver-major/minor/patch-days cooldown properties are not supported for the github-actions package ecosystem in Dependabot, causing config validation failures. Made-with: Cursor
dantovska
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Low Risk
Low risk config/script tweaks: Dependabot scheduling is simplified for GitHub Actions, and URL string building in scripts is made deterministic. The only notable risk is behavior change in how update URLs are composed, but it should reduce platform-specific path issues.
Overview
Simplifies
.github/dependabot.ymlby removing semver-specific cooldown settings for thegithub-actionsecosystem (keeping onlydefault-days).Updates
default-content.tsanddefault-tutorials.tsto build remote archive/build-info URLs via string concatenation instead ofpath.join, avoiding platform-dependent path separators when forming URLs.Updates the
tests/e2eyarn.lockwith a duplicatebetter-sqlite3@^12.8.0entry (lockfile churn only).Reviewed by Cursor Bugbot for commit d9670d3. Bugbot is set up for automated code reviews on this repo. Configure here.