Skip to content

[comp] Production Deploy #1336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Marfuen merged 6 commits into from
Aug 19, 2025
Merged

[comp] Production Deploy #1336

Marfuen merged 6 commits into from
Aug 19, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Aug 19, 2025

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

Marfuen added 2 commits August 19, 2025 14:35
@Marfuen
fix: add DEQUEUED state handling in OnboardingTracker component
74d7151 
- Included handling for the 'DEQUEUED' state in the OnboardingTracker component to improve onboarding status management.
- Removed the previous handling of 'DEQUEUED' from the error case to ensure proper state representation.
@Marfuen
Merge pull request #1335 from trycompai/mariano/fix-policies
769b70d 
[dev] [Marfuen] mariano/fix-policies
@vercel
Copy link

vercel bot commented Aug 19, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
app (staging) Ready Ready Preview Comment Aug 19, 2025 9:17pm
portal (staging) Ready Ready Preview Comment Aug 19, 2025 9:17pm

Marfuen added 4 commits August 19, 2025 16:30
@Marfuen
feat: implement risk and vendor mitigation tasks
da94ecc 
- Added `generateRiskMitigation` and `generateVendorMitigation` tasks to handle risk and vendor mitigation processes.
- Introduced fan-out functionality for both risk and vendor mitigations to process multiple items concurrently.
- Created helper functions for generating risk mitigation comments and managing associated policies.
- Updated onboarding process to trigger these new tasks for improved organizational risk management.
@Marfuen
feat: add risk and vendor action components and regeneration function…
6b7d3a4 
…ality

- Introduced `RiskActions` and `VendorActions` components for triggering risk and vendor mitigation regeneration.
- Implemented server actions `regenerateRiskMitigationAction` and `regenerateVendorMitigationAction` to handle regeneration requests.
- Updated `RiskPage` and `VendorPage` to include action components in the header for improved user interaction.
- Enhanced the `generateRiskMitigation` and `generateVendorMitigation` tasks to include path revalidation after mitigation generation.
@Marfuen
feat: add delete confirmation dialog to CommentItem component
a94ecd7 
- Implemented a confirmation dialog for deleting comments to enhance user experience and prevent accidental deletions.
- Refactored the delete comment logic to manage loading state and handle API calls more effectively.
- Updated the dropdown menu to trigger the dialog instead of directly deleting the comment.
@Marfuen
Merge pull request #1340 from trycompai/mariano/risk-mitigation
02cda79 
[dev] [Marfuen] mariano/risk-mitigation
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 19, 2025
View reviewed changes
apps/app/src/components/pages/PageWithBreadcrumb.tsx
<BreadcrumbPage>{item.label}</BreadcrumbPage>
) : (
<BreadcrumbLink asChild>
<Link href={item.href || '#'}>{item.label}</Link>

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.

Copilot Autofix

AI 5 months ago

To fix the client-side URL redirect vulnerability, we should ensure that only safe, internal URLs are used in the href prop of the Link component. The best way to do this is to validate that all href values are relative paths (i.e., they do not start with a protocol like http:// or https://, nor with //). This can be done by introducing a utility function (e.g., sanitizeHref) that checks the href value and returns a safe fallback (such as '#') if the value is not a safe relative path. This function should be used wherever a potentially tainted href is passed to a Link component, specifically on lines 98, 111, and 126 in PageWithBreadcrumb.tsx.

The required changes are:

  • Add a sanitizeHref function to PageWithBreadcrumb.tsx.
  • Use sanitizeHref to validate all href values before passing them to Link.
Suggested changeset 1
apps/app/src/components/pages/PageWithBreadcrumb.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/app/src/components/pages/PageWithBreadcrumb.tsx b/apps/app/src/components/pages/PageWithBreadcrumb.tsx
--- a/apps/app/src/components/pages/PageWithBreadcrumb.tsx
+++ b/apps/app/src/components/pages/PageWithBreadcrumb.tsx
@@ -18,6 +18,20 @@
 import React from 'react';
 import PageCore from './PageCore.tsx';
 
+// Only allow relative URLs (no protocol, no leading //)
+function sanitizeHref(href?: string): string {
+  if (
+    typeof href !== 'string' ||
+    href.trim() === '' ||
+    href.startsWith('http://') ||
+    href.startsWith('https://') ||
+    href.startsWith('//')
+  ) {
+    return '#';
+  }
+  return href;
+}
+
 interface BreadcrumbDropdownItem {
   label: string;
   href: string;
@@ -95,7 +109,7 @@
                         <DropdownMenuContent align="start" className="max-h-[300px]">
                           {item.dropdown.map((dropdownItem) => (
                             <DropdownMenuItem key={dropdownItem.href} asChild>
-                              <Link href={dropdownItem.href}>
+                              <Link href={sanitizeHref(dropdownItem.href)}>
                                 {dropdownItem.label.length > maxLabelLength
                                   ? `${dropdownItem.label.slice(0, maxLabelLength)}...`
                                   : dropdownItem.label}
@@ -108,7 +122,7 @@
                       <BreadcrumbPage>{item.label}</BreadcrumbPage>
                     ) : (
                       <BreadcrumbLink asChild>
-                        <Link href={item.href || '#'}>{item.label}</Link>
+                        <Link href={sanitizeHref(item.href)}>{item.label}</Link>
                       </BreadcrumbLink>
                     )}
                   </BreadcrumbItem>
@@ -123,7 +137,7 @@
                           <DropdownMenuContent align="start">
                             {hiddenItems.map((hiddenItem) => (
                               <DropdownMenuItem key={hiddenItem.label} asChild>
-                                <Link href={hiddenItem.href || '#'}>{hiddenItem.label}</Link>
+                                <Link href={sanitizeHref(hiddenItem.href)}>{hiddenItem.label}</Link>
                               </DropdownMenuItem>
                             ))}
                           </DropdownMenuContent>
EOF
@@ -18,6 +18,20 @@
import React from 'react';
import PageCore from './PageCore.tsx';

// Only allow relative URLs (no protocol, no leading //)
function sanitizeHref(href?: string): string {
if (
typeof href !== 'string' ||
href.trim() === '' ||
href.startsWith('http://') ||
href.startsWith('https://') ||
href.startsWith('//')
) {
return '#';
}
return href;
}

interface BreadcrumbDropdownItem {
label: string;
href: string;
@@ -95,7 +109,7 @@
<DropdownMenuContent align="start" className="max-h-[300px]">
{item.dropdown.map((dropdownItem) => (
<DropdownMenuItem key={dropdownItem.href} asChild>
<Link href={dropdownItem.href}>
<Link href={sanitizeHref(dropdownItem.href)}>
{dropdownItem.label.length > maxLabelLength
? `${dropdownItem.label.slice(0, maxLabelLength)}...`
: dropdownItem.label}
@@ -108,7 +122,7 @@
<BreadcrumbPage>{item.label}</BreadcrumbPage>
) : (
<BreadcrumbLink asChild>
<Link href={item.href || '#'}>{item.label}</Link>
<Link href={sanitizeHref(item.href)}>{item.label}</Link>
</BreadcrumbLink>
)}
</BreadcrumbItem>
@@ -123,7 +137,7 @@
<DropdownMenuContent align="start">
{hiddenItems.map((hiddenItem) => (
<DropdownMenuItem key={hiddenItem.label} asChild>
<Link href={hiddenItem.href || '#'}>{hiddenItem.label}</Link>
<Link href={sanitizeHref(hiddenItem.href)}>{hiddenItem.label}</Link>
</DropdownMenuItem>
))}
</DropdownMenuContent>
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@Marfuen Marfuen merged commit 65ebb40 into release Aug 19, 2025
12 checks passed
@claudfuen
Copy link
Contributor

claudfuen commented Sep 16, 2025

🎉 This PR is included in version 1.51.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claudfuen @Marfuen