Skip to content

ref(plugins): Inline PluginComponentBase into its two subclasses#116112

Merged
ryan953 merged 1 commit into
masterfrom
ref/inline-plugin-component-base
May 26, 2026
Merged

ref(plugins): Inline PluginComponentBase into its two subclasses#116112
ryan953 merged 1 commit into
masterfrom
ref/inline-plugin-component-base

Conversation

@ryan953
Copy link
Copy Markdown
Member

@ryan953 ryan953 commented May 23, 2026

Summary

  • Inlined the abstract PluginComponentBase class directly into its only two consumers: PluginSettings and IssueActions
  • Both classes now extend Component directly with all base class logic (state management, save/load lifecycle, renderField, API client) copied in
  • Deleted static/app/plugins/pluginComponentBase.tsx

Test plan

  • TypeScript typecheck passes (pnpm run typecheck)
  • Existing plugin tests pass (pluginConfig.spec.tsx, pluginDetailedView.spec.tsx)
  • ESLint passes

@github-actions github-actions Bot added the Scope: Frontend Automatically applied to PRs that change frontend components label May 23, 2026
semgrep-code-getsentry[bot]
semgrep-code-getsentry Bot reviewed May 23, 2026
View reviewed changes
Comment thread static/app/utils/api/sentryCellFetchErrorHandlers.tsx Outdated
}

if (!isDemoModeActive()) {
Cookies.set('session_expired', '1');
Copy link
Copy Markdown
Contributor

@semgrep-code-getsentry semgrep-code-getsentry Bot May 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: Affected versions of js-cookie are vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). The internal assign() helper in js-cookie walks attribute objects with a for..in loop and writes properties directly onto the target, which lets a __proto__ key from a JSON-parsed source trigger the Object.prototype.__proto__ setter. An attacker who controls any attributes object passed to set, remove, withAttributes, or withConverter can inject cookie attributes (domain, path, secure, samesite, expires) and pull off session fixation or downgrade Secure/SameSite protections.

Fix: Upgrade this library to at least version 3.0.7 at sentry/pnpm-lock.yaml:6510.

Reference(s): GHSA-qjx8-664m-686j

Removed in commit 8e42cbb

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 23, 2026
edited
Loading

📊 Type Coverage Diff

Metric Before After Delta
Coverage 93.57% 93.56% 🔴 -0.01%
Typed 133,210 133,212 🟢 +2
Untyped 9,147 9,165 🔴 +18
🔍 34 new type safety issues introduced

any-typed symbols (32 new)

File Line Detail
static/app/plugins/components/issueActions.tsx 28 callbackWithArgs (var)
static/app/plugins/components/issueActions.tsx 28 context (param)
static/app/plugins/components/issueActions.tsx 28 callback (param)
static/app/plugins/components/issueActions.tsx 28 args (param)
static/app/plugins/components/issueActions.tsx 291 callback (param)
static/app/plugins/components/issueActions.tsx 291 args (param)
static/app/plugins/components/issueActions.tsx 313 callback (param)
static/app/plugins/components/issueActions.tsx 313 args (param)
static/app/plugins/components/issueActions.tsx 323 callback (param)
static/app/plugins/components/issueActions.tsx 323 args (param)
static/app/plugins/components/issueActions.tsx 339 callback (param)
static/app/plugins/components/issueActions.tsx 339 args (param)
static/app/plugins/components/issueActions.tsx 354 callback (param)
static/app/plugins/components/issueActions.tsx 354 args (param)
static/app/plugins/components/issueActions.tsx 369 callback (param)

...and 17 more

Type assertions (as) (2 new)

File Line Detail
static/app/plugins/components/settings.tsx 79 as Readonly<S>{ state: FormState.LOADING, fieldList: null, initialData: null, formData: null,…
static/app/plugins/components/settings.tsx 79 as unknown{ state: FormState.LOADING, fieldList: null, initialData: null, formData: null,…

This is informational only and does not block the PR.

@ryan953 @claude
ref(plugins): Inline PluginComponentBase into its two subclasses
8e42cbb 
The abstract PluginComponentBase class was only extended by
PluginSettings and IssueActions. Inline all base class logic
(state management, save/load lifecycle, renderField, API client)
directly into each consumer and delete the base class file.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ryan953 ryan953 force-pushed the ref/inline-plugin-component-base branch from 4272db0 to 8e42cbb Compare May 23, 2026 15:44
@ryan953 ryan953 marked this pull request as ready for review May 26, 2026 03:53
@ryan953 ryan953 requested a review from a team May 26, 2026 03:53
natemoo-re
natemoo-re approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@natemoo-re natemoo-re left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup!

@ryan953 ryan953 merged commit 1adb4fa into master May 26, 2026
82 of 85 checks passed
@ryan953 ryan953 deleted the ref/inline-plugin-component-base branch May 26, 2026 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@semgrep-code-getsentry semgrep-code-getsentry[bot] semgrep-code-getsentry[bot] left review comments

@natemoo-re natemoo-re natemoo-re approved these changes

Assignees

No one assigned

Labels

Scope: Frontend Automatically applied to PRs that change frontend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryan953 @natemoo-re