Skip to content

chore(UVE): Migrate UVE Experiments#34345

Merged
hmoreras merged 14 commits intoissue-33882-primeng-updatefrom
issue-34248-migrate-edit-ema-experiments
Jan 22, 2026
Merged

chore(UVE): Migrate UVE Experiments#34345
hmoreras merged 14 commits intoissue-33882-primeng-updatefrom
issue-34248-migrate-edit-ema-experiments

Conversation

@rjvelazco
Copy link
Contributor

@rjvelazco rjvelazco commented Jan 19, 2026
edited by github-actions bot
Loading

Walkthrough

walkthrough.mov

Videos

video.mov
video.mov

Screenshots

image result-loading-state

This PR fixes: #34248

This PR fixes: #34248

@github-actions github-actions bot mentioned this pull request Jan 19, 2026
Closed
@rjvelazco rjvelazco linked an issue Jan 19, 2026 that may be closed by this pull request
Migrate 'Edit EMA' portlet UI to PrimeNG (Angular 21) #34248
Closed
@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Jan 19, 2026

Legal Risk

The following dependencies were released under a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

GPL-2.0

MPL-2.0

@rjvelazco rjvelazco changed the title feat(experiments): Refactor component styles chore(UVE): Migrate UVE Experiments Jan 19, 2026
@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Jan 21, 2026

Semgrep found 25 ssc-4fd3a3fc-acff-4277-9d88-60469f5a4fa5 findings:

  • core-web/libs/ui/src/lib/components/dot-sidebar-header/dot-sidebar-header.component.ts
  • core-web/libs/ui/src/lib/components/dot-empty-container/dot-empty-container.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-inline-edit-text/dot-experiments-inline-edit-text.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-header/dot-experiments-ui-header.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-goals-coming-soon/dot-experiments-goals-coming-soon.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-goal-configuration-url-parameter-component/dot-experiments-goal-configuration-url-parameter-component.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-goal-configuration-reach-page/dot-experiments-goal-configuration-reach-page.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiment-options/dot-experiment-options.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-shell/dot-experiments-shell.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-list/dot-experiments-list.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-list/components/dot-experiments-status-filter/dot-experiments-status-filter.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-list/components/dot-experiments-list-table/dot-experiments-list-table.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-list/components/dot-experiments-create/dot-experiments-create.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/dot-experiments-configuration.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-variants/dot-experiments-configuration-variants.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-variants-add/dot-experiments-configuration-variants-add.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-traffic/dot-experiments-configuration-traffic.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-traffic-allocation-add/dot-experiments-configuration-traffic-allocation-add.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-targeting/dot-experiments-configuration-targeting.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-scheduling/dot-experiments-configuration-scheduling.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-scheduling-add/dot-experiments-configuration-scheduling-add.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-items-count/dot-experiments-configuration-items-count.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-goals/dot-experiments-configuration-goals.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-goal-select/dot-experiments-configuration-goal-select.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-analytic-app-misconfiguration/dot-experiments-analytic-app-misconfiguration.component.ts

Risk: Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

Fix: Upgrade this library to at least version 21.0.7 at core/core-web/package-lock.json:5082.

Reference(s): GHSA-jrmj-c5cx-3cw6, CVE-2026-22610

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test bot reviewed Jan 21, 2026
View reviewed changes
...omponents/dot-experiments-experiment-summary/dot-experiments-experiment-summary.component.ts
Comment on lines 7 to 15
@Component({
selector: 'dot-experiments-experiment-summary',
imports: [CommonModule, DotMessagePipe, ButtonModule],
imports: [CommonModule, DotMessagePipe],
templateUrl: './dot-experiments-experiment-summary.component.html',
styleUrls: ['./dot-experiments-experiment-summary.component.scss'],
changeDetection: ChangeDetectionStrategy.OnPush
changeDetection: ChangeDetectionStrategy.OnPush,
host: {
class: 'flex justify-center p-4 text-gray-800 leading-[140%]'
}
})
Copy link

@semgrep-code-dotcms-test semgrep-code-dotcms-test bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High severity and reachable issue identified in your code:
Line 7 has a vulnerable usage of @angular/compiler, introducing a high severity vulnerability.

ℹ️ Why this is reachable

A reachable issue is a real security risk because your project actually executes the vulnerable code. This issue is reachable because your code uses a certain version of @angular/compiler.
Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

References: GHSA, CVE

To resolve this comment:
Upgrade this dependency to at least version 21.0.7 at core-web/package-lock.json.

💬 Ignore this finding

To ignore this, reply with:

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

You can view more details on this finding in the Semgrep AppSec Platform here.

@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Jan 21, 2026

Semgrep found 2 ssc-4fd3a3fc-acff-4277-9d88-60469f5a4fa5 findings:

  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-reports/dot-experiments-reports.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-reports/components/dot-experiments-reports-skeleton/dot-experiments-reports-skeleton.component.ts

Risk: Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

Fix: Upgrade this library to at least version 21.0.7 at core/core-web/package-lock.json:5082.

Reference(s): GHSA-jrmj-c5cx-3cw6, CVE-2026-22610

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Jan 21, 2026

Semgrep found 3 ssc-4fd3a3fc-acff-4277-9d88-60469f5a4fa5 findings:

  • core-web/libs/portlets/dot-experiments/portlet/src/lib/shared/ui/dot-experiments-details-table/dot-experiments-details-table.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-reports/components/dot-experiments-reports-chart/dot-experiments-reports-chart.component.ts
  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-reports/components/dot-experiments-report-daily-details/dot-experiments-report-daily-details.component.ts

Risk: Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

Fix: Upgrade this library to at least version 21.0.7 at core/core-web/package-lock.json:5082.

Reference(s): GHSA-jrmj-c5cx-3cw6, CVE-2026-22610

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

@semgrep-code-dotcms-test
Copy link

semgrep-code-dotcms-test bot commented Jan 21, 2026

Semgrep found 1 ssc-4fd3a3fc-acff-4277-9d88-60469f5a4fa5 finding:

  • core-web/libs/portlets/dot-experiments/portlet/src/lib/dot-experiments-configuration/components/dot-experiments-configuration-traffic-split-add/dot-experiments-configuration-traffic-split-add.component.ts

Risk: Affected versions of @angular/compiler and @angular/core are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Angular's template compiler fails to classify the href and xlink:href attributes on SVG <script> elements as Resource URL contexts. This allows an attacker to bind a malicious data: URI or external script via [attr.href] or [attr.xlink:href], resulting in arbitrary JavaScript execution (XSS) in the victim's browser.

Fix: Upgrade this library to at least version 21.0.7 at core/core-web/package-lock.json:5082.

Reference(s): GHSA-jrmj-c5cx-3cw6, CVE-2026-22610

If this is a critical or high severity finding, please also link this issue in the #security channel in Slack.

@rjvelazco
chore(experiments): Refactor components to use new input and viewChil…
7db9dd7 
…d syntax, update template bindings for reactive data
@rjvelazco
chore(experiments): Update component bindings to use new syntax and e…
2d4d7fb 
…nhance template expressions for improved reactivity
@rjvelazco rjvelazco linked an issue Jan 21, 2026 that may be closed by this pull request
Migrate 'Experiments' portlet UI to PrimeNG (Angular 21) #34252
Closed
@hmoreras hmoreras merged commit 38a95d4 into issue-33882-primeng-update Jan 22, 2026
8 checks passed
@hmoreras hmoreras deleted the issue-34248-migrate-edit-ema-experiments branch January 22, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@semgrep-code-dotcms-test semgrep-code-dotcms-test[bot] semgrep-code-dotcms-test[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

dotCMS - Product Planning
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Migrate 'Experiments' portlet UI to PrimeNG (Angular 21) Migrate 'Edit EMA' portlet UI to PrimeNG (Angular 21)

2 participants

@rjvelazco @hmoreras