Skip to content

CEK v2.0 — Vuetify 4, typed hooks & server module, RPC procedures, question auto-wrap, tsdown#48

Open
rkusan00 wants to merge 119 commits intomainfrom
task/fixes-tweaks-updates
Open

CEK v2.0 — Vuetify 4, typed hooks & server module, RPC procedures, question auto-wrap, tsdown#48
rkusan00 wants to merge 119 commits intomainfrom
task/fixes-tweaks-updates

Conversation

@rkusan00
Copy link
Copy Markdown
Contributor

@rkusan00 rkusan00 commented Feb 19, 2026
edited
Loading

Summary

  • Migrated all runtimes and the example element to Vuetify 4 (MD3 typography, updated component APIs, theme configuration)
  • Question auto-wrap — QuestionCard and QuestionContainer applied automatically by the runtime. Elements must remove manual wrapping
  • Added typed hook signatures (ElementHook, BeforeDisplayHook, OnUserInteractionHook, ProcedureHandler)
  • Added ServerModule and HookMap types for typed server package default exports
  • Added server procedures (RPC) — custom server-side methods callable from Edit components via the injected $rpc function
  • Added isEmpty manifest function for required element validation
  • Added showFeedback manifest field to control question feedback section visibility
  • Added question autosave support in the edit runtime
  • mocks.referencesData manifest field for custom mock linked element data
  • CEK theme testing support (ThemeDialog in edit and display runtimes)-
  • TailorAssetInput global component (consolidated from separate upload components)
  • Expanded E2E testing utilities with API helpers and additional page object models
  • Accessibility improvements
  • Build toolchain migrated from tsup to tsdown with isolatedDeclarations enabled
  • Migrated to TypeScript 6, Vite 8
  • Bumped all dependencies to latest versions across all packages

Breaking Changes

  • Content element packages using Vuetify components need to be updated for Vuetify 4 (MD3 typography classes, component API changes, theme configuration)
  • Question auto-wrap — elements must remove manual QuestionContainer wrapping
  • isolatedDeclarations — all exported symbols require explicit type annotations
  • Build toolchain: tsup → tsdown

@socket-security
Copy link
Copy Markdown

socket-security bot commented Feb 19, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​express@​5.0.3 ⏵ 5.0.61001007185100
Updatedtypescript-eslint@​8.36.0 ⏵ 8.58.210010074 +198100
Updateduntildify@​5.0.0 ⏵ 6.0.0100 +110074 +981100
Updatedopenai@​5.8.2 ⏵ 6.34.074 -23100100 +199 +1100
Updated@​vueuse/​core@​13.5.0 ⏵ 14.2.19910077 +187 -2100
Updatedlodash-es@​4.17.21 ⏵ 4.18.1100100 +1979 +191100
Addedvite-plugin-lib-inject-css@​2.2.210010010080100
Updatedhash-object@​5.0.1 ⏵ 5.1.096 +410088 +781 +1100
Updatedstringify-object@​5.0.0 ⏵ 6.0.0100100100 +181100
Updated@​types/​node@​24.0.10 ⏵ 24.12.2100 +110081 +195 -1100
Addedtsx@​4.21.01001008185100
Addedjson5@​2.2.310010010082100
Updatedopen@​10.1.2 ⏵ 11.0.0100 +1100100 +182100
Updatedvite@​7.0.3 ⏵ 8.0.894 +3100 +218298 +1100
Updatedfkill@​9.0.0 ⏵ 10.0.3100100100 +383100
Updatedconcurrently@​9.2.0 ⏵ 9.2.199 +1100100 +183100
Updatedcors@​2.8.5 ⏵ 2.8.610010010084100
Updatedeslint-plugin-vuejs-accessibility@​2.4.1 ⏵ 2.5.0100 +110084 -185 +4100
Updatedvitepress@​1.6.3 ⏵ 1.6.498 +110084 +193100
Updatedvue-eslint-parser@​9.4.3 ⏵ 10.4.098 +310010084100
Updatedvite-plugin-vuetify@​2.1.1 ⏵ 2.1.3100 +110010085100
Updatedexpress@​5.1.0 ⏵ 5.2.19810010087100
Updatedneostandard@​0.12.2 ⏵ 0.13.099 +1100100 +187100
Updatedeslint-config-prettier@​10.1.5 ⏵ 10.1.810010010088100
Updatedpid-port@​1.0.2 ⏵ 2.1.1100100100 +388 +1100
Addedtsdown@​0.21.9981008896100
Updatedsequelize@​6.37.7 ⏵ 6.37.895100 +1697 +188100
Updatedsqlite3@​5.1.7 ⏵ 6.0.19910010088100
Updatedeslint@​9.30.1 ⏵ 9.39.48910010095100
Updatedeslint-plugin-vue@​10.3.0 ⏵ 10.8.096 +11009190 -1100
Updatedws@​8.18.3 ⏵ 8.20.09810010090100
Updatedtypescript@​5.8.3 ⏵ 6.0.3100 +110090 +110090
See 14 more rows in the dashboard

View full report

@rkusan00 rkusan00 force-pushed the task/fixes-tweaks-updates branch from 36143fe to 8009a5e Compare February 19, 2026 12:37
@rkusan00 rkusan00 changed the title Bump dependencies Add callElementAction, Question autosave and isEmpty Mar 9, 2026
@rkusan00 rkusan00 requested a review from underscope March 9, 2026 09:09
underscope
underscope reviewed Mar 9, 2026
View reviewed changes
Comment thread packages/runtime/tce-display/package.json Outdated
Comment thread packages/runtime/tce-server/content-element/index.ts Outdated
Comment thread packages/runtime/tce-edit/package.json Outdated
Comment thread packages/common/package.json Outdated
Comment thread docs/server-package.md Outdated
Comment thread docs/server-package.md Outdated
Comment thread docs/server-package.md Outdated
@rkusan00 rkusan00 requested a review from underscope March 12, 2026 20:46
@rkusan00 rkusan00 force-pushed the task/fixes-tweaks-updates branch from c36a1a1 to cbdcc01 Compare April 10, 2026 19:20
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 16, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@rkusan00
Copy link
Copy Markdown
Contributor Author

rkusan00 commented Apr 16, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm vite is 91.0% likely obfuscated
Confidence: 0.91

Location: Package overview

From: pnpm-lock.yamlnpm/vitepress@1.6.4npm/vite@5.4.21

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

_Mark the package as acceptable risk_. To ignore this alert only
in this pull request, reply with the comment
`@SocketSecurity ignore npm/vite@5.4.21`. You can
also ignore all packages with `@SocketSecurity ignore-all`.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the [triage state of this alert](https://socket.dev/dashboard/org/tailor-cms/diff-scan/41e52e9b-dac4-4531-a310-0d427c63c4de/alert/QSQiiSJcUq5l1JaiEsaD9jzpYapFgAWEywB17aSvBKbs).

Warn High
Obfuscated code: npm vite is 91.0% likely obfuscated

@SocketSecurity ignore npm/vite@5.4.21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@underscope underscope Awaiting requested review from underscope

Assignees

No one assigned

Labels

code review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rkusan00 @underscope