merge v2 to dev #1281
merge v2 to dev #1281
Conversation
Co-authored-by: ymc9 <[email protected]> Co-authored-by: Yiming <[email protected]>
…e AST cloning from base models more robust (#957)
…ily updates for npm packages in various directories
… 2.0.0-alpha.1 feat(release): define package names and components in release main config file feat(release): set up configuration for automated versioning and release process
…pull request, and schedule events targeting main, develop, and release/* branches. Set permissions for job execution and analysis. Include steps to harden runner, checkout repository, initialize CodeQL, autobuild, and perform CodeQL analysis for javascript and typescript languages.
feat(workflows): configure release workflow to trigger on push to main, dev, and release branches feat(workflows): set permissions for contents to read and write in release job feat(workflows): add steps to harden runner for runtime security in release job feat(workflows): add release-please-action for automated releases in release job feat(workflows): add actions/checkout and actions/setup-node for release job setup feat(workflows): add pnpm installation and publishing steps in release job
…or Microsoft Defender For DevOps security checks
…workflow to scan and block PRs with known-vulnerable packages
…sing OSSAR feat(security-ossar.yml): integrate open source static analysis tools with GitHub code scanning feat(security-ossar.yml): schedule security scans on main, develop, and release branches
…y scorecard analysis to enhance supply-chain security monitoring and compliance with best practices
filtering for push and pull_request events to align with project requirements
…lease-please-action configuration
…cores instead of spaces for consistency and readability.
…nherited from base models (#1249)
…ng of prisma packages (#1255)
Co-authored-by: ymc9 <[email protected]>
Co-authored-by: ymc9 <[email protected]>
…n the auth model is imported (#1260)
…and `Uint8Array` (#1279)
WalkthroughWalkthroughThe recent updates across various files focus on enhancing security, improving dependency management, refining plugin functionalities, and standardizing release processes. Changes include the introduction of new GitHub workflows for security analysis, dependency reviews, and automated updates. Additionally, plugin and package configurations have been adjusted to include new features and optimize existing functionalities. The overall modifications aim to streamline operations and bolster the security and efficiency of the development environment. Changes
This table groups similar changes across different files, providing a concise overview of the modifications made in the update. Recent Review DetailsConfiguration used: CodeRabbit UI Files ignored due to path filters (36)
Files selected for processing (57)
Files not processed due to max files limit (52)
Files not summarized due to errors (13)
Files skipped from review due to trivial changes (4)
Additional Context UsedLanguageTool (94)
Additional comments not posted (104)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 23
Out of diff range and nitpick comments (7)
packages/runtime/CHANGELOG.md (1)
5-5: Reduce multiple consecutive blank lines to a single blank line to maintain consistency in the document layout.packages/language/src/ast.ts (1)
48-60: Ensure newly added properties are documented.Consider adding comments to the newly introduced
$inheritedFromand$baseMergedproperties to explain their purpose and usage..github/workflows/codeql.yml (1)
32-38: Consider adding more languages to the CodeQL analysis.Currently, the workflow is set to analyze only
javascriptandtypescript. If your project uses other languages supported by CodeQL, consider adding them to the matrix to enhance the security analysis coverage.CONTRIBUTING.md (1)
Line range hint
1-1: Correct the typo in the introduction.- I want to think you first for considering contributing to ZenStack 🙏🏻. + I want to thank you first for considering contributing to ZenStack 🙏🏻.There's a typo in the introduction ("think" should be "thank"). Correcting this will improve the clarity and professionalism of the document.
packages/plugins/tanstack-query/src/runtime/react.ts (1)
Line range hint
183-205: Consider adding error handling for network failures inuseModelMutationto improve robustness.+ .catch(error => { + console.error('Network error:', error); + });README.md (2)
Line range hint
5-10: Add alternative text to images for accessibility.- <img src="https://raw.githubusercontent.com/zenstackhq/zenstack-docs/main/static/img/logo.png" height="128"> + <img src="https://raw.githubusercontent.com/zenstackhq/zenstack-docs/main/static/img/logo.png" alt="ZenStack Logo" height="128">
Line range hint
247-247: Correct heading levels for better document structure.- #### Source + ### Source
Summary by CodeRabbit