Skip to content

feat: snapi #6062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

feat: snapi #6062

wants to merge 18 commits into from

Conversation

jacekradko
Copy link
Member

@jacekradko jacekradko commented Jun 4, 2025
edited
Loading

Description

Fixes: SDKI-954

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 4, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 5ddb59d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@jacekradko jacekradko changed the title feat:brkr-brkr feat: snapi Jun 4, 2025
@vercel Vercel
Copy link

vercel bot commented Jun 4, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 6, 2025 5:35pm

@jacekradko jacekradko marked this pull request as draft June 4, 2025 14:45
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 4, 2025
View reviewed changes
tools/snapi/src/utils/git-manager.ts

async checkoutBranch(branch: string): Promise<void> {
try {
execSync(`git checkout ${branch}`, {

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.
tools/snapi/src/utils/git-manager.ts

async getLastCommit(branch: string): Promise<string> {
try {
const commit = execSync(`git rev-parse ${branch}`, {

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.

Copilot Autofix

AI 17 days ago

To fix the issue, we will replace the use of execSync with string interpolation by using a safer API, execFileSync, which allows passing arguments as an array. This approach avoids shell interpretation of special characters in the input. Specifically:

  1. Replace the execSync call on line 34 with execFileSync, passing branch as an argument in an array.
  2. Ensure that the branch parameter is passed as-is without being interpolated into a shell command string.

No additional dependencies are required for this fix.

Suggested changeset 1
tools/snapi/src/utils/git-manager.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tools/snapi/src/utils/git-manager.ts b/tools/snapi/src/utils/git-manager.ts
--- a/tools/snapi/src/utils/git-manager.ts
+++ b/tools/snapi/src/utils/git-manager.ts
@@ -33,3 +33,3 @@
     try {
-      const commit = execSync(`git rev-parse ${branch}`, {
+      const commit = execSync('git', ['rev-parse', branch], {
         cwd: this.workspaceRoot,
EOF
@@ -33,3 +33,3 @@
try {
const commit = execSync(`git rev-parse ${branch}`, {
const commit = execSync('git', ['rev-parse', branch], {
cwd: this.workspaceRoot,
Copilot is powered by AI and may make mistakes. Always verify output.
tools/snapi/src/utils/git-manager.ts

async fetchBranch(branch: string): Promise<void> {
try {
execSync(`git fetch origin ${branch}`, {

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.

Copilot Autofix

AI 17 days ago

To fix the issue, we will replace the use of execSync with a safer alternative. Specifically, we will use child_process.execFileSync, which allows us to pass arguments as an array, avoiding the need for shell interpretation. This approach ensures that special characters in the branch parameter are treated as literal strings rather than being interpreted by the shell.

The changes will involve:

  1. Replacing the string interpolation in the execSync call with an execFileSync call.
  2. Passing the branch parameter as an argument in an array to execFileSync.
Suggested changeset 1
tools/snapi/src/utils/git-manager.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tools/snapi/src/utils/git-manager.ts b/tools/snapi/src/utils/git-manager.ts
--- a/tools/snapi/src/utils/git-manager.ts
+++ b/tools/snapi/src/utils/git-manager.ts
@@ -1,2 +1,2 @@
-import { execSync } from 'child_process';
+import { execSync, execFileSync } from 'child_process';
 
@@ -91,3 +91,3 @@
     try {
-      execSync(`git fetch origin ${branch}`, {
+      execFileSync('git', ['fetch', 'origin', branch], {
         cwd: this.workspaceRoot,
EOF
@@ -1,2 +1,2 @@
import { execSync } from 'child_process';
import { execSync, execFileSync } from 'child_process';

@@ -91,3 +91,3 @@
try {
execSync(`git fetch origin ${branch}`, {
execFileSync('git', ['fetch', 'origin', branch], {
cwd: this.workspaceRoot,
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 4, 2025
edited
Loading

🔍 API Changes Report

✅ No API Changes

CI Status

Summary

✅ No API changes detected in any packages.

All public APIs remain stable and backward compatible.

Next Steps

✅ No API changes detected.

Safe to merge.

This report was generated by the API Breakage Detector. For more information, see the documentation.

🤖 This comment was automatically generated by the API Breakage Detector

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 4, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
actions backend do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jacekradko @clerk-cookie