search

brave / ads-ui

Self-service ads UI
Mozilla Public License 2.0
22 stars 11 forks source link

Production Release 2024-04-16 #1163

Closed tackley closed 4 months ago

tackley commented 4 months ago

Features

Chores

github-actions[bot] commented 4 months ago

[puLL-Merge] - brave/ads-ui@1163

Description

This pull request updates several dependencies to their latest versions, adds new marketing channel options for registration, and makes some improvements to the UI code.

Changes ### Changes - `.gitattributes`: Added `*.po` files as linguist-generated - `.github/workflows/codeql-analysis.yml`: Updated CodeQL action versions - `.node-version`: Bumped Node version to 20.12.0 - `package.json`: - Updated dependencies including @emotion/styled, @lingui packages, @mui packages, @babel/core, typescript, vite and others - Updated lingui scripts - `src/auth/registration/MarketingChannel.tsx`: - Added new marketing channel options "From a Brave sales representative" and "An ad from my Brave browser" - `src/components/Creatives/CreativeList.tsx`: Changed `valueGetter` in data grid columns to use `(_value, row)` signature - `src/components/Date/DateRangePicker.tsx`: Switched from `renderInput` to `slotProps` for configuring date picker text fields - `src/i18n.ts`: Updated import path for `@mui/x-data-grid/locales` - `src/locales/*.po`: Updated translation files with new strings - Several components (`src/user/*`): Changed `valueGetter` in data grid columns to use `(_value, row)` signature - `src/validation/RegistrationSchema.test.ts`: Updated domain mismatch test to expect it to pass - `src/validation/RegistrationSchema.tsx`: Removed domain matching validation test

Security Hotspots

  1. src/validation/RegistrationSchema.tsx - The domain matching validation between the entered domain and email domain was removed. This could potentially allow mismatched domains to be entered. However, the PR description indicates this validation is now performed server-side instead.
  2. src/auth/registration/MarketingChannel.tsx - New unconstrained string inputs were added for the marketing channel. Ensure these are properly sanitized and validated when processed by the server.

The other changes appear to be routine dependency updates and refactoring of UI component code, which are lower risk. However, any external dependencies should be vetted to ensure they are trusted and do not introduce new vulnerabilities.