Skip to content

feat(migrations): add migration configuration for ngrx updates #34855

Open
nicobytes wants to merge 14 commits intomainfrom
34853-dependency-update-and-version-pinning-via-nx-migrate
Open

feat(migrations): add migration configuration for ngrx updates #34855
nicobytes wants to merge 14 commits intomainfrom
34853-dependency-update-and-version-pinning-via-nx-migrate

Conversation

@nicobytes
Copy link
Contributor

@nicobytes nicobytes commented Mar 3, 2026
edited by github-actions bot
Loading

This pull request updates TypeScript configuration files across several core-web apps and libraries to modernize module handling and target environments. The main changes involve switching the module type to "preserve", updating module resolution to "bundler", and ensuring the latest ECMAScript and DOM libraries are included. These updates aim to improve compatibility with modern build tools and TypeScript features.

TypeScript configuration modernization

  • Changed "module" to "preserve" and "moduleResolution" to "bundler" in multiple tsconfig.json and tsconfig.spec.json files for apps (dotcdn, dotcms-binary-field-builder, dotcms-block-editor, dotcms-ui) and libraries (block-editor, dot-layout-grid, dot-rules, data-access). This ensures modules are left untransformed for bundlers and improves compatibility with modern build setups. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

  • Updated "lib" arrays to include "es2022", "dom", and "dom.iterable" in several tsconfig.json and tsconfig.lib.json files, ensuring access to the latest JavaScript and DOM features. [1] [2] [3] [4] [5] [6] [7]

Testing environment improvements

  • Added "isolatedModules": true to several tsconfig.spec.json files to improve type safety and enable more robust testing workflows. [1] [2] [3] [4] [5]

  • Updated the test setup in dotcdn by replacing the import of 'jest-preset-angular/setup-jest' with a more specific zone test environment setup, improving Angular test reliability.

Minor cleanups

  • Reformatted references arrays in dotcms-ui/tsconfig.json for improved readability.

This PR fixes: #34853

@nicobytes nicobytes linked an issue Mar 3, 2026 that may be closed by this pull request
Dependency Update and Version Pinning via Nx Migrate #34853
Open
@github-actions github-actions bot mentioned this pull request Mar 3, 2026
Open
@github-actions github-actions bot added Area : Frontend PR changes Angular/TypeScript frontend code Area : SDK PR changes SDK libraries labels Mar 3, 2026
@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Mar 3, 2026

Legal Risk

The following dependencies were released under a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

MPL-2.0

@nicobytes nicobytes requested a review from Copilot March 4, 2026 14:09
fmontes
fmontes requested changes Mar 4, 2026
View reviewed changes
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the core-web Nx workspace configuration as part of the Nx/Angular/NgRx upgrade effort (Issue #34853), primarily by updating TypeScript module settings, adjusting test environment setup, and refreshing dependency versions to support newer tooling.

Changes:

  • Updated many app/lib tsconfig*.json files to use module: "preserve", moduleResolution: "bundler", and newer lib targets.
  • Updated several Jest setups to use setupZoneTestEnv() and adjusted some specs to match updated library APIs (e.g., NgRx tapResponse signature, Spectator Jest entrypoint).
  • Updated core-web/package.json with newer Nx/NgRx/Storybook/Jest-related versions and added Nx Vitest plugin wiring.

Reviewed changes

Copilot reviewed 83 out of 85 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
core-web/tools/ai-migrations/MIGRATE_STORYBOOK_10.md Adds migration guidance doc for Storybook config ESM conversion.
core-web/package.json Updates/pins multiple dependency versions (Nx/NgRx/Storybook/Jest/etc.).
core-web/nx.json Adds @nx/vitest plugin and adjusts plugin configuration.
core-web/migrations.json Adds Nx migrate migrations list for NgRx updates.
core-web/libs/utils/tsconfig.spec.json Switches spec TS config to module: preserve, bundler, isolatedModules.
core-web/libs/utils/tsconfig.lib.json Updates TS lib target list (e.g., es2022).
core-web/libs/utils/tsconfig.json Adds module/moduleResolution/lib overrides to utils lib.
core-web/libs/utils-testing/tsconfig.json Adds module/moduleResolution/lib overrides to utils-testing lib.
core-web/libs/ui/tsconfig.spec.json Updates UI spec TS config to preserve/bundler/isolatedModules.
core-web/libs/ui/tsconfig.lib.json Updates UI lib lib targets (e.g., es2022).
core-web/libs/ui/tsconfig.json Adds module/moduleResolution/lib overrides to UI lib.
core-web/libs/ui/src/test-setup.ts Removes manual Angular TestBed init (relies on zone env setup).
core-web/libs/ui/src/lib/components/dot-theme/dot-theme.component.spec.ts Reorders imports (no functional change).
core-web/libs/ui/src/lib/components/dot-drop-zone/directive/dot-drop-zone-value-accesor/dot-drop-zone-value-accessor.directive.spec.ts Adjusts Jest matcher usage for thrown error assertion.
core-web/libs/template-builder/tsconfig.spec.json Updates template-builder spec TS config to preserve/bundler/isolatedModules.
core-web/libs/template-builder/tsconfig.json Adds module/moduleResolution/lib overrides to template-builder lib.
core-web/libs/sdk/react/tsconfig.lib.json Removes Nx React typings files list; relies on project-local typings/includes.
core-web/libs/sdk/react/src/typings/css-modules.d.ts Adds CSS module typings for React SDK.
core-web/libs/sdk/experiments/project.json Updates rollup externals list and enables legacy TS plugin flag.
core-web/libs/sdk/create-app/project.json Updates release config structure/options for Nx release tooling.
core-web/libs/sdk/angular/tsconfig.spec.json Updates Angular SDK spec TS config to preserve/bundler/isolatedModules.
core-web/libs/sdk/angular/tsconfig.json Adds module/moduleResolution/lib overrides to Angular SDK lib.
core-web/libs/portlets/edit-ema/ui/tsconfig.spec.json Updates edit-ema UI spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/edit-ema/ui/tsconfig.json Adds module/moduleResolution/lib overrides to edit-ema UI lib.
core-web/libs/portlets/edit-ema/portlet/tsconfig.spec.json Updates edit-ema portlet spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/edit-ema/portlet/tsconfig.json Adds module/moduleResolution/lib overrides to edit-ema portlet.
core-web/libs/portlets/dot-usage/tsconfig.spec.json Updates dot-usage spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-usage/tsconfig.json Adds module/moduleResolution/lib overrides to dot-usage.
core-web/libs/portlets/dot-tags/tsconfig.spec.json Updates dot-tags spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-tags/tsconfig.json Adds module/lib overrides for dot-tags (base already provides bundler).
core-web/libs/portlets/dot-locales/portlet/tsconfig.spec.json Updates dot-locales portlet spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-locales/portlet/tsconfig.json Adds module/moduleResolution/lib overrides to dot-locales portlet.
core-web/libs/portlets/dot-locales/data-access/tsconfig.spec.json Adds isolatedModules for dot-locales data-access specs.
core-web/libs/portlets/dot-experiments/portlet/tsconfig.spec.json Updates dot-experiments portlet spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-experiments/portlet/tsconfig.json Adds module/moduleResolution/lib overrides to dot-experiments portlet.
core-web/libs/portlets/dot-experiments/data-access/tsconfig.spec.json Updates dot-experiments data-access spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-experiments/data-access/tsconfig.json Adds module/moduleResolution/lib overrides to dot-experiments data-access.
core-web/libs/portlets/dot-content-drive/ui/tsconfig.spec.json Updates content-drive UI spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-content-drive/ui/tsconfig.json Adds module/moduleResolution/lib overrides to content-drive UI.
core-web/libs/portlets/dot-content-drive/portlet/tsconfig.spec.json Updates content-drive portlet spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-content-drive/portlet/tsconfig.json Adds module/moduleResolution/lib overrides to content-drive portlet.
core-web/libs/portlets/dot-analytics/portlet/tsconfig.spec.json Updates dot-analytics portlet spec TS config to preserve/bundler.
