feat/TP-2024-Removed chrome version dependency in the addon #285
Conversation
WalkthroughThis PR updates the MockGeoLocationAction class to refactor DevTools geolocation override implementation from direct Emulation API calls to a Map-based Command payload approach. It also increments the project version to 1.0.10 and updates the commons-lang3 dependency to 3.17.0. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
mock_geo_location/pom.xml(2 hunks)mock_geo_location/src/main/java/com/testsigma/addons/web/MockGeoLocationAction.java(2 hunks)
🔇 Additional comments (4)
mock_geo_location/pom.xml (1)
9-9: LGTM! Version bump is appropriate.The minor version increment from 1.0.9 to 1.0.10 is appropriate for the changes described in the PR objectives.
mock_geo_location/src/main/java/com/testsigma/addons/web/MockGeoLocationAction.java (3)
12-12: LGTM - Imports support the version-independent approach.The addition of
Command,HashMap, andMapimports aligns with the refactoring from typed DevTools API to a raw CDP command approach, which helps achieve Chrome version independence.Also applies to: 17-18
91-91: Good improvement - concise user-facing error messages.Changing from
getStackTrace(e)togetMessage(e)for the user-facing error message is appropriate. The full stack trace remains available in the logs (line 90) for debugging, while users receive a cleaner, more actionable error message.
81-86: The Command API usage and CDP protocol implementation are correct.All verification checks passed:
- The
Commandconstructor correctly accepts a String command name and Map<String, Object> of parameters- Parameter keys ("latitude", "longitude", "accuracy") match the Chrome DevTools Protocol specification
- The empty diamond operator is appropriate since this CDP command does not send a response
- The refactoring approach properly trades version-specific type safety for runtime flexibility across CDP protocol versions
| <groupId>org.apache.commons</groupId> | ||
| <artifactId>commons-lang3</artifactId> | ||
| <version>3.14.0</version> | ||
| <version>3.17.0</version> |
There was a problem hiding this comment.
Upgrade commons-lang3 to 3.18.0 or later to address CVE-2025-48924.
Version 3.17.0 is available on Maven Central, but commons-lang3 3.0 before 3.18.0 is affected by CVE-2025-48924, where the ClassUtils.getClass(...) method can throw StackOverflowError on very long inputs. Upgrade to version 3.18.0 or later, which fixes the issue. Consider updating to 3.20.0 for the latest stable release.
🤖 Prompt for AI Agents
In mock_geo_location/pom.xml around line 67 the project pins commons-lang3 to
3.17.0 which is vulnerable to CVE-2025-48924; update the dependency version to
3.18.0 or later (recommend 3.20.0) in the pom, ensure any other occurrences or
parent/dependencyManagement entries are updated consistently, run mvn -U clean
verify to refresh the lock/state and build to confirm no regressions, and commit
the version bump.
Publish this addon as public
Addon Name: Mock Geo Location
Jarvis Link: https://jarvis.testsigma.com/ui/tenants/2817/addons
Jira : https://testsigma.atlassian.net/browse/TP-2024
Removed chrome version dependency in the addon
Summary by CodeRabbit
Chores
Bug Fixes
✏️ Tip: You can customize this high-level summary in your review settings.