Skip to content

release: promote develop_v4 to stage_v4#619

Merged
hitesh-shetty-cstk merged 9 commits into
stage_v4from
develop_v4
Jul 13, 2026
Merged

release: promote develop_v4 to stage_v4#619
hitesh-shetty-cstk merged 9 commits into
stage_v4from
develop_v4

Conversation

@hitesh-shetty-cstk

Copy link
Copy Markdown
Contributor

develop_v4 → stage_v4

Promotes the latest fixes from develop_v4 to stage_v4 ahead of the next release.

What's changed

Fixes

  • Alt+click link navigation: In-iframe links now navigate on alt+click instead of swallowing the click, restricted to safe URL schemes. Also fixes a leaked test spy.
  • Overlay propagation toolbar pierce: The overlayPropagation flag no longer lets clicks pierce through the SDK's own toolbar; the own-UI guard is folded into the fallback condition.
  • RTE link cursor: Cursor stays visible over RTE links in Visual Builder; npm audit vulnerabilities patched.

Tests

  • Coverage added for alt+click navigation (mouseClick), element data resolution (getCsDataOfElement), and the start-editing button.

shivamfl and others added 9 commits July 6, 2026 13:54
fix(VP-2254): keep cursor visible over RTE links in Visual Builder
…own toolbar

With overlayPropagation enabled, clicks landing on the visual builder's
own UI (field toolbar, overlays) were resolved through
document.elementsFromPoint and could hit a data-cslp element rendered
underneath. A click on the edit (pencil) button then also counted as a
canvas click on the overlapped field, sending a focus event for the
wrong entry and breaking the edit modal's apply flow.

Skip the elementsFromPoint fallback whenever the click target sits
inside .visual-builder__container: the fallback exists to pierce the
website's own overlapping elements, never the SDK's chrome.
…dition

Run the closest() check only when the overlayPropagation fallback is
enabled and no field matched, so hover events skip the extra DOM
traversal in the common case.
…lbar-pierce

fix(visual-builder): keep overlayPropagation from piercing the SDK's own toolbar
fix(VB-1820): navigate on alt+click of in-iframe links instead of swallowing the click
@hitesh-shetty-cstk hitesh-shetty-cstk requested review from a team as code owners July 13, 2026 10:04
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@kirtesh-cstk kirtesh-cstk left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions

Copy link
Copy Markdown

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 67.29% 2517 / 3740
🔵 Statements 66.15% 2555 / 3862
🔵 Functions 64.51% 449 / 696
🔵 Branches 61.79% 1522 / 2463
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
src/visualBuilder/visualBuilder.style.ts 100% 100% 100% 100%
src/visualBuilder/listeners/mouseClick.ts 80.86% 77.01% 68.75% 82.88% 61, 74, 107-110, 119, 153, 165, 175-176, 191, 213-216, 232, 278, 337-342, 384-389, 408-416
src/visualBuilder/listeners/mouseHover.ts 62.41% 49.07% 54.54% 65.15% 52-57, 75, 85, 92, 112, 128-136, 143, 151-158, 167, 179, 189-206, 214-215, 218-260, 282-285, 301-302, 307-310, 312-313, 396, 403, 432
src/visualBuilder/utils/getCsDataOfElement.ts 100% 100% 100% 100%
Generated in workflow #856 for commit d923a9d by the Vitest Coverage Report Action

@hitesh-shetty-cstk hitesh-shetty-cstk merged commit 907352e into stage_v4 Jul 13, 2026
9 checks passed
@hitesh-shetty-cstk hitesh-shetty-cstk deleted the develop_v4 branch July 13, 2026 10:15
@karancs06 karancs06 restored the develop_v4 branch July 14, 2026 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants