fix: replace empty ResizeObserver methods with jest.fn mocks

[nazimmuhammed]

Replaced empty ResizeObserver mock methods with jest.fn().

This resolves SonarQube typescript:S1186 warnings and improves testability by allowing assertions on mock method calls.

[github-actions]

PR validation failed: No linked issue and no valid closing issue reference in PR description

[coderabbitai]

Summary by CodeRabbit

• Documentation
  • Added a "Supported Versions" rolling-release note, a "Reporting a Vulnerability" section with reporting guidance and required report contents, and a "Response Timeline" describing acknowledgement, investigation/validation, and disclosure timing.
• Tests
  • Improved test environment mocks for resize observation to enable call tracking and better assertions.

Walkthrough

Updates SECURITY.md with supported-versions, vulnerability reporting instructions, and a response timeline; and replaces manual ResizeObserver no-op methods with Jest mock functions in the test setup.

Changes

Cohort / File(s)	Summary
Security Documentation SECURITY.md	Added "Supported Versions", "Reporting a Vulnerability" (how to report, what to include), and "Response Timeline" sections; added guidance and contact/process details.
Test Infrastructure frontend/jest.setup.ts	Refactored ResizeObserver mock: replaced explicit no-op methods with jest.fn() assignments for disconnect, observe, and unobserve to enable call tracking in tests.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• fix: justify empty ResizeObserver mock methods (S1186) #3403: Modifies the same ResizeObserver mock in frontend/jest.setup.ts, addressing mock method implementations.
• Truncated text component #1117: Earlier change adding the ResizeObserver mock in frontend/jest.setup.ts; related history for the mock.

Suggested reviewers

• kasya

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: replacing empty ResizeObserver methods with jest.fn() mocks in the frontend test setup.
Description check	✅ Passed	The description is directly related to the changeset, explaining what was changed (empty methods replaced with jest.fn()) and the purpose (resolving SonarQube warnings and improving testability).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@SECURITY.md`:
- Around line 12-14: Update the "### How to Report" section in SECURITY.md to
include direct clickable URLs: change the bullet for "GitHub Security
Advisories" to include the repository/org-specific advisories URL
(https://github.com/org-name/repo-name/security/advisories or
https://github.com/security/advisories for general guidance) and change the
"OWASP responsible disclosure process" bullet to link to the OWASP disclosure
guidance page (https://owasp.org/www-community/Responsible_Disclosure) so
reporters have one-click access; ensure the links are added inline in the two
bullets under the "### How to Report" header.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check if SECURITY.md exists and examine its content
if [ -f SECURITY.md ]; then
  echo "=== SECURITY.md exists ==="
  cat -n SECURITY.md
else
  echo "SECURITY.md not found"
  find . -name "SECURITY.md" -o -name "security.md" 2>/dev/null | head -20
fi

Repository: OWASP/Nest

Length of output: 1222

---

🏁 Script executed:

# Check if there are any existing links in the file
rg -n 'http|github.com|owasp.org' SECURITY.md 2>/dev/null || echo "No URLs found"

Repository: OWASP/Nest

Length of output: 67

---

🏁 Script executed:

# Get repository information to verify the GitHub path
git config --get remote.origin.url 2>/dev/null || echo "Not a git repo or remote not found"

Repository: OWASP/Nest

Length of output: 87

---

🏁 Script executed:

# Check if there are any other references to reporting or security in the repo
rg -i "report|vulnerability|security" --type md | head -30

Repository: OWASP/Nest

Length of output: 4131

---

🏁 Script executed:

# Check if there's any existing documentation that might reference these links
fd -e md | xargs rg -l "advisories|owasp" 2>/dev/null | head -10

Repository: OWASP/Nest

Length of output: 168

---

🌐 Web query:

OWASP Vulnerability Disclosure Cheat Sheet current URL 2025

💡 Result:

Current OWASP Vulnerability Disclosure Cheat Sheet URL (as of 2025 and still current now) is:

https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html [1]

---

🌐 Web query:

GitHub Security Advisories reporting OWASP/Nest repository

💡 Result:

To report a vulnerability for the OWASP/Nest GitHub repository, use GitHub Security Advisories / Private Vulnerability Reporting:

1. Go to the repo’s Security tab.
2. Click “Report a vulnerability” to open the private advisory form and submit details. The repo’s SECURITY.md also directs reporters to use this form. [1][2]

As of the repo’s Security page, there are no published security advisories for OWASP/Nest. [1]

Sources:
[1] OWASP/Nest – Security overview (GitHub)
[2] GitHub Docs – Privately reporting a security vulnerability

---

Add direct links to reporting channels for improved usability.

The reporting options in lines 12-14 reference "GitHub Security Advisories" and "OWASP responsible disclosure process" without providing URLs. Adding direct links would reduce friction for reporters:

Proposed fix

 ### How to Report
-- Use **GitHub Security Advisories** (preferred), or
-- Follow the OWASP responsible disclosure process
+- Use **[GitHub Security Advisories](https://github.com/OWASP/Nest/security/advisories/new)** (preferred), or
+- Follow the [OWASP responsible disclosure process](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	### How to Report
	- Use **GitHub Security Advisories** (preferred), or
	- Follow the OWASP responsible disclosure process
	### How to Report
	- Use **[GitHub Security Advisories](https://github.com/OWASP/Nest/security/advisories/new)** (preferred), or
	- Follow the [OWASP responsible disclosure process](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@SECURITY.md` around lines 12 - 14, Update the "### How to Report" section in
SECURITY.md to include direct clickable URLs: change the bullet for "GitHub
Security Advisories" to include the repository/org-specific advisories URL
(https://github.com/org-name/repo-name/security/advisories or
https://github.com/security/advisories for general guidance) and change the
"OWASP responsible disclosure process" bullet to link to the OWASP disclosure
guidance page (https://owasp.org/www-community/Responsible_Disclosure) so
reporters have one-click access; ensure the links are added inline in the two
bullets under the "### How to Report" header.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

x

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@SECURITY.md`:
- Around line 10-15: Remove the stray review marker "[duplicate_comment]" and
any duplicate commentary from SECURITY.md so the content is clean; ensure the
file contains the single clear instruction block that includes the GitHub
advisory link ("Please use this
[form](https://github.com/OWASP/Nest/security/advisories/new)") and the
prohibition line ("Please **do not** create public GitHub issues for
security-related reports.") without leftover review tokens.
- Around line 26-30: The "Response Timeline" entry currently uses the open-ended
phrase "Fix and coordinated disclosure thereafter"; update this to include a
concrete maximum disclosure window (for example "Fix and coordinated disclosure
within 90 days of validation") so reporters have an upper bound; replace or
append the phrase "Fix and coordinated disclosure thereafter" with the chosen
maximum (e.g., "Fix and coordinated disclosure within 90 days after
investigation and validation") in the Response Timeline section.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.15%. Comparing base (c41aa19) to head (ea137bc).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3975   +/-   ##
=======================================
  Coverage   99.15%   99.15%           
=======================================
  Files         517      517           
  Lines       15914    15914           
  Branches     2129     2129           
=======================================
  Hits        15779    15779           
  Misses         66       66           
  Partials       69       69           

Flag	Coverage Δ
backend	99.14% <ø> (ø)
frontend	99.16% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c41aa19...ea137bc. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arkid15r]

jest setup changes are good while security.md file is not related to the issue. not sure why you added it here but I merged those after updates anyway.

keep your contributions narrow scoped, that's easier to review