Conversation
…-create-tasks-table-and-move-evidence-to-be-tasks
- Moved S3 client configuration to a new shared module for better maintainability. - Updated uploadFile, deleteCommentAttachment, deleteTaskAttachment, getCommentAttachmentUrl, and getTaskAttachmentUrl actions to use the shared S3 client and bucket name. - Removed redundant environment variable checks from individual action files. - Enhanced error handling for missing AWS credentials in the shared module.
…rt-to-comments-data-schema Add admin dashboard with organization management and member controls
- Added Google Tag Manager to the Providers component for user tracking. - Implemented GTM event sending on successful organization creation in the OnboardingClient component.
feat: integrate Google Tag Manager for enhanced tracking
…ing adjustments - Changed border radius from rounded-md to rounded-sm in various components including code blocks, cards, and calendars. - Updated CSS variables for input styling to enhance visual consistency. - Refactored alert dialog and dropdown menu components for improved structure and styling. - Adjusted tooltip and popover components for better alignment with design standards.
- Updated various components to use rounded-sm instead of rounded-md for consistent styling. - Adjusted layout and styling in components such as EmployeesListSkeleton, EvidenceDetails, and FileCard. - Enhanced visual consistency in data tables and integration cards by applying the new border radius.
…-create-tasks-table-and-move-evidence-to-be-tasks
- Implemented loading components for controls, employees, evidence, implementation, and integrations pages. - Each loading component utilizes Suspense with a fallback skeleton UI for improved user experience during data fetching.
feat: add loading components for various dashboard sections
…ig for turbopack aliasing
chore: update build script to use turbopack for improved performance
docs: update README to include recognition section with Product Hunt …
Merge main into dev
- Upgraded `@aws-sdk/client-s3` and `@aws-sdk/client-securityhub` to version 3.796.0 for improved functionality and performance. - Updated `@azure/identity` to version 4.9.1 for enhanced security features. - Bumped `react-hook-form` to version 7.56.1 for better form handling capabilities. - Incremented `zod` to version 3.24.3 for updated validation features. - Updated `turbo` to version 2.5.1 for performance improvements.
- Upgraded `@aws-sdk/client-s3` and `@aws-sdk/client-securityhub` to version 3.796.0 for enhanced functionality. - Updated `@azure/identity` to version 4.9.1 for better security features. - Bumped `react-hook-form` to version 7.56.1 for improved form handling. - Incremented `zod` to version 3.24.3 for updated validation capabilities. - Updated `turbo` to version 2.5.1 for performance enhancements. - Updated `@ai-sdk/openai` to version 1.3.19 for new features and improvements. - Updated `framer-motion` to version 12.9.2 for better animation performance. - Updated `next-auth` to version 5.0.0-beta.27 for bug fixes and improvements. - Updated `@next/third-parties` to version 15.3.1 for compatibility updates. - Updated `@tanstack/react-query` to version 5.74.4 for improved data fetching capabilities. - Updated `@types/node` to version 22.15.2 for better type definitions.
- Updated `accept-invite` and `create-organization-form` components to use `rounded-sm` for improved visual consistency. - Modified `Checkbox` component to include `rounded-sm` styling and replaced `CheckIcon` with `Check` from `lucide-react` for better icon representation.
- Simplified button rendering logic in the `EmployeeDetails` component to enhance user experience during form submission. - Removed unnecessary class names and adjusted icon placement for better visual clarity while saving.
- Added `Layout` component for employee management, ensuring organization context and onboarding for users without employees. - Introduced `Loading` component for better user experience during data fetching. - Created `EmployeesOverview` component to display employee statistics and training video completion. - Developed `EmployeeCompletionChart` for visual representation of employee task completion metrics. - Enhanced `AppOnboarding` component to support dynamic links for onboarding actions.
redirect on org creation
- Added `descriptionKey` to selectable roles in `MultiRoleCombobox` for improved clarity on role functionalities. - Updated localization file to include descriptions for each role, enhancing user understanding of permissions. - Adjusted UI layout in `MultiRoleCombobox` to display role descriptions below the role labels, ensuring a more informative user experience.
- Modified the `fetchAdminUsers` function to allow fetching users with emails ending in both "@trycomp.ai" and "@securis360.com". - Updated the comment header for clarity on the supported email domains.
…uration - Updated middleware to exclude the 'research' route from authentication checks. - Refactored `researchVendorAction` to utilize the new `researchVendor` task for improved vendor data scraping. - Simplified the vendor creation process in `CreateVendorForm` by awaiting the execution of the `researchVendor` action. - Introduced a new `research.ts` file to define the schema and logic for the vendor research task, enhancing modularity and maintainability.
- Introduced a new admin menu item in the `MainMenu` component for users with emails ending in "@trycomp.ai". - Updated localization file to include a label for the admin menu item, enhancing user experience and access control.
…comp-82-fix-permissionsbetterauth
feat: implement search functionality for global vendors
…comp-82-fix-permissionsbetterauth
…yout - Enhanced button styles to include focus-visible ring and whitespace handling for better accessibility. - Adjusted class names for consistent spacing and SVG pointer events, ensuring a more user-friendly experience.
…sbetterauth Claudio/comp 82 fix permissionsbetterauth
- Adjusted class names in the button component for better alignment and spacing. - Ensured consistent handling of whitespace and SVG pointer events for enhanced usability.
- Implemented a switch statement to dynamically render role descriptions based on the selected role in the `MultiRoleCombobox`. - Enhanced localization by utilizing specific keys for each role's description, improving user understanding of role functionalities.
fix: refine button component styles for improved layout
Merge into Main
- Updated `database-migrations-dev.yml` to trigger on `main` branch instead of `dev`. - Modified `database-migrations.yml` to trigger on `release` branch instead of `main`. - Changed `trigger-tasks-deploy-dev.yml` to trigger on `main` branch instead of `dev`. - Adjusted `trigger-tasks-deploy.yml` to trigger on `release` branch instead of `main`.
chore: update GitHub workflows to change branch triggers
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+14
to
+34
| name: Run Database Migrations | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@v1 | ||
| with: | ||
| bun-version: ${{ env.BUN_VERSION }} | ||
|
|
||
| - name: Install dependencies | ||
| run: bun install | ||
|
|
||
| - name: Apply database migrations | ||
| env: | ||
| DATABASE_URL: ${{ secrets.DATABASE_URL_DEV }} | ||
| run: | | ||
| cd packages/db | ||
| bunx prisma migrate deploy No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Comment on lines
+10
to
+38
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Use Node.js 20.x | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "20.x" | ||
|
|
||
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@v1 | ||
|
|
||
| - name: Install dependencies | ||
| run: bun install | ||
|
|
||
| - name: Generate Prisma client | ||
| working-directory: ./packages/db | ||
| run: bunx prisma generate | ||
|
|
||
| - name: 🚀 Deploy Trigger.dev | ||
| working-directory: ./apps/app | ||
| env: | ||
| TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }} | ||
| SECRET_KEY: ${{ secrets.SECRET_KEY }} | ||
| VERCEL_ACCESS_TOKEN: ${{ secrets.VERCEL_ACCESS_TOKEN }} | ||
| VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} | ||
| VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }} | ||
| run: bunx trigger.dev@latest deploy --env staging |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| if (fullUrlMatch?.[1]) { | ||
| return decodeURIComponent(fullUrlMatch[1]); | ||
| } | ||
| if (!url.includes("amazonaws.com") && url.split("/").length > 1) { |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To fix the issue, we need to parse the URL and validate its host explicitly. Instead of using url.includes("amazonaws.com"), we should use a URL-parsing library (e.g., Node.js's built-in URL class) to extract the host and ensure it matches the expected pattern for Amazon S3 URLs. This approach ensures that "amazonaws.com" is part of the host and not embedded elsewhere in the URL.
The fix involves:
- Parsing the URL using the
URLclass. - Validating that the host ends with "amazonaws.com" to ensure it belongs to Amazon S3.
- Updating the logic in
extractS3KeyFromUrlto use this validation.
Suggested changeset
1
apps/app/src/app/s3.ts
| @@ -44,8 +44,15 @@ | ||
| export function extractS3KeyFromUrl(url: string): string { | ||
| const fullUrlMatch = url.match(/amazonaws\.com\/(.+)$/); | ||
| if (fullUrlMatch?.[1]) { | ||
| return decodeURIComponent(fullUrlMatch[1]); | ||
| } | ||
| if (!url.includes("amazonaws.com") && url.split("/").length > 1) { | ||
| return url; | ||
| try { | ||
| const parsedUrl = new URL(url); | ||
| // Ensure the host ends with "amazonaws.com" | ||
| if (parsedUrl.host.endsWith("amazonaws.com")) { | ||
| const fullUrlMatch = parsedUrl.pathname.match(/\/(.+)$/); | ||
| if (fullUrlMatch?.[1]) { | ||
| return decodeURIComponent(fullUrlMatch[1]); | ||
| } | ||
| } else if (url.split("/").length > 1) { | ||
| return url; | ||
| } | ||
| } catch (error) { | ||
| console.error("Error parsing URL:", error); | ||
| } |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Image Demo (if applicable):
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
Checklist