core-web/libs/portlets/dot-analytics/portlet/tsconfig.json Adds module/lib overrides to dot-analytics portlet.
core-web/libs/portlets/dot-analytics/data-access/tsconfig.spec.json Updates dot-analytics data-access spec TS config to preserve/bundler/isolatedModules.
core-web/libs/portlets/dot-analytics/data-access/tsconfig.json Adds module/moduleResolution/lib overrides to dot-analytics data-access.
core-web/libs/portlets/dot-analytics/data-access/src/lib/store/features/with-pageview.feature.ts Updates NgRx tapResponse usage to object signature.
core-web/libs/portlets/dot-analytics/data-access/src/lib/store/features/with-engagement.feature.ts Updates NgRx tapResponse usage to object signature.
core-web/libs/portlets/dot-analytics/data-access/src/lib/store/features/with-conversions.feature.ts Updates NgRx tapResponse usage to object signature.
core-web/libs/global-store/tsconfig.spec.json Updates global-store spec TS config to preserve/bundler/isolatedModules.
core-web/libs/global-store/tsconfig.json Adds module/moduleResolution/lib overrides to global-store.
core-web/libs/edit-content/tsconfig.spec.json Updates edit-content spec TS config to preserve/bundler/isolatedModules.
core-web/libs/edit-content/tsconfig.json Adds module/moduleResolution/lib overrides to edit-content.
core-web/libs/edit-content-bridge/tsconfig.spec.json Updates edit-content-bridge spec TS config to preserve/bundler/isolatedModules.
core-web/libs/edit-content-bridge/tsconfig.lib.json Updates edit-content-bridge lib TS config (module: preserve, updated lib).
core-web/libs/edit-content-bridge/tsconfig.json Updates edit-content-bridge base TS config to module: preserve + libs.
core-web/libs/edit-content-bridge/package.json Pins rxjs/primeng and updates Nx Vite dependency for the package.
core-web/libs/dotcms-models/tsconfig.spec.json Updates dotcms-models spec TS config to preserve/bundler/isolatedModules.
core-web/libs/dotcms-models/tsconfig.json Updates dotcms-models TS config to module: preserve and adds libs.
core-web/libs/dotcms-js/tsconfig.spec.json Adds isolatedModules to dotcms-js spec TS config.
core-web/libs/dotcms-js/tsconfig.lib.json Updates dotcms-js lib lib targets (e.g., es2022).
core-web/libs/dotcms-js/tsconfig.json Adds module/moduleResolution/lib overrides to dotcms-js.
core-web/libs/dot-rules/tsconfig.spec.json Updates dot-rules spec TS config to preserve/bundler/isolatedModules.
core-web/libs/dot-rules/tsconfig.lib.json Updates dot-rules lib lib targets (e.g., es2022).
core-web/libs/dot-rules/tsconfig.json Adds module/moduleResolution/lib overrides to dot-rules.
core-web/libs/dot-rules/src/test-setup.ts Removes manual Angular TestBed init (relies on zone env setup).
core-web/libs/dot-layout-grid/tsconfig.spec.json Adds isolatedModules to dot-layout-grid spec TS config.
core-web/libs/dot-layout-grid/tsconfig.lib.json Updates dot-layout-grid lib lib targets (e.g., es2022).
core-web/libs/dot-layout-grid/tsconfig.json Adds module/moduleResolution/lib overrides to dot-layout-grid.
core-web/libs/data-access/tsconfig.spec.json Updates data-access spec TS config to preserve/bundler.
core-web/libs/data-access/tsconfig.json Adds module/moduleResolution/lib overrides to data-access.
core-web/libs/data-access/src/lib/dot-experiments/dot-experiments.service.spec.ts Updates Spectator import path to Jest-specific entrypoint.
core-web/libs/block-editor/tsconfig.spec.json Updates block-editor spec TS config to preserve/bundler/isolatedModules.
core-web/libs/block-editor/tsconfig.lib.json Updates block-editor lib lib targets (e.g., es2022).
core-web/libs/block-editor/tsconfig.json Adds module/moduleResolution/lib overrides to block-editor.
core-web/apps/dotcms-ui/tsconfig.spec.json Updates dotcms-ui spec TS config to preserve/bundler.
core-web/apps/dotcms-ui/tsconfig.json Reformats references and sets module: preserve.
core-web/apps/dotcms-ui/tsconfig.app.json Switches app TS config module to preserve.
core-web/apps/dotcms-block-editor/tsconfig.spec.json Adds isolatedModules to dotcms-block-editor spec TS config.
core-web/apps/dotcms-block-editor/tsconfig.json Adds module/moduleResolution/lib overrides to dotcms-block-editor.
core-web/apps/dotcms-binary-field-builder/tsconfig.spec.json Updates binary-field-builder spec TS config to preserve/bundler/isolatedModules.
core-web/apps/dotcms-binary-field-builder/tsconfig.json Adds module/moduleResolution/lib overrides to binary-field-builder.
core-web/apps/dotcdn/tsconfig.spec.json Updates dotcdn spec TS config to preserve/bundler/isolatedModules.
core-web/apps/dotcdn/tsconfig.json Adds module/moduleResolution/lib overrides to dotcdn.
core-web/apps/dotcdn/src/test-setup.ts Updates Angular Jest test env initialization to zone-based setup.

You can also share your feedback on Copilot code review. Take the survey.

oidacra
oidacra reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 5, 2026
View reviewed changes
nicobytes added 2 commits March 6, 2026 10:35
@nicobytes
refactor(tests): update DotUveToolbarComponent tests to avoid global …
4563af3 
…fake timers and prevent Date mocking issues
@nicobytes
fix(tests): update jest configuration to require `isolatedModules: tr…
39e0efa 
…ue` in `tsconfig.spec.json` for transitive dependencies
@github-actions github-actions bot added the Area : Documentation PR changes documentation files label Mar 6, 2026
nicobytes added 2 commits March 6, 2026 12:08
@nicobytes
Merge branch 'main' into 34853-dependency-update-and-version-pinning-…
b210eab 
…via-nx-migrate
@nicobytes
chore(dependencies): update Angular and Nx packages to latest version…
4d2044e 
…s, adjust babel-loader version, and remove obsolete Storybook migration instructions
semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Mar 6, 2026
View reviewed changes
core-web/yarn.lock
@@ -13360,9 +13754,9 @@ domhandler@^5.0.2, domhandler@^5.0.3:
domelementtype "^2.3.0"

dompurify@^3.2.5:
Copy link

@semgrep-code-dotcms-test semgrep-code-dotcms-test bot Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legal Risk

dompurify 3.3.2 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Mar 6, 2026

Semgrep found 5 ssc-4fd3a3fc-acff-4277-9d88-60469f5a4fa5 findings:

  • core-web/libs/ui/src/lib/components/dot-theme/dot-theme.component.spec.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/edit-ema-editor.component.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/edit-ema-editor.component.spec.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/components/dot-uve-toolbar/dot-uve-toolbar.component.spec.ts

Risk: Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

Fix: Upgrade this library to at least version 19.2.18 at core/core-web/yarn.lock:531.

Reference(s): GHSA-jrmj-c5cx-3cw6, CVE-2026-22610

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

Semgrep found 5 ssc-1401e86e-5347-4e09-9335-667e8dfa5deb findings:

  • core-web/libs/ui/src/lib/components/dot-theme/dot-theme.component.spec.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/edit-ema-editor.component.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/edit-ema-editor.component.spec.ts
  • core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/components/dot-uve-toolbar/dot-uve-toolbar.component.spec.ts

Risk: Affected versions of @angular/compiler are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). A stored XSS vulnerability in the Angular Template Compiler arises because its internal security schema doesn't classify certain URL‐ holding attributes (e.g. xlink:href, math|href, annotation|href) or the attributeName binding on SVG animation elements (<animate>, <set>, etc.) as requiring strict URL sanitization. An attacker who can supply untrusted input to template bindings like [attr.xlink:href] or <animate [attributeName]="'href'" [values]="maliciousURL"> can inject a javascript: URL payload. When the element is activated (e.g. clicked) or the animation runs, the malicious script executes in the application's origin, enabling session hijacking, data exfiltration, or unauthorized actions.

Manual Review Advice: A vulnerability from this advisory is reachable if you allow SVG/MathML attributes (e.g., xlink:href, href) or to the attributeName field of SVG animation tags (, , etc.) in HTML templates

Fix: Upgrade this library to at least version 19.2.17 at core/core-web/yarn.lock:531.

Reference(s): GHSA-v4hv-rgfq-gp49, CVE-2025-66412

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fmontes fmontes fmontes requested changes

@oidacra oidacra oidacra approved these changes

+1 more reviewer

@semgrep-code-dotcms-test semgrep-code-dotcms-test[bot] semgrep-code-dotcms-test[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Area : Documentation PR changes documentation files Area : Frontend PR changes Angular/TypeScript frontend code Area : SDK PR changes SDK libraries

Projects

dotCMS - Product Planning
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dependency Update and Version Pinning via Nx Migrate

4 participants

@nicobytes @fmontes @oidacra