feat(content-uploader): pass version_number to modernized uploader items list#4623
feat(content-uploader): pass version_number to modernized uploader items list#4623olehrybak wants to merge 2 commits into
Conversation
WalkthroughThis PR upgrades ChangesUpload Manager Integration Improvements
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 Biome (2.4.16)src/api/uploads/PlainUpload.jsFile contains syntax errors that prevent linting: Line 12: 'import type' are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 17: return types can only be used in TypeScript files; Line 19: return types can only be used in TypeScript files; Line 27: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 27: return type annotation are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 28: type annotation are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 45: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 45: return type annotation are a TypeScript only feature. Convert your file to a TypeScript file or remove the syntax.; Line 63: Type annotations are a TypeScript only feature. Convert your file to a TypeScript file or remove th ... [truncated 1145 characters] ... instead found 🔧 ESLint
ESLint install failed due to a network error. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/api/uploads/__tests__/PlainUpload.test.js (1)
177-196: ⚡ Quick winConsider adding a test for fields with preflight-provided
upload_url.The new test correctly verifies that
fieldsare appended when the upload URL is constructed internally. However, the PR objective states that fields should be appended "regardless of whether the upload URL is provided initially or returned by preflight." Consider adding a complementary test case wheredata.upload_urlis provided to ensure complete coverage of both code paths.🧪 Suggested additional test case
+ test('should append fields query parameter when upload URL is provided by preflight', () => { + const preflightUploadUrl = 'https://upload.box.com/api/2.0/files/content'; + upload.isDestroyed = jest.fn().mockReturnValueOnce(false); + upload.computeSHA1 = jest.fn().mockReturnValueOnce(Promise.resolve('somehash')); + upload.file = { + name: 'warlock', + }; + upload.folderId = '123'; + upload.fields = ['content_created_at', 'version_number']; + upload.xhr = { + uploadFile: jest.fn(), + }; + + return upload.preflightSuccessHandler({ data: { upload_url: preflightUploadUrl } }).then(() => { + expect(upload.xhr.uploadFile).toHaveBeenCalledWith( + expect.objectContaining({ + url: `${preflightUploadUrl}?fields=content_created_at%2Cversion_number`, + }), + ); + }); + });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/api/uploads/__tests__/PlainUpload.test.js` around lines 177 - 196, Add a complementary unit test to verify that when preflight returns an upload_url the upload.fields are still appended to that URL; specifically, create a test that sets upload.fields (e.g., ['content_created_at','version_number']), mocks upload.isDestroyed and computeSHA1, sets upload.file/folderId and upload.xhr.uploadFile, calls upload.preflightSuccessHandler({ data: { upload_url: 'https://host/some/path' } }) and asserts upload.xhr.uploadFile was called with an object whose url equals the provided upload_url plus the query parameter ?fields=content_created_at%2Cversion_number; this ensures both code paths (constructed URL and preflight-provided upload_url) handle upload.fields correctly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 150: Verify that bumping `@box/uploads-manager` to 1.17.2 doesn’t introduce
breaking API/type changes by auditing uses of UploadItemStatus, UploadItem, and
UploadsManager in the repo: search for references to those symbols, update any
call sites or type annotations to match the new package typings if they changed,
and run the content-uploader test suite (unit and integration) to catch
runtime/type regressions; if tests fail, pin the dependency back or apply
necessary code changes to adapt to the new API.
---
Nitpick comments:
In `@src/api/uploads/__tests__/PlainUpload.test.js`:
- Around line 177-196: Add a complementary unit test to verify that when
preflight returns an upload_url the upload.fields are still appended to that
URL; specifically, create a test that sets upload.fields (e.g.,
['content_created_at','version_number']), mocks upload.isDestroyed and
computeSHA1, sets upload.file/folderId and upload.xhr.uploadFile, calls
upload.preflightSuccessHandler({ data: { upload_url: 'https://host/some/path' }
}) and asserts upload.xhr.uploadFile was called with an object whose url equals
the provided upload_url plus the query parameter
?fields=content_created_at%2Cversion_number; this ensures both code paths
(constructed URL and preflight-provided upload_url) handle upload.fields
correctly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: aee7135a-79ca-41b0-87ab-fe599be9ee22
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (5)
package.jsonsrc/api/uploads/PlainUpload.jssrc/api/uploads/__tests__/PlainUpload.test.jssrc/elements/content-uploader/utils/__tests__/mapToModernizedUploadItem.test.tssrc/elements/content-uploader/utils/mapToModernizedUploadItem.ts
| "@box/unified-share-modal": "^2.15.16", | ||
| "@box/user-selector": "^1.77.13", | ||
| "@box/uploads-manager": "^1.15.0", | ||
| "@box/uploads-manager": "^1.17.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check the validity of `@box/uploads-manager` version and look for breaking changes
echo "Fetching available versions of `@box/uploads-manager` from npm..."
npm view `@box/uploads-manager` versions --json | jq -r '.[]' | grep -E '^1\.(15|16|17)\.' | tail -20
echo -e "\nChecking if version 1.17.2 exists..."
npm view `@box/uploads-manager`@1.17.2 version 2>/dev/null && echo "✓ Version 1.17.2 exists" || echo "✗ Version 1.17.2 not found"
echo -e "\nFetching recent changelog/release notes..."
npm view `@box/uploads-manager`@1.17.2 --json | jq -r '.description, .homepage'Repository: box/box-ui-elements
Length of output: 149
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "1) Check whether 1.17.2 exists (lightweight npm view)..."
npm view `@box/uploads-manager`@1.17.2 version || true
echo
echo "2) Fetch minimal metadata for 1.17.2 (homepage/repository if available)..."
npm view `@box/uploads-manager`@1.17.2 --json | head -c 4000 || true
echo
echo "3) Look for resolved versions in lockfiles..."
ls -1 package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null || true
rg -n "\"`@box/uploads-manager`\"" package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null || true
rg -n "`@box/uploads-manager`@1\.(15|16|17)\." package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null || trueRepository: box/box-ui-elements
Length of output: 149
🌐 Web query:
@box/uploads-manager 1.17.2 release notes changelog migration
💡 Result:
There is no publicly available release version 1.17.2 for the package @box/uploads-manager as of June 12, 2026. Official Box documentation and repositories, such as the box/box-ui-elements repository, do not contain release notes or a changelog for this specific version. The @box/uploads-manager package is primarily a component used within Box UI Elements [1]. If you are looking for information regarding Box SDK migrations, Box has transitioned its primary development efforts toward generated SDKs (sdk-gen) [2]. Migration guides for Box SDKs, such as moving from the legacy box-node-sdk to the generated sdk-gen module, are available in the official box-node-sdk repository [3][2]. For specific updates related to your project's dependencies, it is recommended to: 1. Check the official npm registry page for @box/uploads-manager to verify the latest published version. 2. Review the box/box-ui-elements GitHub repository for any unreleased changes or open pull requests that might match your version number. 3. Consult the official Box Developer documentation at https://developer.box.com/ for the most current integration and migration guidance.
Citations:
- 1: https://github.com/box/box-ui-elements/blob/master/src/elements/content-uploader/ContentUploader.tsx
- 2: https://github.com/box/box-node-sdk/blob/main/migration-guides/from-box-node-sdk-to-sdk-gen.md
- 3: https://github.com/box/box-node-sdk/blob/main/migration-guides/from-box-typescript-sdk-gen-v1-to-box-node-sdk.md
🌐 Web query:
site:github.com "@box/uploads-manager" releases 1.17.2
💡 Result:
There is no publicly available npm package named @box/uploads-manager, nor is there a record of a release version 1.17.2 associated with such a package [1][2]. The UploadsManager is a component internal to the Box UI Elements library, which is maintained in the box/box-ui-elements repository on GitHub [1][3]. This component is used within the Content Uploader UI element [1][4], but it is not distributed as a standalone npm package [2]. If you are looking for specific versions of Box-related tools, you may be referring to a different package, as versioning schemes vary across Box's various SDKs and UI libraries (e.g., box-ui-elements or box-node-sdk) [5][6].
Citations:
- 1: https://github.com/box/box-ui-elements/blob/master/src/elements/content-uploader/ContentUploader.tsx
- 2: https://github.com/box/box-ui-elements/blob/master/package.json
- 3: https://github.com/box/box-ui-elements/blob/HEAD/src/elements/content-uploader/README.md
- 4: https://github.com/box/developer.box.com/blob/main/content/guides/embed/ui-elements/uploader.md
- 5: https://github.com/box/box-ui-elements/releases
- 6: https://github.com/box/box-node-sdk/releases
🌐 Web query:
"uploads-manager" "CHANGELOG" "1.17"
💡 Result:
The term "uploads-manager" (or similar variations) appears in multiple software projects, but version 1.17 is specifically associated with the Uploadcare File Uploader project [1][2]. According to the official CHANGELOG.md for the uploadcare/file-uploader repository, version 1.17.0 was released on June 16, 2025, followed by versions 1.17.1 and 1.17.2 on June 18, 2025 [1][2]. These releases primarily focused on various bug fixes [1][2]. While the term "uploads-manager" or "upload manager" is used in other contexts—such as within the source code of the Perplexica project [3], Elementor (where an uploads-manager.php file exists) [4], and various other software systems [5][6][7][8]—there is no widely recognized or standardized project strictly named "uploads-manager" that maintains a unified changelog for version 1.17 outside of the specific context of the Uploadcare File Uploader or project-specific internal components [1][2]. If you are looking for information regarding a different specific software product, please provide the name of the organization or repository.
Citations:
- 1: https://github.com/uploadcare/file-uploader/blob/main/CHANGELOG.md
- 2: https://raw.githubusercontent.com/uploadcare/file-uploader/6fd74a2ca8aec3df721200eca244b647b2717256/CHANGELOG.md
- 3: https://git.rehounou.ca/remi/Perplexica/commit/690b11cc1ccdbe7e1961c8bf1838c6cf943c8ebe
- 4: https://www.pluginvulnerabilities.com/2023/12/08/elementor-issues-second-fix-for-authenticated-arbitrary-file-upload-vulnerability/
- 5: https://github.com/NASA-PDS/data-upload-manager/releases
- 6: https://pub.dev/packages/flutter_upload_manager/changelog
- 7: https://help.scanshare.com/home/getting-started/release-notes/
- 8: https://www.servicenow.com/docs/r/delta-yokohama-australia/australia-yokohama-mobileplatform-release-notes.html
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Lockfiles present:"
ls -1 package-lock.json yarn.lock pnpm-lock.yaml pnpm-lock.yml 2>/dev/null || true
echo
echo "Searching for `@box/uploads-manager` in lockfiles..."
rg -n "`@box/uploads-manager`" package-lock.json yarn.lock pnpm-lock.yaml pnpm-lock.yml 2>/dev/null || true
echo
echo "Searching for a resolved version number for `@box/uploads-manager`..."
rg -n "`@box/uploads-manager`@|\"`@box/uploads-manager`\":\\s*\\{\"|\"`@box/uploads-manager`\"\\s*:\\s*\\{" package-lock.json yarn.lock pnpm-lock.yaml pnpm-lock.yml 2>/dev/null || true
echo
echo "Searching for scope registry config (.npmrc) for `@box`..."
ls -1 .npmrc 2>/dev/null || true
[ -f .npmrc ] && sed -n '1,200p' .npmrc || true
echo
echo "Repo-wide search for `@box/uploads-manager`..."
rg -n "`@box/uploads-manager`" . 2>/dev/null | head -n 50 || trueRepository: box/box-ui-elements
Length of output: 2034
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Get the exact resolved tarball URL from yarn.lock
url="$(awk '
$0 ~ /^"`@box`\/uploads-manager@\^1\.17\.2":/ {inblk=1; next}
inblk && $0 ~ /^\s*resolved "/ {
sub(/^[[:space:]]*resolved "/,""); sub(/"$/,""); print; exit
}
' yarn.lock)"
echo "Resolved tarball URL from yarn.lock:"
echo "$url"
echo
echo "Downloading tarball to /tmp..."
rm -f /tmp/uploads-manager-1.17.2.tgz
curl -L --fail --silent --show-error -o /tmp/uploads-manager-1.17.2.tgz "$url"
echo "Inspecting tarball contents (top level)..."
mkdir -p /tmp/uploads-manager-1.17.2
rm -rf /tmp/uploads-manager-1.17.2/*
tar -xzf /tmp/uploads-manager-1.17.2.tgz -C /tmp/uploads-manager-1.17.2 --strip-components=1 --wildcards 'package.json' 'README*' 'CHANGELOG*' 'changelog*' 'MIGRATION*' 'migration*' 2>/dev/null || true
echo
echo "Top docs present:"
ls -la /tmp/uploads-manager-1.17.2 || true
echo
echo "package.json:"
cat /tmp/uploads-manager-1.17.2/package.json || true
echo
echo "Any changelog/migration text (first 200 lines each):"
for f in /tmp/uploads-manager-1.17.2/CHANGELOG* /tmp/uploads-manager-1.17.2/changelog* /tmp/uploads-manager-1.17.2/MIGRATION* /tmp/uploads-manager-1.17.2/migration*; do
[ -e "$f" ] || continue
echo "---- $f ----"
sed -n '1,200p' "$f" || true
doneRepository: box/box-ui-elements
Length of output: 583
🏁 Script executed:
#!/bin/bash
set -euo pipefail
tgz="/tmp/uploads-manager-1.17.2.tgz"
echo "tgz file stats:"
ls -la "$tgz" || true
echo
echo "tgz file type:"
file "$tgz" || true
echo
echo "First bytes (to detect HTML/errors):"
head -c 200 "$tgz" | xxd -p || true
echo
echo "Archive listing (first 50 entries):"
tar -tzf "$tgz" | head -n 50 || trueRepository: box/box-ui-elements
Length of output: 2225
🏁 Script executed:
#!/bin/bash
set -euo pipefail
tgz="/tmp/uploads-manager-1.17.2.tgz"
out="/tmp/uploads-manager-1.17.2"
rm -rf "$out"
mkdir -p "$out"
echo "Extracting without stripping to inspect paths..."
tar -xzf "$tgz" -C "$out" || true
echo
echo "Top-level extracted dirs/files:"
ls -la "$out" || true
echo
echo "Searching for package.json in extracted tree..."
find "$out" -maxdepth 4 -name package.json -print || true
echo
echo "Searching for CHANGELOG/MIGRATION in extracted tree (maxdepth 6)..."
find "$out" -maxdepth 6 -iname "change*log*" -o -iname "migration*" -print || trueRepository: box/box-ui-elements
Length of output: 477
🏁 Script executed:
#!/bin/bash
set -euo pipefail
out="/tmp/uploads-manager-1.17.2"
echo "package/package.json (first 120 lines):"
sed -n '1,120p' "$out/package/package.json"
echo
echo "Package version field(s):"
node -e "const p=require('$out/package/package.json'); console.log({version:p.version, name:p.name});" 2>/dev/null || true
echo
echo "Search for changelog/migration files in tarball contents:"
find "$out" -maxdepth 6 -iname "change*log*" -o -iname "*migration*" -print || true
echo
echo "Search for 'breaking' notes in common doc files (best-effort):"
find "$out" -maxdepth 6 -type f \( -iname "*readme*" -o -iname "*changelog*" -o -iname "*migration*" -o -iname "*.md" \) -print | head -n 50 || true
for f in $(find "$out" -maxdepth 6 -type f \( -iname "*readme*" -o -iname "*changelog*" -o -iname "*migration*" -o -iname "*.md" \) -print 2>/dev/null | head -n 20); do
echo "---- $f (breaking snippets) ----"
rg -n -i "breaking|migrat|upgrade|deprecat" "$f" | head -n 20 || true
doneRepository: box/box-ui-elements
Length of output: 1844
🏁 Script executed:
#!/bin/bash
set -euo pipefail
out="/tmp/uploads-manager-1.17.2/package"
echo "README.md (first 200 lines):"
sed -n '1,200p' "$out/README.md" || true
echo
echo "README.md (lines matching breaking/migrat/upgrade/deprecat):"
rg -n -i "breaking|migrat|upgrade|deprecat" "$out/README.md" || true
echo
echo "Any markdown/text docs besides README.md (up to depth 6):"
find "$out" -maxdepth 6 -type f \( -iname "*.md" -o -iname "*readme*" \) -print || true
echo
echo "Search all extracted files for breaking/migrat/upgrade/deprecat (best-effort):"
rg -n -i "breaking|migrat|upgrade|deprecat" "$out" || trueRepository: box/box-ui-elements
Length of output: 9104
Check @box/uploads-manager 1.17.2 bump risk
@box/uploads-manageris already resolved to1.17.2inyarn.lock, and the downloaded1.17.2tarball’spackage/package.jsonreportsversion: "1.17.2".- The
1.17.2package ships noCHANGELOG/MIGRATIONfiles (README documents the API only), so breaking/migration guidance isn’t available from release notes. - Validate breaking API/type changes in this repo’s usage of
UploadItemStatus,UploadItem, andUploadsManagerand run the relevant content-uploader tests before merging.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 150, Verify that bumping `@box/uploads-manager` to 1.17.2
doesn’t introduce breaking API/type changes by auditing uses of
UploadItemStatus, UploadItem, and UploadsManager in the repo: search for
references to those symbols, update any call sites or type annotations to match
the new package typings if they changed, and run the content-uploader test suite
(unit and integration) to catch runtime/type regressions; if tests fail, pin the
dependency back or apply necessary code changes to adapt to the new API.
| "@box/unified-share-modal": "^2.15.16", | ||
| "@box/user-selector": "^1.77.13", | ||
| "@box/uploads-manager": "^1.15.0", | ||
| "@box/uploads-manager": "^1.17.2", |
There was a problem hiding this comment.
I believe you also have to update the peerDependencies of @box/uploads-manager package, ex. blueprint-web, blueprint-web-assets, and item-icon
4 participants
Summary
version_numberto the modernized upload items listversion_numberquery param to the upload url outside ofif (!uploadUrl)so that it can be called when we receive a url from preflight requestSummary by CodeRabbit
Chores
Bug Fixes
Features