fix openc3_set_versions script by ryan-pratt · Pull Request #2449 · OpenC3/cosmos

ryan-pratt · 2025-10-16T18:54:22Z

fix bug in script
reset broken package.json files to d11ad51
run script to update them to 6.9.1 (this sets "version" and common package dependency versions)
run script again to update to 6.9.2-beta0 (this sets "version" and DOESN'T set common package dependency versions since dependencies should stay at released versions per previous discussions)

- fix bug in script - reset broken package.json files to d11ad51 - run script to update them to 6.9.1 - run script again to update to 6.9.2-beta0

sonarqubecloud · 2025-10-16T18:55:32Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

codecov · 2025-10-16T18:55:38Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.55%. Comparing base (5a581cd) to head (8525a48).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2449   +/-   ##
=======================================
  Coverage   79.55%   79.55%           
=======================================
  Files         658      658           
  Lines       50377    50377           
  Branches      736      736           
=======================================
+ Hits        40075    40076    +1     
+ Misses      10222    10221    -1     
  Partials       80       80

Flag	Coverage Δ
python	`81.68% <ø> (-0.01%)`	⬇️
ruby-api	`84.62% <ø> (+0.05%)`	⬆️
ruby-backend	`82.73% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

socket-security · 2025-10-16T18:58:16Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jest@29.7.0
	single-spa-svelte@2.1.1
	eslint-config-prettier@9.1.2
	vite-plugin-style-inject@0.0.1
	@smui/menu@7.0.0
	@openc3/vue-common@6.9.1
	babel-jest@29.7.0
	svelte-portal@2.2.1
	@openc3/js-common@6.9.1
	rollup-plugin-livereload@2.0.5
	@smui/list@7.0.0
	sirv-cli@2.0.2
	svelte-jester@5.0.0
	rollup-plugin-terser@7.0.2
	@smui/common@7.0.0
	smui-theme@7.0.0
	vite@5.4.20
	rollup-plugin-postcss@4.0.2
	@astrouxds/astro-web-components@7.27.0
	@vue/eslint-config-prettier@9.0.0
	vue-eslint-parser@9.4.3
	@smui/button@7.0.0
	@smui/card@7.0.0
	prettier-plugin-svelte@3.4.0
	concurrently@9.2.1
	rollup-plugin-svelte@7.2.3
	svelte@4.2.20
	@testing-library/svelte@5.2.8
	@vitejs/plugin-vue@5.2.4
	eslint-plugin-vue@9.33.0
	eslint-plugin-prettier@5.5.4
	prettier@3.6.2
	vue@3.5.22
See 7 more rows in the dashboard

View full report

socket-security · 2025-10-16T18:58:18Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		`@openc3/[email protected]` has Obfuscated code. Confidence: 0.94 Location: Package overview From: openc3/templates/widget/package.json → `npm/@openc3/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@openc3/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has Obfuscated code. Confidence: 0.95 Location: Package overview From: `?` → `npm/@openc3/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has Obfuscated code. Confidence: 0.91 Location: Package overview From: `?` → `npm/@smui/[email protected]` → `npm/@smui/[email protected]` → `npm/@smui/[email protected]` → `npm/@smui/[email protected]` → `npm/@smui/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

ryan-pratt · 2025-10-16T19:12:06Z

For further confirmation...

> OPENC3_RELEASE_VERSION=6.9.3 ruby openc3_set_versions.rb
> git diff **/package.json > diff-6.9.3.txt
> git add -A && git commit -m "delete me"
> OPENC3_RELEASE_VERSION=6.9.4-beta0 ruby openc3_set_versions.rb
> git diff **/package.json > diff-6.9.4-beta0.txt

diff-6.9.3.txt
diff-6.9.4-beta0.txt

mcosgriff · 2025-10-16T20:02:22Z

openc3/templates/tool_angular/package.json

@@ -1,2 +1,48 @@
+{
+  "name": "<%= tool_name %>",
  "version": "6.9.2-beta0",


Just double checking it should be beta0?

Yes, the tool version should match the COSMOS version. It's just dependencies of generated tools that get a released version (6.9.1 in this case)

fix openc3_set_versions script

8525a48

- fix bug in script - reset broken package.json files to d11ad51 - run script to update them to 6.9.1 - run script again to update to 6.9.2-beta0

ryan-pratt requested review from mcosgriff and ryanmelt October 16, 2025 18:54

ryanmelt approved these changes Oct 16, 2025

View reviewed changes

mcosgriff reviewed Oct 16, 2025

View reviewed changes

ryan-pratt merged commit 281cf55 into main Oct 16, 2025
30 of 31 checks passed

ryan-pratt deleted the bug/tool-generator branch October 16, 2025 20:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix openc3_set_versions script#2449

fix openc3_set_versions script#2449
ryan-pratt merged 1 commit intomainfrom
bug/tool-generator

ryan-pratt commented Oct 16, 2025 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Oct 16, 2025

Uh oh!

codecov bot commented Oct 16, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Oct 16, 2025

Uh oh!

socket-security bot commented Oct 16, 2025

Uh oh!

ryan-pratt commented Oct 16, 2025

Uh oh!

mcosgriff Oct 16, 2025

Uh oh!

ryan-pratt Oct 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

ryan-pratt commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonarqubecloud bot commented Oct 16, 2025

Quality Gate passed

Uh oh!

codecov bot commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

socket-security bot commented Oct 16, 2025

Uh oh!

socket-security bot commented Oct 16, 2025

Uh oh!

ryan-pratt commented Oct 16, 2025

Uh oh!

mcosgriff Oct 16, 2025

Choose a reason for hiding this comment

Uh oh!

ryan-pratt Oct 16, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

ryan-pratt commented Oct 16, 2025 •

edited

Loading

codecov bot commented Oct 16, 2025 •

edited

Loading