chore(cmd/ui): fetch dagrejs via HTTPS

[42LoCo42]

Build systems which don't use the yarn cache can't fetch git dependencies via ssh if no valid credentials are found, e.g. when the build is run in a sandbox.

Description

This PR replaces the SSH URL for dagrejs in cmd/ui/package.json with an equivalent HTTPS URL,
thus allowing build systems to fetch dagrejs without requiring access to SSH credentials.

Motivation and Context

Resolves #2096

This change is required to build BloodHound with build systems that don't use the yarn cache included in this repository and also run builds in a sandbox with no access to SSH credentials.

How Has This Been Tested?

I'm packaging BloodHound for Nix in NixOS/nixpkgs#461387.
There, I currently use a patch roughly equivalent to this PR in order to fix the build issue. With it, the BloodHound package builds successfully.

On a system with Nix installed & Flakes enabled, the package can be built like this:

nix build github:42loco42/nixpkgs/add-bloodhound-ce#bloodhound-ce

Types of changes

• Chore (a change that does not modify the application functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• Chores
  • Updated project dependency configuration for improved build environment compatibility.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[coderabbitai]

Walkthrough

The dagrejs dependency in cmd/ui/package.json was updated from an SSH git URL to an HTTPS URL, enabling dependency resolution in build environments that lack SSH credentials, such as sandboxed build systems.

Changes

Cohort / File(s)	Change Summary
Dependency URL Migration cmd/ui/package.json	Changed dagrejs git dependency from SSH URL (git@github.com:BloodHoundAD/dagre.git) to HTTPS URL (https://github.com/BloodHoundAD/dagre.git) to support builds in sandboxed environments without SSH credentials

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Single file, single dependency URL update
• No logic or functional changes
• Straightforward verification of URL correctness

Poem

🐰 A small change with mighty reach,
From SSH to HTTPS we teach,
No sandbox walls shall hold us back,
Dependencies now on the open track! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: replacing SSH URL with HTTPS for dagrejs dependency in cmd/ui.
Description check	✅ Passed	The description covers the problem, solution, testing approach, and motivation; however, the test practices checklist items are unchecked despite claiming to use a patch for testing.
Linked Issues check	✅ Passed	The PR directly addresses issue #2096 by replacing the SSH Git URL with an HTTPS URL for dagrejs, exactly as proposed in the issue.
Out of Scope Changes check	✅ Passed	The change is limited to replacing the dagrejs dependency URL in package.json, which is directly in scope for resolving issue #2096.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3944a1c and ff5832b.

⛔ Files ignored due to path filters (2)

• .yarn/cache/dagrejs-https-3add3ba70a-7c93c58f7f.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• cmd/ui/package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-11T18:25:23.685Z

Learnt from: TheNando
Repo: SpecterOps/BloodHound PR: 1737
File: packages/javascript/bh-shared-ui/src/components/StatusIndicator.tsx:23-35
Timestamp: 2025-08-11T18:25:23.685Z
Learning: In the BloodHound bh-shared-ui package, React is automatically injected into scope by the framework, so explicit React imports are not required when using React.FC or other React types in component files.

Applied to files:

• cmd/ui/package.json

🔇 Additional comments (1)

cmd/ui/package.json (1)

37-37: HTTPS URL is publicly accessible—change approved.

Switching from SSH to HTTPS for the dagrejs dependency is the correct approach for sandboxed build environments. The HTTPS URL has been verified as publicly accessible and resolves correctly, confirming the repository at https://github.com/BloodHoundAD/dagre.git is reachable. This change maintains the same semantic dependency while enabling builds in environments without SSH credentials.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[42LoCo42]

I have read the CLA Document and I hereby sign the CLA

[SuperSandro2000]

This is not a problem specific to nix but any CI like thing that clones repo would not work with this without having credentials. See eg. https://git-scm.com/docs/git-push#_git_urls on how to configure your git client to still use authentication when pushing or use gh credential helper.

[wes-mil]

@42LoCo42 @SuperSandro2000 Had a quick question for one of you!

I suspect this comes from my lack of understanding of how the nix build system works, but I'm curious why our yarn cache can't be used?

We have a cached version of the dagrejs asset here, so we usually do not need to clone these assets.

[SuperSandro2000]

I suspect this comes from my lack of understanding of how the nix build system works, but I'm curious why our yarn cache can't be used?

We try to build as much as possible from source to fully trust the build result. The build sandbox has no internet connectivity and we use a special fetcher before who does yarn install and then copies the files into place that normal yarn commands work as expected. Those kinds of custom cache things just don't work for us. Also the cache seems to be 2 years old and I have my doubts that it works as expected in all environments. Frankly, this is the first time I am seeing something like this.

Cloning repos with ssh is also a major problem for git submodules where https must also be always used.