Skip to content

chore: fix RTK cache selector lookup and fast-uri CVE-2026-13676#719

Merged
vatsalparikh merged 1 commit into
mainfrom
chore/rtk-cache-fix-and-fast-uri-cve
Jun 30, 2026
Merged

chore: fix RTK cache selector lookup and fast-uri CVE-2026-13676#719
vatsalparikh merged 1 commit into
mainfrom
chore/rtk-cache-fix-and-fast-uri-cve

Conversation

@vatsalparikh

@vatsalparikh vatsalparikh commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds changeset for RTK Query cache lookup fix in cache.getLatestResponse() and cache.getResponseWithId()
  • Updates api-report for @forgerock/davinci-client to reflect the RTK changes
  • Pins fast-uri to ^3.1.3 via pnpm.overrides to resolve CVE-2026-13676 (CVSS 7.5 High) — the previous fast-uri@^3 override was removed in chore: fix vite security vulnerabilities and update Mend scan mode #717 as redundant, but 3.1.3 with the fix released on 2026-06-29

Test plan

  • Mend scan passes with fast-uri 3.1.3
  • CI typecheck, lint, build pass

Summary by CodeRabbit

  • Bug Fixes

    • Improved cache response lookups so the latest result and result-by-id behave more reliably.
    • Refreshed exported client typings to better reflect available response states, including continued flows.
  • Chores

    • Updated a pinned package version to keep the dependency set stable.

@changeset-bot

changeset-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: cce0f74

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 12 packages
Name Type
@forgerock/davinci-client Patch
@forgerock/device-client Patch
@forgerock/journey-client Patch
@forgerock/oidc-client Patch
@forgerock/protect Patch
@forgerock/sdk-types Patch
@forgerock/sdk-utilities Patch
@forgerock/iframe-manager Patch
@forgerock/sdk-logger Patch
@forgerock/sdk-oidc Patch
@forgerock/sdk-request-middleware Patch
@forgerock/storage Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 91857679-a59a-4ab5-a58e-e8688f0ea162

📥 Commits

Reviewing files that changed from the base of the PR and between 295657e and cce0f74.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (4)
  • .changeset/rtk-cache-selector-lookup.md
  • package.json
  • packages/davinci-client/api-report/davinci-client.api.md
  • packages/davinci-client/api-report/davinci-client.types.api.md

📝 Walkthrough

Walkthrough

This PR adds a changeset describing a fix to RTK Query cache lookups in cache.getLatestResponse() and cache.getResponseWithId(), pins a fast-uri version override via pnpm, and regenerates the davinci-client API report files to reflect reordered type unions for node/status and error types.

Changes

Cache lookup fix changeset and API reports

Layer / File(s) Summary
Changeset for cache lookup fix
.changeset/rtk-cache-selector-lookup.md
New changeset documents a patch-level fix to RTK Query cache lookup behavior in cache.getLatestResponse() and cache.getResponseWithId().
API report: node/status union reordering
packages/davinci-client/api-report/davinci-client.api.md, packages/davinci-client/api-report/davinci-client.types.api.md
Regenerated reports reorder the start(), getNode(), getClient(), and getServer() return type unions, repositioning "continue" and "start" status variants among unchanged member shapes.
API report: cache error union ordering
packages/davinci-client/api-report/davinci-client.api.md, packages/davinci-client/api-report/davinci-client.types.api.md
cache.getLatestResponse and cache.getResponseWithId fulfilled/rejected response shapes have their `error?: FetchBaseQueryError
Dependency override for fast-uri
package.json
Adds a pnpm.overrides entry pinning fast-uri to ^3.1.3.

Sequence Diagram(s)

Not applicable — changes are limited to a changeset, a dependency override, and regenerated type-only API report files with no new control flow or multi-component interaction.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

Suggested reviewers

  • cerebrl

A rabbit hops through types anew,
Swapping unions, error too,
A changeset note, a version pin,
Tidy reports, the build locked in.
Hop, hop, ship it through! 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly covers both the RTK cache lookup fix and the fast-uri CVE pinning.
Description check ✅ Passed The description covers the main changes and test plan, though it omits an explicit Jira reference and a dedicated changeset note.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/rtk-cache-fix-and-fast-uri-cve

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@nx-cloud

nx-cloud Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

View your CI Pipeline Execution ↗ for commit cce0f74

Command Status Duration Result
nx run-many -t build --no-agents ✅ Succeeded <1s View ↗
nx affected -t build lint test typecheck e2e-ci ✅ Succeeded 2m 24s View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-06-30 19:14:10 UTC

@pkg-pr-new

pkg-pr-new Bot commented Jun 30, 2026

Copy link
Copy Markdown

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/@forgerock/davinci-client@719

@forgerock/device-client

pnpm add https://pkg.pr.new/@forgerock/device-client@719

@forgerock/journey-client

pnpm add https://pkg.pr.new/@forgerock/journey-client@719

@forgerock/oidc-client

pnpm add https://pkg.pr.new/@forgerock/oidc-client@719

@forgerock/protect

pnpm add https://pkg.pr.new/@forgerock/protect@719

@forgerock/sdk-types

pnpm add https://pkg.pr.new/@forgerock/sdk-types@719

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/@forgerock/sdk-utilities@719

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/@forgerock/iframe-manager@719

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/@forgerock/sdk-logger@719

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/@forgerock/sdk-oidc@719

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/@forgerock/sdk-request-middleware@719

@forgerock/storage

pnpm add https://pkg.pr.new/@forgerock/storage@719

commit: cce0f74

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 23.13%. Comparing base (eafe277) to head (cce0f74).
⚠️ Report is 41 commits behind head on main.

❌ Your project status has failed because the head coverage (23.13%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #719      +/-   ##
==========================================
+ Coverage   18.07%   23.13%   +5.06%     
==========================================
  Files         155      161       +6     
  Lines       24398    25602    +1204     
  Branches     1203     1613     +410     
==========================================
+ Hits         4410     5924    +1514     
+ Misses      19988    19678     -310     

see 16 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions

Copy link
Copy Markdown
Contributor

Deployed b3fc977 to https://ForgeRock.github.io/ping-javascript-sdk/pr-719/b3fc977de33b3efb4562c9464734417160162044 branch gh-pages in ForgeRock/ping-javascript-sdk

@github-actions

Copy link
Copy Markdown
Contributor

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🆕 New Packages

🆕 @forgerock/oidc-client - 35.3 KB (new)
🆕 @forgerock/sdk-types - 9.1 KB (new)
🆕 @forgerock/davinci-client - 54.4 KB (new)
🆕 @forgerock/sdk-utilities - 18.6 KB (new)
🆕 @forgerock/device-client - 0.0 KB (new)
🆕 @forgerock/device-client - 10.0 KB (new)
🆕 @forgerock/journey-client - 0.0 KB (new)
🆕 @forgerock/journey-client - 92.6 KB (new)
🆕 @forgerock/protect - 144.6 KB (new)
🆕 @forgerock/iframe-manager - 3.2 KB (new)
🆕 @forgerock/sdk-logger - 1.6 KB (new)
🆕 @forgerock/storage - 1.5 KB (new)
🆕 @forgerock/sdk-request-middleware - 4.6 KB (new)
🆕 @forgerock/sdk-oidc - 5.7 KB (new)


14 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated
  • Current Size: Total gzipped size of all files in the package's dist directory
  • Baseline: Comparison against the latest build from the main branch
  • Files included: All build outputs except source maps and TypeScript build cache
  • Exclusions: .map, .tsbuildinfo, and .d.ts.map files

🔄 Updated automatically on each push to this PR

@vatsalparikh vatsalparikh merged commit 2f91101 into main Jun 30, 2026
9 checks passed
@vatsalparikh vatsalparikh deleted the chore/rtk-cache-fix-and-fast-uri-cve branch June 30, 2026 20:54
@ryanbas21 ryanbas21 mentioned this pull request Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants