Skip to content

Release/0.1.6#29

Merged
yosriady merged 2 commits into
mainfrom
release/0.1.6
May 17, 2026
Merged

Release/0.1.6#29
yosriady merged 2 commits into
mainfrom
release/0.1.6

Conversation

@yosriady
Copy link
Copy Markdown
Contributor

@yosriady yosriady commented May 17, 2026
edited by blacksmith-sh Bot
Loading

View in Codesmith
Need help on this PR? Tag @codesmith with what you need.

  • Let Codesmith autofix CI failures and bot reviews

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 17, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addeddeepsec@​2.0.8811001009680

View full report

@yosriady yosriady merged commit 4766624 into main May 17, 2026
9 checks passed
@yosriady yosriady deleted the release/0.1.6 branch May 17, 2026 06:05
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 17, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request initializes a deepsec scanning workspace, adding configuration, documentation, and a threat model for the analytics SDK, while also bumping the package version to 0.1.6. The review feedback highlights that a generated metadata file includes a local absolute path which should be gitignored to prevent leaking system information. Additionally, the package manager version in the new workspace should be updated to match the root configuration for consistency.

Comment thread .deepsec/data/sdk-react-native/tech.json
"package.json"
],
"detectedAt": "2026-05-16T23:06:59.117Z",
"rootPath": "/Users/yos/sdk-react-native"
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The rootPath property contains an absolute path specific to a local environment (/Users/yos/...). This makes the configuration non-portable and leaks local system information. If this file is intended to be tracked in git, this path should be made relative (e.g., ".."). However, given that it also contains a detectedAt timestamp, this file appears to be a generated cache that should likely be added to .deepsec/.gitignore and removed from the repository.

Comment thread .deepsec/package.json
"description": "deepsec scanning workspace",
"type": "module",
"workspaces": [],
"packageManager": "pnpm@9.15.4",
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The packageManager version specified here (pnpm@9.15.4) is inconsistent with the version used in the root package.json (pnpm@10.27.0). It is recommended to keep these versions synchronized to ensure consistent dependency resolution and lockfile behavior across the entire repository. Before applying this change, verify that pnpm@10.27.0 is available on the official registry (e.g., npm view pnpm@10.27.0).

Suggested change
"packageManager": "pnpm@9.15.4",
"packageManager": "pnpm@10.27.0",
References
  1. Verify the existence of recent package versions on the official registry before accepting version changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yosriady