Skip to content

fix: address CodeRabbit findings from backmerge PR#1705

Merged
Hugo0 merged 1 commit intomainfrom
fix/cr-backmerge-findings
Feb 27, 2026
Merged

fix: address CodeRabbit findings from backmerge PR#1705
Hugo0 merged 1 commit intomainfrom
fix/cr-backmerge-findings

Conversation

@Hugo0
Copy link
Contributor

@Hugo0 Hugo0 commented Feb 27, 2026

Summary

Fixes 3 valid findings from CodeRabbit review on #1703 (backmerge PR):

  • update-content.yml: Add git add src/content before git write-tree — the submodule checkout updates the working tree but not the parent index, so commits were silently snapshotting the old submodule SHA
  • blog.ts: Escape HTML in shiki fallback code blocks to prevent XSS when an unsupported language falls through
  • Delete scripts/ping-sitemap.sh: Google's ping endpoint deprecated June 2023, Bing's May 2022 — both return 404. Already replaced by IndexNow

Skipped (not worth fixing)

  • Nested <button> inside <a> — valid HTML spec issue but requires adding asChild to Button component (larger refactor)
  • All other findings were refactoring suggestions, style opinions, or feature requests

@Hugo0
fix: address valid CodeRabbit findings from backmerge PR
dc2a27c 
- update-content.yml: stage src/content before git write-tree so the
  commit captures the updated submodule SHA (was silently snapshotting
  the old pointer)
- blog.ts: escape HTML in code block fallback to prevent XSS
- Delete scripts/ping-sitemap.sh — Google and Bing ping endpoints have
  been deprecated since 2022/2023 (replaced by IndexNow)
@vercel
Copy link

vercel bot commented Feb 27, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
peanut-wallet Building Building Preview, Comment Feb 27, 2026 3:02pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 27, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15857f2 and dc2a27c.

📒 Files selected for processing (3)
  • .github/workflows/update-content.yml
  • scripts/ping-sitemap.sh
  • src/lib/blog.ts

Walkthrough

Adds a git staging step in the GitHub Actions workflow before creating the Git tree, removes the sitemap-ping script, and changes the blog code block fallback to escape HTML entities in unhighlighted code.

Changes

Cohort / File(s) Summary
CI/CD / Removed script
.github/workflows/update-content.yml, scripts/ping-sitemap.sh		 Workflow now runs git add src/content (staging updated content) before creating the Git tree; the scripts/ping-sitemap.sh file was deleted.
Blog library rendering
src/lib/blog.ts		 Fallback for unsupported/highlighting-failure languages now escapes HTML entities (&, <, >, " ) in code text before wrapping in <pre><code> to avoid raw HTML injection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/cr-backmerge-findings

Comment @coderabbitai help to get the list of available commands and usage tips.

@Hugo0 Hugo0 merged commit 28bae84 into main Feb 27, 2026
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Hugo0