Conversation
stirlingbot
Bot
added
Documentation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Resolve conflicts: - playwright.config.ts: keep PR's richer test-agent config (timeouts, reporter, healer-friendly screenshot/video/trace settings), normalize to double quotes - ConvertE2E.spec.ts: keep PR's real-backend discovery-based tests - conversionEndpointDiscovery.ts: restore helper that main deleted; needed by PR's Convert tests
Reverse the merge resolution for ConvertE2E.spec.ts and drop conversionEndpointDiscovery.ts. Main's PR #6009 intentionally migrated these tests to mock-based (no real backend needed), which is the correct direction — keep that, keep only playwright.config.ts from PR's side (richer test-agent/healer config).
auth-login.spec.ts:140 — session expiry redirect:
The test used waitForURL('**/') which only matches URLs ending in '/'
and failed on /merge. Loosen to accept any non-/login URL since the app
may restore the original page or land on the dashboard post-login.
e2e-pdf-operations.spec.ts — merge 2/3 file tests:
The Merge tool lands in 'viewer' mode after upload and requires a
manual switch to file editor before the run button enables. The UI
surfaces a 'Go to file editor' button for this — click it first in
the shared executeAndWaitForResults helper when visible.
On firefox and webkit, the tour tooltip ("Watch walkthroughs here…")
intercepts pointer events on the convert button, causing click timeouts.
Add a dismissTourTooltip helper invoked before the click. Chromium
auto-handles it, but the explicit dismiss is a no-op there so tests
remain green on all three browsers.
On webkit, clicking the breadcrumb a[href="/"] did not trigger React Router navigation — the URL stayed on /merge (or /compress). The sidebar "Tools" link consistently navigates on all three browsers. Switch both browser-navigation.spec.ts and tool-pages-common.spec.ts to target the sidebar link by its accessible role+name.
Frontend Check FailedThere are issues with your frontend code that will need to be fixed before they can be merged in. Run |
Frooodle
requested review from
ConnorYoh,
EthanHealy01,
Ludy87,
jbrunton96 and
reecebrowne
as code owners
dosubot
Bot
added
the
size:L
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| run: | | ||
| { | ||
| echo 'wait_for_backend() {' | ||
| echo ' start=$SECONDS' | ||
| echo ' for i in $(seq 1 300); do' | ||
| echo ' if curl -fsS http://localhost:8080/api/v1/info/status >/dev/null 2>&1; then' | ||
| echo ' echo "Backend up after $((SECONDS - start))s"; return 0' | ||
| echo ' fi; sleep 2' | ||
| echo ' done' | ||
| echo ' tail -200 /tmp/backend.log || true; return 1' | ||
| echo '}' | ||
| echo 'stop_backend() {' | ||
| echo ' if [ -f /tmp/backend.pid ]; then' | ||
| echo ' kill "$(cat /tmp/backend.pid)" 2>/dev/null || true' | ||
| echo ' rm -f /tmp/backend.pid' | ||
| echo ' fi' | ||
| echo ' pkill -f "gradlew :stirling-pdf:bootRun" 2>/dev/null || true' | ||
| echo ' for i in $(seq 1 30); do' | ||
| echo ' curl -fsS http://localhost:8080/api/v1/info/status >/dev/null 2>&1 || return 0' | ||
| echo ' sleep 1' | ||
| echo ' done' | ||
| echo '}' | ||
| } > /tmp/helpers.sh | ||
| chmod +x /tmp/helpers.sh | ||
|
|
There was a problem hiding this comment.
Binary, code or archive is pulled from a remote source without integrity verification - medium severity
A GitHub Actions Workflow was built using an artifact from a remote source without any integrity verification. If the remote artifact were silently replaced with a malicious version (for example, through a supply chain attack), the integrity and confidentiality of the environment in which the container is deployed could be compromised.
Show fix
Remediation: Validate the artifact against a trusted SHA-512 checksum in the CI/CD pipeline using sha512sum in check mode. Store the expected checksum in a file (e.g., artifact.sha512), then verify it with: sha512sum -c artifact.sha512. Enable strict error handling (for example, set -e in shell scripts) so the pipeline fails if verification fails or outputs errors.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
dosubot
Bot
added
size:XL
🚀 V2 Auto-Deployment Complete!Your V2 PR with embedded architecture has been deployed! 🔗 Direct Test URL (non-SSL) http://54.175.155.236:6025 🔐 Secure HTTPS URL: https://6025.ssl.stirlingpdf.cloud This deployment will be automatically cleaned up when the PR is closed. 🔄 Auto-deployed for approved V2 contributors. |
✅ Backend License Check PassedAll backend dependencies have valid and allowed licenses. The backend license report has been updated successfully. |
2 participants
Description of Changes
Checklist
General
Documentation
Translations (if applicable)
scripts/counter_translation.pyUI Changes (if applicable)
Testing (if applicable)