Skip to content

Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization + merge conflict resolution#23

Draft
SafetyMP wants to merge 2 commits into
mainfrom
alert-autofix-4
Draft

Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization + merge conflict resolution#23
SafetyMP wants to merge 2 commits into
mainfrom
alert-autofix-4

Conversation

@SafetyMP

@SafetyMP SafetyMP commented May 31, 2026

Copy link
Copy Markdown
Owner

Summary

  • Fixes code scanning alert build(deps): Bump azure/setup-kubectl from 4 to 5 #4 by replacing URL hostname substring checks with strict domain-boundary hostname matching in detectNotificationChannel.
  • Resolves merge conflicts by merging origin/main into this branch and keeping the secure hostname-based logic in src/lib/operationalWebhook/channelAdapters.ts.

Tracking

  • Screenshots / Loom / deploy preview (optional): N/A

Verification (paste evidence)

Check Evidence (paste command output snippet or Actions run URL / job name)
supply-chain-audit job (CI) ⏭️ Not run locally (CI job)
npm run lint ⏭️ ESLint: 10.4.1 TypeError: ... react/display-name ... (environment/tooling compatibility in local run)
npx tsc --noEmit ✅ Pass
npm test (Vitest) ✅ Pass (76 passed, 338 passed)
npm run test:e2e:smoke @smoke ⏭️ Not run for this change scope

PR authors must paste output or CI links for failing checks explaining why skip applies.


Areas touched

  • Frontend / dashboards
  • tRPC routers / server (src/server/)
  • Database schema / migrations (src/server/db/, drizzle/migrations/)
  • Auth / RBAC (src/lib/rbac.ts, Better Auth flows)
  • Compliance / retention / RAG / AI gateway (see COMPLIANCE.md — link subsection)
  • CI/CD / infra only (Dockerfile, deploy/k8s/, .github/workflows/)

Compliance acknowledgement

Use when any box under “regulated” areas applies:

  • I linked the compliance issue and stated migration / rollback / retention impact.
  • No weakening of RBAC or audit trail intentionally introduced.

… sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vercel

vercel Bot commented May 31, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
autonomous-ehs-management Ready Ready Preview, Comment May 31, 2026 1:53pm

@SafetyMP

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts in this pull request

Copilot AI commented May 31, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved and merged origin/main into this PR branch, including conflict resolution in src/lib/operationalWebhook/channelAdapters.ts in commit 868f111.

Copilot AI changed the title Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization + merge conflict resolution May 31, 2026
@SafetyMP

SafetyMP commented Jun 1, 2026

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts in this pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants