NO-JIRA: update perses and fix vulnerable dependencies

[jgbernalp]

Update the perses dependencies to remove vulnerable dependencies.

cc @iNecas there were minor changes to the OLS plugin extension, PTAL.

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to the latest patch version for improved stability and compatibility.
  • Refactored internal code structure for better maintainability.

[openshift-ci-robot]

@jgbernalp: This pull request explicitly references no jira issue.

Details

In response to this:

Update the perses dependencies to remove vulnerable dependencies.

cc @iNecas there were minor changes to the OLS plugin extension, PTAL.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Dependency versions for @perses-dev packages bumped from 0.53.0 to 0.53.1 in package.json. Import paths for RootState type updated from store to store/store in two component files. Store hook usage adjusted in one component.

Changes

Cohort / File(s)	Summary
Dependency Version Updates web/package.json	Bumped @perses-dev packages (components, core, dashboards, explore, plugin-system) from 0.53.0 to 0.53.1.
Store Import Path Updates web/src/components/dashboards/perses/ExternalPanelAddition.tsx, web/src/components/ols-tool-ui/helpers/AddToDashboardButton.tsx	Updated RootState import source from ../../../store to ../../../store/store. Modified useDashboardStore consumption in ExternalPanelAddition to select entire state via (state) => state.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable and deterministic Ginkgo test names is not applicable to this pull request. This PR only modifies frontend code: a package.json dependency update and two TypeScript React component files (ExternalPanelAddition.tsx and AddToDashboardButton.tsx). No Go test files using the Ginkgo testing framework were changed in this PR, so there are no test titles to review for dynamic content violations.
Test Structure And Quality	✅ Passed	This PR contains only TypeScript/React component updates and dependency version bumps, with no Ginkgo test files present or modified.
Microshift Test Compatibility	✅ Passed	The custom check for MicroShift Test Compatibility is not applicable to this PR. The check validates new Ginkgo e2e tests (Go test files) for MicroShift compatibility, but this PR only contains dependency version updates and TypeScript/React component changes. No new Ginkgo e2e tests are added.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR contains only dependency updates and TypeScript import changes; no new Ginkgo e2e tests are added.
Topology-Aware Scheduling Compatibility	✅ Passed	PR does not introduce topology-incompatible scheduling constraints; uses parameterized replica count without problematic affinity rules or nodeSelectors.
Ote Binary Stdout Contract	✅ Passed	The OTE Binary Stdout Contract check is not applicable to this pull request as no Go files are modified.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only contains dependency version updates and TypeScript component import changes; no new Ginkgo e2e tests are added.
Title check	✅ Passed	The title clearly indicates the main changes: updating Perses dependencies and fixing vulnerable dependencies, which aligns with the changeset of updating @perses-dev package versions and related import adjustments.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

web/src/components/dashboards/perses/ExternalPanelAddition.tsx (1)

24-24: Narrow the useDashboardStore selector to avoid re-rendering on every store mutation.

useDashboardStore((state) => state) returns a new reference for the whole store on every change, which will re-run this component (and the useEffect on lines 54–72 that depends on dashboardStore.panelEditor / dashboardStore.panelGroupOrder) on any unrelated dashboard-state update. Only panelEditor and panelGroupOrder are actually read here — selecting just those (with shallow equality if you need both in one call) avoids the extra work and preserves the original intent of the Zustand selector pattern.

♻️ Proposed fix

-  const dashboardStore = useDashboardStore((state) => state);
+  const panelEditor = useDashboardStore((state) => state.panelEditor);
+  const panelGroupOrder = useDashboardStore((state) => state.panelGroupOrder);

Then update the consumer effect accordingly:

   useEffect(() => {
     // Apply externally added panel
     if (queuedPanel) {
       try {
-        // Use the temporary panelEditor to add changes to the dashboard.
-        const panelEditor = dashboardStore.panelEditor;
-        const groupId = dashboardStore.panelGroupOrder[0];
+        // Use the temporary panelEditor to add changes to the dashboard.
+        const groupId = panelGroupOrder[0];
         panelEditor.applyChanges({ ...queuedPanel, groupId });
         panelEditor.close();
       } finally {
         ...
       }
     }
-  }, [dispatch, dashboardStore.panelGroupOrder, dashboardStore.panelEditor, queuedPanel]);
+  }, [dispatch, panelGroupOrder, panelEditor, queuedPanel]);

If a single call is preferred, consider useDashboardStore(useShallow((s) => ({ panelEditor: s.panelEditor, panelGroupOrder: s.panelGroupOrder }))).

`@perses-dev/dashboards` useDashboardStore selector zustand v5 breaking change

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@web/src/components/dashboards/perses/ExternalPanelAddition.tsx` at line 24,
The component currently subscribes to the entire store via
useDashboardStore((state) => state), causing unnecessary re-renders; change the
selector to only subscribe to the pieces used (panelEditor and panelGroupOrder)
— e.g. call useDashboardStore(s => ({ panelEditor: s.panelEditor,
panelGroupOrder: s.panelGroupOrder })) or two separate selectors
useDashboardStore(s => s.panelEditor) and useDashboardStore(s =>
s.panelGroupOrder), and update the effect dependencies to reference the selected
values (panelEditor and panelGroupOrder) instead of dashboardStore.*; if you
prefer combined selection use shallow equality helper (useShallow) to avoid
reference churn.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@web/src/components/dashboards/perses/ExternalPanelAddition.tsx`:
- Line 24: The component currently subscribes to the entire store via
useDashboardStore((state) => state), causing unnecessary re-renders; change the
selector to only subscribe to the pieces used (panelEditor and panelGroupOrder)
— e.g. call useDashboardStore(s => ({ panelEditor: s.panelEditor,
panelGroupOrder: s.panelGroupOrder })) or two separate selectors
useDashboardStore(s => s.panelEditor) and useDashboardStore(s =>
s.panelGroupOrder), and update the effect dependencies to reference the selected
values (panelEditor and panelGroupOrder) instead of dashboardStore.*; if you
prefer combined selection use shallow equality helper (useShallow) to avoid
reference churn.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8d78288b-c654-4f69-8562-36a7cd13d20c

📥 Commits

Reviewing files that changed from the base of the PR and between be776a6 and e660e1c.

⛔ Files ignored due to path filters (1)

• web/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• web/package.json
• web/src/components/dashboards/perses/ExternalPanelAddition.tsx
• web/src/components/ols-tool-ui/helpers/AddToDashboardButton.tsx

[jgbernalp]

/test ci/prow/periodics-images

[jgbernalp]

/test periodics-images

[openshift-ci]

@jgbernalp: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: iNecas, jgbernalp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jgbernalp]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment