Merge branch 'main' into renovate/configure

Jenkinsfile

@@ -1,4 +1,4 @@
 XComponentsPipeline {
     instance = 'Archetype'
-    builder = 'cypress/browsers:node16.16.0-chrome105-ff104-edge'
+    builder = 'cypress/browsers:node-18.16.0-chrome-113.0.5672.92-1-ff-113.0-edge-113.0.1774.35-1'
 }

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please **do NOT** raise a GitHub Issue to report a security vulnerability. This kind of issues must
+be communicated in a private manner. If you believe you have found a security vulnerability, report
+it to our dedicated email address
+[[email protected]](mailto:[email protected]). We ask that you do not use
+other channels or contact project contributors directly. Non-vulnerability related security issues
+such as new great new ideas for security features are welcome on GitHub Issues.
+
+On top of that, if you would like to provide a patch, please **do not open a pull request** as it is
+another public way to discover the vulnerability. Instead, create a commit on your fork of
+**empathyco/x** and run this command:
+
+```bash
+git format-patch -1 HEAD --stdout > x_security_patch.txt
+```
+
+This command will create a file called `x_security_patch` with the content of your last commit.
+
+As a summary, send an email with:
+
+- Subject: Interface X Security Alert
+- Content: Description of the vulnerability
+- Attach the `x_security_patch` file if you have created one.
+
+Thanks for your contribution.

build/instrumentation.build.js

@@ -14,8 +14,6 @@ import visualizer from 'rollup-plugin-visualizer';
 import vue from 'rollup-plugin-vue';
 import * as fs from 'fs';
 
-const jsOutputDirectory = path.join(process.cwd(), 'dist');
-
 /**
  * Creates a rollup configuration for projects that use X-Components. This configuration can be customized with the options object.
  *
@@ -49,26 +47,28 @@ export function createConfig({
     };
   }
 
+  const mergedOutput = {
+    dir: path.join(process.cwd(), 'dist'),
+    format: 'es',
+    sourcemap: true,
+    assetFileNames: '[name][extname]',
+    entryFileNames: 'app.js',
+    ...output
+  };
+
   return {
     input,
-    output: {
-      dir: jsOutputDirectory,
-      format: 'es',
-      sourcemap: true,
-      assetFileNames: '[name][extname]',
-      entryFileNames: 'app.js',
-      ...output
-    },
+    output: mergedOutput,
     preserveEntrySignatures: false,
     plugins: [
       ...prePlugins,
       del(
         mergeConfig('del', {
-          targets: [`${jsOutputDirectory}/*`]
+          targets: [`${mergedOutput.dir}/*`]
         })
       ),
       copy({
-        targets: [{ src: ['public/**', '!public/index.html'], dest: 'dist/' }]
+        targets: [{ src: ['public/**', '!public/index.html'], dest: `${mergedOutput.dir}` }]
       }),
       // Resolving plugins
       replace(

cypress.config.ts

@@ -0,0 +1,21 @@
+import { defineConfig } from 'cypress'
+
+export default defineConfig({
+  defaultCommandTimeout: 7000,
+  fixturesFolder: 'tests/e2e/fixtures',
+  screenshotsFolder: 'tests/e2e/screenshots',
+  screenshotOnRunFailure: false,
+  video: false,
+  retries: 1,
+  includeShadowDom: true,
+  e2e: {
+    // We've imported your old cypress plugins here.
+    // You may want to clean this up later by importing these.
+    setupNodeEvents(on, config) {
+      return require('./tests/e2e/plugins/index.js')(on, config)
+    },
+    baseUrl: 'http://localhost:8080',
+    specPattern: 'tests/e2e/cucumber/**/*.feature',
+    supportFile: 'tests/e2e/support/index.ts',
+  },
+})