Skip to content

πŸš€ release(v1.5.1-rc.4): container detail features + #329 i18n completion & gate + base-image CVE sweep#463

Merged
scttbnsn merged 10 commits into
mainfrom
release/v1.5.1-rc.4
Jun 29, 2026
Merged

πŸš€ release(v1.5.1-rc.4): container detail features + #329 i18n completion & gate + base-image CVE sweep#463
scttbnsn merged 10 commits into
mainfrom
release/v1.5.1-rc.4

Conversation

@scttbnsn

Copy link
Copy Markdown
Contributor

v1.5.1-rc.4

Supersedes rc.3 β€” the soak clock restarts on rc.4, which is the actual GA candidate (rc.3's content is all carried here plus the batch below). 9 commits off dev/v1.5.1, all gate-green at 100% app+ui coverage, biome + tsc clean.

Added

Fixed

  • Remaining International Language SupportΒ #329 i18n gaps β€” 10 user-facing surfaces that still rendered English for non-en users now resolve through the catalog (trigger status badge, yes/no previews, disabled-actions tooltip, update-maturity tooltip, grouped Update-All toast, severity tooltips, backup unknown fallback, search-hint connectors, agent: label, {n} fix badge). EN keys ship now; the 16 locales follow via Crowdin after release. Also fixes a latent ApiContainerInput.startedAt type error. (International Language SupportΒ #329)

Security

  • Base image refreshed β€” node:24-alpine 24.16.0/Alpine 3.21 β†’ 24.18.0/Alpine 3.24 + libexpat apk upgrade, clearing 24 container-scan CVEs (1 critical CVE-2026-48930 + 4 high Node, 13 medium libexpat). Rebuild + rescan confirms 0 critical/high. The 3 busybox/ssl_client medium findings (CVE-2025-60876) have no upstream Alpine fix yet and are tracked.

Test

  • i18n regression gate β€” ui/tests/i18n/no-raw-text.spec.ts (SFC template raw-text scan via @vue/compiler-sfc) + key-parity.spec.ts (Crowdin-lag-tolerant locale parity). Root-cause hardening so International Language SupportΒ #329 can't silently recur a 4th time.

scttbnsn added 10 commits June 28, 2026 23:11
…matching

When a container's resolved compose file path differs from the configured
compose file only by a mount prefix, match on the trailing <dir>/<file> tail
instead of skipping the container. Gated behind an opt-in mountPrefixFallback
option (DD_ACTION_DOCKERCOMPOSE_<name>_MOUNT_PREFIX_FALLBACK), default off,
because tail matching cannot tell apart stacks that share a project-dir name
across environments.

Refs: #365
Trigger templates can now reference $currentReleaseNotes to include the
running version's release notes alongside the existing target-version notes.

Refs: #295
…details

- ✨ feat(containers): read the image software version (org.opencontainers.image.version
  OCI label, with a container-inspect fallback) into image.softwareVersion and show it
  in the side and full-page detail panels (#209)
- ✨ feat(containers): show container uptime from State.StartedAt in the detail panels
  and as an opt-in Uptime table column, with a live-updating display
- πŸ› fix(model): tolerate unknown container fields (Joi allowUnknown) so a store written
  by a newer version stays readable after a downgrade
- βœ… test: cover the new model fields, watcher resolution, uptime formatter, useNow
  gating, and the column-visibility and preferences-migration paths

Refs: #209
Sync the committed roadmap surface with what rc.4 ships: container uptime +
software-version display, opt-in compose mount-prefix matching, and the
$currentReleaseNotes template variable.
…write (#209)

- ✨ add opt-in `dd.inspect.tag.version-only` label that routes the `dd.inspect.tag.path` value into image.softwareVersion only, preserving the real image tag and tag-based update detection
- πŸ› dual-write `dd.inspect.tag.path` into image.softwareVersion by default (tag-overwrite behavior byte-for-byte unchanged when the opt-in label is absent)
- ✨ UI: rename the containers "Version" column to "Tag" (column key preserved so saved prefs keep working), add a "Version" column showing software version with fallback to the tag; schema v6β†’v7 migration so existing users get the new column
- πŸ“ docs + CHANGELOG for the column split and the opt-in label

Completes the Tag/Version column split promised on discussion #209; the softwareVersion data + detail-panel display shipped earlier in bc4d74b. Non-breaking by design.
- bump pinned node:24-alpine (Node 24.16.0/Alpine 3.21 -> 24.18.0/Alpine 3.24) β€” clears all 11 Node binary CVEs incl. critical CVE-2026-48930 and 4 high
- add libexpat to the targeted apk upgrade set -> 2.8.2-r0 β€” clears 13 medium libexpat CVEs
- rebuild + grype rescan confirms 0 critical/high and 0 node/libexpat findings remain
- 3 busybox/ssl_client findings (CVE-2025-60876, medium) have no upstream Alpine fix yet β€” tracked for a later base bump
- all previously pinned Alpine apk versions still resolve on 3.24; build otherwise unchanged
Answers the two follow-up questions in discussion #451.

- ✨ feat(containers): add a per-container "Recheck for updates" action wired to
  POST /containers/:id/watch, surfaced in the side and full-page detail toolbars,
  both Actions tabs, and the row actions dropdown. It's a read-only refresh, ungated
  like the global recheck, with toasts on complete / not-found / failure and an
  in-flight disabled/"Rechecking…" state.
- ✨ feat(containers): tooltip on the "Update" column header clarifying it shows the
  available update type (major/minor/patch/digest), not a done-state. Threaded via a
  headerTooltipKey column field through DataTable.

EN locale only; other locales flow through Crowdin. 100% ui coverage held.
…ndness

A code-level audit of #329 found eight user-visible strings still rendering in
English for non-English locales. They now resolve through the catalog (English
keys added here; the 16 community locales follow via the normal Crowdin sync
after release):

- πŸ› TriggersView status badge (active/inactive) β€” keys existed but were wired
  only to the icon tooltip, not the badge text.
- πŸ› ContainerSideTabContent + ContainerFullPageActionsTab yes/no preview values
  β€” new common.yes / common.no keys.
- πŸ› useServerFeatures "container actions disabled" tooltip β€” new
  sharedComponents.serverFeatures.actionsDisabledReason key.
- πŸ› update-maturity "Available for N days" tooltip β€” thread the translate fn
  through mapApiContainer/mapApiContainers and the five call sites so the
  existing containerComponents.updateAge.* keys are used instead of the English
  fallback (the keys were previously dead code).
- πŸ› grouped "Update All" success toast β€” interpolate the group name through new
  containersView.toast.queuedUpdateGroupSingle/Multiple keys instead of
  concatenating a raw English " in <group>".
- πŸ› SecurityView severity tooltips β€” map raw CRITICAL/HIGH/MEDIUM/LOW through
  the existing securityView.filters.severity* keys via a severityLabel helper.
- πŸ› useContainerBackups operation "unknown" fallback β€” thread the translate fn
  through and use the existing containerComponents.sideTabContent.unknown key.
- πŸ› AppLayout search-hint connectors and the "(+N more)" legacy-keys summary.

Also fixes a pre-existing type error surfaced while editing the mapper:

- πŸ› add startedAt to ApiContainerInput. The uptime work (bc4d74b) added
  startedAt to ApiContainerDetails but not to the input fallback type that
  deriveRuntimeDetails reads, so tsc failed on this branch (it had not hit the
  pre-push tsc gate yet because dev/v1.5.1 is local-only).

Full app+ui suite green at 100% coverage; tsc and biome clean.

Refs: #329
Root-cause hardening for #329, which slipped past us 3Γ— because nothing
parsed .vue templates: tsc skips them, biome has no raw-text rule, and the
locales test only checked that directories exist. Two new vitest gates under
ui/tests/i18n/ now run in the standard suite:

- βœ… no-raw-text.spec.ts β€” parses every .vue with @vue/compiler-sfc and walks
  the template AST, failing on hardcoded prose in text nodes and static
  user-facing attributes (title/placeholder/alt/aria-label/label). Skips
  <code>/<pre>/<kbd> subtrees and carries a tiny justified allowlist for
  format identifiers (spdx-json, cyclonedx-json, CSV, JSON) and the brand
  wordmark. Documents its honest limitation up front: it cannot flag English
  literals inside {{ }} interpolations or in <script>/.ts without
  unacceptable false positives, so code review still covers that class.
- βœ… key-parity.spec.ts β€” asymmetric locale parity: fails on orphan keys (in a
  locale but absent from en) and stray top-level keys, but tolerates keys
  missing from a locale (the normal Crowdin lag, 384 today) so it never
  false-fails on an EN-only commit.

The raw-text gate immediately caught two untranslated strings the earlier
60-agent audit missed; fixed here:

- πŸ› trigger "agent:" label in ContainerFullPageActionsTab /
  ContainerFullPageTabContent / ContainerSideTabContent β€” now
  containerComponents.triggers.agentLabel.
- πŸ› SecurityView "{n} fix" summary badge β€” now securityView.fixableBadge
  ("{count} fix").

Verified: full app+ui suite green at 100% coverage; tsc + biome clean; both
gates adversarially confirmed to fail on a reintroduced raw string and an
injected orphan key, then pass again once reverted.

Refs: #329
Cut the [1.5.1-rc.4] CHANGELOG section from the accumulated [Unreleased] work.
The batch (9 commits on dev/v1.5.1, all gate-green at 100% app+ui coverage):

- ✨ opt-in compose mount-prefix fallback (#365)
- ✨ $currentReleaseNotes trigger template variable (#295)
- ✨ container software version + uptime in detail panels and table columns
- ✨ Tag/Version column split with non-breaking inspect-path dual-write (#209)
- πŸ”’ base-image refresh clearing 24 container-scan CVEs (1 critical + 4 high
  Node, 13 medium libexpat); 3 busybox/ssl_client medium findings have no
  upstream fix yet and are tracked
- ✨ per-container recheck button + Update-column tooltip (#451)
- πŸ› close the remaining #329 i18n gaps (10 surfaces) + latent startedAt type fix
- βœ… i18n regression gate (SFC raw-text scan + locale key-parity)
@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
drydock-website Ready Ready Preview, Comment Jun 29, 2026 6:37pm
drydockdemo-website Ready Ready Preview, Comment Jun 29, 2026 6:37pm

@biggest-littlest biggest-littlest left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Release batch looks good β€” gates green, CHANGELOG section is accurate, security base-image bump is the right call before GA. πŸ‘

@ALARGECOMPANY ALARGECOMPANY left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified the version files and changelog entry. Approving.

@scttbnsn scttbnsn merged commit b7cfa6e into main Jun 29, 2026
26 checks passed
@scttbnsn scttbnsn deleted the release/v1.5.1-rc.4 branch June 29, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants