Skip to content

DX | 13-07-2026 | Release#284

Open
naman-contentstack wants to merge 32 commits into
mainfrom
development
Open

DX | 13-07-2026 | Release#284
naman-contentstack wants to merge 32 commits into
mainfrom
development

Conversation

@naman-contentstack

Copy link
Copy Markdown
Contributor

No description provided.

harshitha-cstk and others added 30 commits June 30, 2026 12:56
Merge pull request #247 from contentstack/development
fix: snyk fixes and added dependency overrides
…xperiences and missing variant entry data file [DX-9469]

Two related bugs in the Personalize import pipeline:

1. experiences.ts — pendingVariantAndVariantGrpForExperience was populated with ALL
   created experience UIDs regardless of whether valid variants were submitted to the
   API. Experiences with variants:[] never get variant groups from the Personalize
   backend, so the validation loop timed out and set importData=false, skipping
   attachCTsInExperience for every experience including valid ones. Fixed by changing
   importExperienceVersions to return boolean and only adding UIDs to the pending set
   when valid variants were actually submitted. Also adds a null guard in
   attachCTsInExperience before accessing variantGroup to prevent a silent crash.

2. entries.ts — a bare return inside the no-environments-file branch of the entries
   import function exited the entire function, skipping createEntryDataForVariantEntry().
   This meant data-for-variant-entry.json was never written whenever a stack had no
   environments, causing the variant-entries module to warn about the missing file and
   skip all variant entry imports. Fixed by removing the return.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…DX-9469

Revert changes to audiences.test.ts, variant-entries.test.ts, and
package.json (test script narrowing) — these were workarounds for the
ESM/uuid runner issue and are not part of the DX-9469 fix scope.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…h empty envs [DX-9469]

After removing the bare return, publishEntries is called even when no
environments exist — serializePublishEntries handles empty envs as a
no-op. Updated test assertion to reflect this and added assertion that
createEntryDataForVariantEntry always runs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- experiences.ts: pass versionReqObj (already audience-mapped) to
  lookUpEvents instead of original version — was relying on mutation
  side effect of lookUpAudiences to make this work

- entries.ts: skip publish loop and success log entirely when envs is
  empty, instead of running the loop as a no-op; createEntryDataForVariantEntry
  still runs unconditionally afterward

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…X-9469]

If versionReqObj.status was e.g. PAUSED (not PAUSE), the previous code
silently added a 4th key to the Record-typed map, causing Object.values
to find a non-undefined entry and return true — even though
handleVersionUpdateOrCreate only destructures ACTIVE/DRAFT/PAUSE and
would have processed nothing. The experience UID then incorrectly entered
the polling pending list, reintroducing the timeout bug.

Fix: narrow versionMap to a typed object with only the three known keys
and validate status against a HANDLED_STATUSES set before writing.
Unrecognized statuses are logged and skipped.

Also aligns the variant-skip warning message with the generic wording
adopted in fix/DX-9469-v2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(personalize,import): fix CT linking failure from empty-audience experiences and missing variant entry data file
@naman-contentstack naman-contentstack requested a review from a team as a code owner July 10, 2026 11:44
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 1 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 0
  • Medium without fixes: 1
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 1 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 0
  • Medium without fixes: 1
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants