Release code-scan-action v0.1.8#12
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7ca28f31c2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| } else if (line.startsWith("+") || line.startsWith(" ") || line === "") { | ||
| currentNewLine++; |
There was a problem hiding this comment.
In normal PR diffs the response ends with \n, so split('\n') produces a final empty string. Treating that sentinel as a hunk line extends the last file's final range one line past the actual diff; when the scanner reports a line after the last hunk, clampToValidLine can keep or clamp it to this nonexistent review line, causing createReview to reject the fallback review instead of converting the finding to a general comment.
Useful? React with 👍 / 👎.
| let currentNewLine = 0; | ||
| let hunkStartLine = 0; | ||
| for (const line of lines) { | ||
| const fileMatch = line.match(/^\+\+\+ b\/(.+)$/); |
There was a problem hiding this comment.
For PRs that touch files whose paths contain spaces, git-style unified diffs terminate the +++ b/<path> header with a tab separator, so this regex stores a key like "dir/a b\t" while scanner/GitHub comment paths are "dir/a b". Those comments will never match validRanges, so the fallback path converts otherwise valid inline findings for these files into general comments instead of posting them on the affected lines.
Useful? React with 👍 / 👎.
| return { | ||
| startLine: clampedStartLine, | ||
| line: clampedEndLine | ||
| }; |
There was a problem hiding this comment.
When a finding spans two separated hunks in the same file, clamping the start and end independently can return a multi-line review comment whose range crosses hidden, non-diff lines. GitHub cannot create that review thread, so a single cross-hunk finding makes the fallback createReview call fail instead of degrading to a single-line or general comment.
Useful? React with 👍 / 👎.
1 participant
Automated release mirror for
@promptfoo/code-scan-actionv0.1.8.Source: promptfoo/promptfoo@af7ec0b
Source tag: code-scan-action-0.1.8
This PR is generated from the monorepo release workflow. The mirror repository validation workflow rebuilds from
.release-source.jsonand checks that the generated artifacts match.