Skip to content

Upgrade refractor dependency to v5.0.0 #8618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Upgrade refractor dependency to v5.0.0 #8618

wants to merge 3 commits into from

Conversation

mgadewoll
Copy link
Contributor

@mgadewoll mgadewoll commented Apr 23, 2025
edited
Loading

Summary

closes #8616

This PR updates the refractor dependency from the previous version 3.6.0 to the latest 5.0.0.
The change is required to ensure that the internal primsjm dependency is using at least version 1.30.0 which includes a fix for a DOM Clobbering vulnerability. (see also this previous PR that updated our direct prismjs dependency)

Changes

  • aligned imports, code and types as refractor changed it's default exports and removed types (RefractorNode etc) - instead we import the types directly from the internal dependency (as mentioned here in the changelog)
  • added transformIgnorePatterns and manual transform of refactor code as refractor changed its internals and only exports as ESM but Jest requires commonjs

QA

ℹ️ I ran VRT on the affected components, and no visual changes were detected.

  • ci passes
  • verify tests run and pass
  • verify there is no visual or functional regression between staging and production for the following components:
    • EuiCode
    • EuiCodeBlock
    • EuiMarkdownFormat
    • EuiMarkdownEditor
  • ⌛ test the updated EUI package in Kibana

@mgadewoll mgadewoll self-assigned this Apr 23, 2025
@mgadewoll
build: upgrade refractor dependency to v4.9.0
77a7626 
- updates usages to align with changed API

- updates jest config to ensure ESM-only dependencies are transformed to commonjs
@mgadewoll
build: upgrade refractor to v5.0.0
0363104
@mgadewoll
chore: add changelog
aaf53b6
@mgadewoll mgadewoll force-pushed the build/8616-upgrade-refractor branch from a110a66 to aaf53b6 Compare April 23, 2025 14:34
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @mgadewoll

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

cc @mgadewoll

@justinkambic
Copy link
Contributor

Related to elastic/synthetics-recorder#548, we'd love to see a Refractor upgrade for the Script Recorder as well, which is a consumer of EUI 🎉

@github-actions GitHub Actions
Copy link

👋 Hey there. This PR hasn't had any activity for 90 days. We'll automatically close it if that trend continues for another week. If you feel this issue is still valid and needs attention please let us know with a comment.

@github-actions github-actions bot added the stale-pr (Don't delete - used for automation) label Aug 20, 2025
@github-actions GitHub Actions
Copy link

❌ We're automatically closing this PR due to lack of activity. Please comment if you feel this was done in error.

@github-actions github-actions bot added the stale-pr-closed (Don't delete - used for automation) label Aug 27, 2025
@github-actions github-actions bot closed this Aug 27, 2025
@mgadewoll mgadewoll reopened this Aug 27, 2025
@github-actions github-actions bot removed stale-pr-closed (Don't delete - used for automation) stale-pr (Don't delete - used for automation) labels Aug 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mgadewoll mgadewoll

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade refractor to remove prismjs vulnerability
3 participants
@mgadewoll @elasticmachine @justinkambic