Merge remote-tracking branch 'origin(upstream)/26_1' into 26_1-anti-forgery-agg

Author: mpreyskurantov

.github/copilot-instructions.md

@@ -155,7 +155,7 @@ pnpm run clean
 1. Localization generation (via `devextreme-nx-infra-plugin:localization` executor)
 2. Component generation (Renovation architecture)
 3. Transpilation (via native NX executors: `babel-transform` for JS, `build-typescript` for TS)
-4. Bundle creation (Webpack) - `bundle:debug` and `bundle:prod` targets
+4. Bundle creation (Webpack via `devextreme-nx-infra-plugin:bundle` executor) - `bundle:debug` and `bundle:prod` targets
 5. TypeScript declarations - `build:declarations` target
 6. SCSS compilation (from devextreme-scss)
 7. NPM package preparation - `build:npm` target
@@ -190,6 +190,7 @@ The `packages/nx-infra-plugin` provides custom Nx executors for build automation
 | `babel-transform` | Transforms JS/TS files using Babel with configurable presets, debug block removal, and extension renaming |
 | `build-angular-library` | Builds Angular libraries using ng-packagr programmatically |
 | `build-typescript` | Compiles TypeScript to CJS or ESM modules with configurable output format, tsconfig, and path alias resolution |
+| `bundle` | Bundles JavaScript files using webpack with debug or production mode, supporting multiple entry points and license validation |
 | `clean` | Removes directories and files with support for exclusion patterns |
 | `concatenate-files` | Concatenates files with optional content extraction via regex, header/footer, and find/replace transforms |
 | `copy-files` | Copies files and directories to specified destinations with glob pattern support |

.github/workflows/visual-tests-demos.yml

@@ -632,7 +632,6 @@ jobs:
       uses: ./.github/actions/setup-chrome
       with:
         chrome-version: '145.0.7632.67'
-        runner-type: 'github-hosted'
 
     - name: Use Node.js
       uses: actions/setup-node@v4
@@ -787,7 +786,6 @@ jobs:
       uses: ./.github/actions/setup-chrome
       with:
         chrome-version: '145.0.7632.67'
-        runner-type: 'github-hosted'
 
     - name: Use Node.js
       uses: actions/setup-node@v4
@@ -916,7 +914,6 @@ jobs:
         uses: ./.github/actions/setup-chrome
         with:
           chrome-version: '145.0.7632.67'
-          runner-type: 'github-hosted'
 
       - name: Use Node.js
         uses: actions/setup-node@v4
@@ -1069,3 +1066,221 @@ jobs:
           pattern: accessibility-reports-*
           delete-merged: true
 
+  csp-check-jquery:
+    name: CSP check (jQuery)
+    needs: [check-should-run, build-devextreme]
+    if: |
+      always() &&
+      needs.check-should-run.outputs.should-run == 'true' &&
+      needs.build-devextreme.result == 'success'
+    runs-on: devextreme-shr2
+    timeout-minutes: 60
+
+    steps:
+    - name: Get sources
+      uses: actions/checkout@v4
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: devextreme-artifacts-jquery
+        path: ./packages/devextreme
+
+    - name: Unpack artifacts
+      working-directory: ./packages/devextreme
+      run: 7z x artifacts.zip -aoa
+
+    - name: Setup Chrome
+      uses: ./.github/actions/setup-chrome
+      with:
+        chrome-version: '145.0.7632.67'
+
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+
+    - uses: pnpm/action-setup@v4
+      with:
+        run_install: false
+
+    - name: Get pnpm store directory
+      shell: bash
+      run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+    - uses: actions/cache/restore@v4
+      name: Restore pnpm cache
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-pnpm-cache
+
+    - name: Install dependencies
+      run: pnpm install --frozen-lockfile
+
+    - name: Start CSP Server
+      run: node apps/demos/utils/server/csp-server.js 8080 &
+
+    - name: Run CSP Check
+      working-directory: apps/demos
+      env:
+        CSP_FRAMEWORKS: jQuery
+        CHROME_PATH: google-chrome-stable
+      run: node utils/server/csp-check.js
+
+    - name: Upload CSP report
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: csp-violations-jquery
+        path: apps/demos/csp-reports/
+        if-no-files-found: ignore
+
+  csp-check-frameworks:
+    name: CSP check (${{ matrix.FRAMEWORK }})
+    needs: [check-should-run, determine-framework-tests-scope, build-devextreme]
+    if: |
+      always() &&
+      needs.check-should-run.outputs.should-run == 'true' &&
+      needs.determine-framework-tests-scope.result == 'success' &&
+      needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' &&
+      needs.build-devextreme.result == 'success'
+    strategy:
+      fail-fast: false
+      matrix:
+        FRAMEWORK: [React, Vue, Angular]
+    runs-on: devextreme-shr2
+    timeout-minutes: 60
+
+    steps:
+    - name: Get sources
+      uses: actions/checkout@v4
+
+    - name: Download devextreme sources
+      uses: actions/download-artifact@v4
+      with:
+        name: devextreme-sources
+
+    - name: Setup Chrome
+      uses: ./.github/actions/setup-chrome
+      with:
+        chrome-version: '145.0.7632.67'
+
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+
+    - uses: pnpm/action-setup@v4
+      with:
+        run_install: false
+
+    - name: Get pnpm store directory
+      shell: bash
+      run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+    - uses: actions/cache/restore@v4
+      name: Restore pnpm cache
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-pnpm-cache
+
+    - name: Install dependencies
+      run: pnpm install --frozen-lockfile
+
+    - name: Install tgz
+      working-directory: apps/demos
+      run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz
+
+    - name: Start CSP Server
+      run: node apps/demos/utils/server/csp-server.js 8080 &
+
+    - name: Run CSP Check
+      working-directory: apps/demos
+      env:
+        CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }}
+        CHROME_PATH: google-chrome-stable
+      run: node utils/server/csp-check.js
+
+    - name: Upload CSP report
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: csp-violations-${{ matrix.FRAMEWORK }}
+        path: apps/demos/csp-reports/
+        if-no-files-found: ignore
+
+  csp-report-summary:
+    name: CSP Violations Summary
+    runs-on: devextreme-shr2
+    needs: [check-should-run, csp-check-jquery, csp-check-frameworks]
+    if: always() && needs.check-should-run.outputs.should-run == 'true'
+    timeout-minutes: 5
+
+    steps:
+      - name: Get sources
+        uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Download all CSP reports
+        uses: actions/download-artifact@v4
+        with:
+          pattern: csp-violations-*
+          path: csp-reports-all
+          merge-multiple: true
+        continue-on-error: true
+
+      - name: Summarize CSP violations
+        run: |
+          mkdir -p apps/demos/csp-reports
+
+          echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY
+          echo '' >> $GITHUB_STEP_SUMMARY
+
+          GRAND_TOTAL=0
+          for report in csp-reports-all/csp-violations-*.jsonl; do
+            [ -f "$report" ] || continue
+            FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//')
+            cp "$report" "apps/demos/csp-reports/"
+
+            if [ -s "$report" ]; then
+              COUNT=$(wc -l < "$report" | tr -d ' ')
+              GRAND_TOTAL=$((GRAND_TOTAL + COUNT))
+              echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+              echo '<details>' >> $GITHUB_STEP_SUMMARY
+              echo '<summary>Show detailed report</summary>' >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+              echo '```' >> $GITHUB_STEP_SUMMARY
+              CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY
+              echo '```' >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+              echo '</details>' >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+            else
+              echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY
+              echo '' >> $GITHUB_STEP_SUMMARY
+            fi
+          done
+
+          if [ "$GRAND_TOTAL" -eq 0 ]; then
+            echo "✅ No CSP violations detected across all frameworks."
+          else
+            echo "⚠️  Total: $GRAND_TOTAL CSP violation(s)"
+          fi
+
+      - name: Upload merged CSP reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: csp-violations-report
+          path: apps/demos/csp-reports/
+          if-no-files-found: ignore
+

apps/demos/.gitignore

@@ -33,5 +33,7 @@ Demos/**/tsconfig.json
 **/.DS_Store
 publish-demos
 
+csp-reports
+
 .angular
 angular.json

apps/demos/Demos/DataGrid/PDFExportImages/jQuery/index.html

@@ -11,10 +11,6 @@
       integrity="sha512-+EeCylkt9WHJk5tGJxYdecHOcXFRME7qnbsfeMsdQL6NUPYm2+uGFmyleEqsmVoap/f3dN/sc3BX9t9kHXkHHg=="
       crossorigin="anonymous"
     ></script>
-    <script>
-      window.jsPDF = window.jspdf.jsPDF;
-    </script>
-
     <script src="../../../../node_modules/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" type="text/css" href="../../../../node_modules/devextreme-dist/css/dx.light.css" />
     <script src="../../../../node_modules/devextreme-dist/js/dx.all.js"></script>

apps/demos/Demos/DataGrid/PDFExportMultipleGrids/jQuery/index.html

@@ -15,9 +15,6 @@
       integrity="sha512-+EeCylkt9WHJk5tGJxYdecHOcXFRME7qnbsfeMsdQL6NUPYm2+uGFmyleEqsmVoap/f3dN/sc3BX9t9kHXkHHg=="
       crossorigin="anonymous"
     ></script>
-    <script>
-      window.jsPDF = window.jspdf.jsPDF;
-    </script>
     <script src="data.js"></script>
     <script src="index.js"></script>
   </head>

apps/demos/Demos/Diagram/Adaptability/test-code.js

@@ -0,0 +1 @@
+testUtils.postponeUntilFound('.dx-accordion-item-title-caption', 100, 10000).then(() => testUtils.postpone(1000));

apps/demos/Demos/Diagram/Containers/test-code.js

@@ -0,0 +1 @@
+testUtils.postponeUntilFound('.dx-accordion-item-title-caption', 100, 10000).then(() => testUtils.postpone(1000));

apps/demos/Demos/Diagram/CustomShapesWithTexts/test-code.js

@@ -0,0 +1 @@
+testUtils.postponeUntilFound('div[data-tb-type="employee1"]', 100, 10000).then(() => testUtils.postpone(1000));

apps/demos/Demos/Stepper/FormIntegration/jQuery/index.html

@@ -7,7 +7,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0" />
     <script src="../../../../node_modules/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" type="text/css" href="../../../../node_modules/devextreme/dist/css/dx.light.css" />
-    <script src="../../../../node_modules/devextreme-dist/js/dx.all.debug.js"></script>
+    <script src="../../../../node_modules/devextreme-dist/js/dx.all.js"></script>
     <script src="data.js"></script>
     <link rel="stylesheet" type="text/css" href="styles.css" />
     <script src="index.js"></script>

apps/demos/package.json

@@ -15,16 +15,16 @@
         "devextreme-vue": "workspace:*"
     },
     "dependencies": {
-        "@angular/animations": "~21.0.0",
-        "@angular-devkit/build-angular": "~21.0.0",
-        "@angular/cli": "~21.0.5",
-        "@angular/common": "~21.0.0",
-        "@angular/compiler": "~21.0.7",
-        "@angular/compiler-cli": "~21.0.7",
-        "@angular/core": "~21.0.7",
-        "@angular/forms": "~21.0.0",
-        "@angular/platform-browser": "~21.0.0",
-        "@angular/platform-browser-dynamic": "~21.0.0",
+        "@angular/animations": "~21.1.0",
+        "@angular-devkit/build-angular": "~21.1.0",
+        "@angular/cli": "~21.1.5",
+        "@angular/common": "~21.1.0",
+        "@angular/compiler": "~21.1.0",
+        "@angular/compiler-cli": "~21.1.0",
+        "@angular/core": "~21.1.0",
+        "@angular/forms": "~21.1.0",
+        "@angular/platform-browser": "~21.1.0",
+        "@angular/platform-browser-dynamic": "~21.1.0",
         "@aspnet/signalr": "1.0.27",
         "@preact/signals-core": "^1.8.0",
         "@rollup/plugin-commonjs": "19.0.2",
@@ -89,7 +89,7 @@
         "zone.js": "0.15.1"
     },
     "devDependencies": {
-        "@angular/platform-server": "21.0.5",
+        "@angular/platform-server": "~21.1.0",
         "@babel/core": "7.28.6",
         "@babel/eslint-parser": "catalog:",
         "@babel/preset-env": "7.28.6",
@@ -177,7 +177,10 @@
         "lint-non-demos": "pnpx nx run-many -t lint-js lint-css lint-html -p devextreme-demos",
         "lint": "pnpm run lint-non-demos && pnpm run lint-demos",
         "test-testcafe": "ts-node utils/visual-tests/testcafe-runner.ts",
+        "test-testcafe:csp": "cross-env CSP_REPORT=true ts-node utils/visual-tests/testcafe-runner.ts",
         "test-testcafe:accessibility": "cross-env STRATEGY=accessibility CONSTEL=jquery node utils/visual-tests/testcafe-runner.ts",
+        "csp-server": "node utils/server/csp-server.js 8080",
+        "csp-check": "node utils/server/csp-check.js",
         "fix-lint": "prettier --write . && eslint --fix . && stylelint **/*.{css,vue} --fix",
         "prettier": "prettier",
         "build-bundles": "gulp bundles",