Audit and Fix Security, Performance, and Accessibility Issues #1047
Conversation
- Performed comprehensive audit and documented findings in VULNERABILITIES.md. - Replaced @sysvale/vue3-long-click with local implementation to resolve mixed Vue versions and ReDoS vulnerability. - Improved accessibility in Clickable.vue, Checkbox.vue, Button.vue, and Label.vue. - Optimized Table.vue by resolving non-unique ID issues. - Optimized LineChart.vue by using tree-shakable Chart.js registration. - Resolved multiple dependency vulnerabilities via npm audit fix. - Added unit tests for Clickable, Checkbox, and Button.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
Os testes automatizados do CI estão falhando. |
Identifiquei que alguns snapshots de teste precisavam ser atualizados devido às melhorias de acessibilidade (como a adição do atributo 'for' em labels e 'role' em elementos clicáveis). Atualizei todos os snapshots e confirmei que todos os 202 testes estão passando agora. |
Updated snapshots for BaseInput, CheckboxGroup, DateInput, MultiFileInput, NumberInput, RadioButtonGroup, Select, Table, TextInput, Textarea, and Tile to reflect intentional accessibility and semantic HTML improvements.
|
Um teste ainda está falhando, pois o snapshot renderiza um ID de componente para o novo atributo |
Você tem razão. Para resolver isso, criei um arquivo de configuração de testes ( |
- Created src/tests/setup.js to mock uuidv4 and generateKey functions. - Configured vitest to use the setup file. - Updated all snapshots to use stable IDs.
There was a problem hiding this comment.
Para manter o padrão do projeto, creio que esse arquivo deveria ser em português, ou pelo menos ter uma versão em português.
There was a problem hiding this comment.
Perfeito, traduzi o arquivo VULNERABILITIES.md para o português para manter a consistência com o restante do projeto.
Translated VULNERABILITIES.md content to Portuguese to match the project's standard language.
This change addresses multiple security, performance, and accessibility issues identified during a project audit.
Key improvements:
@sysvale/vue3-long-clickwhich was pulling in Vue 2 into a Vue 3 project, causing stability issues and introducing ReDoS vulnerabilities. Implemented a locallongClickDirectiveto replace it. Resolved several other vulnerabilities vianpm audit fix.Table.vuewhere multiple elements were assigned the same ID, which caused slow and unreliable DOM queries. OptimizedLineChart.vuebundle size by selectively registering Chart.js components.Clickable.vuenow uses proper ARIA roles, tabindex, and supports keyboard interaction (Enter/Space).Checkbox.vuenow uses a focusable native input, making it accessible to keyboard and screen reader users.Button.vuenow applies the nativedisabledattribute.Label.vuecorrectly applies theforattribute to link with inputs.VULNERABILITIES.mdto track identified issues and recommended further improvements.Clickable,Checkbox, andButtonto ensure ongoing stability and accessibility.PR created automatically by Jules for task 7680327977151558057 started by @lucasn4s