Skip to content

[comp] Production Deploy #1996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Marfuen merged 4 commits into from
Jan 12, 2026
Merged

[comp] Production Deploy #1996

Marfuen merged 4 commits into from
Jan 12, 2026

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jan 10, 2026

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

github-actions bot and others added 2 commits January 8, 2026 22:22
@github-actions
chore: merge release v1.75.0 back to main [skip ci]
0469943
@github-actions @tofikwest
[dev] [tofikwest] tofik/vendor-multiple-suggestions (#1994)
6272146 
* feat(vendors): enhance vendor creation with name trimming and duplicate check

* refactor(vendors): update vendor name selection logic for consistency

* fix(vendors): trim whitespace from vendor name input

---------

Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
@cursor
Copy link

cursor bot commented Jan 10, 2026
edited
Loading

PR Summary

Improves vendor creation UX and data integrity, and enriches GitHub integration checks with actionable evidence.

  • Vendors: new VendorNameAutocompleteField with debounced global vendor search; form refactor with separate create-vendor-form-schema, reset-on-close, and non-blocking post-create research
  • Action: trims name, returns structured Unauthorized errors, prevents org-duplicate vendors by name, and upserts GlobalVendors (conditional description update) to make vendors immediately searchable; still best-effort risk assessment trigger
  • Integrations (GitHub): dependabot check now aggregates alert counts and severities and includes them in pass/fail evidence and descriptions; sanitized-inputs check now detects CodeQL via default setup or workflows, distinguishes GHAS-required and permission-denied cases, and reports detailed evidence; types updated (advanced_security, Dependabot alert types)

Written by Cursor Bugbot for commit 4d554a4. This will update automatically on new commits. Configure here.

@CLAassistant
Copy link

CLAassistant commented Jan 10, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@vercel
Copy link

vercel bot commented Jan 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
app (staging) Ready Ready Preview, Comment Jan 12, 2026 3:17pm
1 Skipped Deployment
Project Deployment Review Updated (UTC)
portal (staging) Skipped Skipped Jan 12, 2026 3:17pm

@github-actions @tofikwest
feat(github): add advanced security status and enhance code scanning …
e54177a 
…detection (#1995)

Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
@vercel vercel bot temporarily deployed to staging – portal January 10, 2026 21:55 Inactive
cursor[bot]
cursor bot reviewed Jan 10, 2026
View reviewed changes
apps/app/src/app/(app)/[orgId]/vendors/components/VendorNameAutocompleteField.tsx
setSearchResults([]);
setIsSearching(false);
setPopoverOpen(false);
}, [isSheetOpen]);
Copy link

@cursor cursor bot Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale search results persist after sheet reopens

Low Severity

When a user closes the sheet while a vendor search is in flight, the cleanup effect at lines 77-80 clears searchResults. However, if the API response arrives after this cleanup, the onSuccess callback repopulates searchResults with stale data. When the sheet reopens, the effect does an early return (line 72), so stale results are not cleared. If the user then types 2+ characters, the onChange handler only calls setSearchResults([]) for inputs with length ≤ 1, so stale results briefly appear in the dropdown until the new debounced search completes.

Additional Locations (1)

Fix in Cursor Fix in Web

@github-actions @tofikwest
feat(github): add Dependabot alert interface and enhance alert counti…
4d554a4 
…ng (#1997)

Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
@vercel vercel bot temporarily deployed to staging – portal January 12, 2026 15:15 Inactive
cursor[bot]
cursor bot reviewed Jan 12, 2026
View reviewed changes
apps/app/src/app/(app)/[orgId]/vendors/actions/create-vendor-action.ts
return {
success: false,
error: `A vendor named "${existingVendor.name}" already exists in this organization.`,
};
Copy link

@cursor cursor bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Race condition allows duplicate vendor names

Medium Severity

The duplicate vendor name check and vendor creation are separate database operations without transaction protection. Two concurrent requests can both pass the findFirst check before either creates the vendor, resulting in duplicate vendors with the same name in the organization. The Vendor model lacks a @@unique([organizationId, name]) constraint that would provide database-level protection against this race condition.

Fix in Cursor Fix in Web

@Marfuen Marfuen merged commit 91617b0 into release Jan 12, 2026
13 of 14 checks passed
@claudfuen
Copy link
Contributor

claudfuen commented Jan 12, 2026

🎉 This PR is included in version 1.76.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CLAassistant @claudfuen @Marfuen