Skip to content

chore: merge changes into 1.2.x#617

Closed
jwartofsky-yext wants to merge 3 commits into
1.2.xfrom
1.3.0
Closed

chore: merge changes into 1.2.x#617
jwartofsky-yext wants to merge 3 commits into
1.2.xfrom
1.3.0

Conversation

@jwartofsky-yext

@jwartofsky-yext jwartofsky-yext commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Merges the following changes into the 1.2.x branch

118eae1 (HEAD -> main, origin/main, origin/HEAD) feat: add reverse-proxy-prefix option to build (#616)

8ba6b60 chore: update minimatch (#614)

9bc82e0 chore: prevent shell injection in github action (vuln-44057) (#613)

benlife5 and others added 3 commits June 12, 2026 13:22
@benlife5 @jwartofsky-yext
chore: prevent shell injection in github action (vuln-44057) (#613)
c9d82c4 
> Summary
> Using variable interpolation $... with github context data in a run:
step could allow an attacker to inject their own code into the runner.
This would allow them to steal secrets and code. github context data can
have arbitrary user input and should be treated as untrusted. Instead,
use an intermediate environment variable with env: to store the data and
use the environment variable in the run: script. Be sure to use
double-quotes the environment variable, like this: "$ENVVAR".
@briantstephan @github-actions @jwartofsky-yext
chore: update minimatch (#614)
5519705 
This recursively updates minimatch so all downstream dependencies are
using secure versions.

https://nvd.nist.gov/vuln/detail/CVE-2026-27903

A newer version of `@microsoft/api-extractor` was also required since
the old one used an insecure version of minimatch, but this introduced
issues caused by inconsistent TypeScript versions. I upgraded
TypeScript, node, and glob, to get everything working again.

Also upgraded playwright as I was seeing Github actions hang on the
browser install step, which has been fixed in 1.60.0.

microsoft/playwright#40998

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
@jwartofsky-yext
feat: add reverse-proxy-prefix option to build (#616)
dd3b416 
After running "npm run build --
--reverse-proxy-prefix=www.brand.com/locations", I see these files
modified:

**vite.config.ts**
```
import { defineConfig } from "vite";
import react from "@vitejs/plugin-react";
import yextSSG from "@yext/pages/vite-plugin";
import { yextVisualEditorPlugin } from "@yext/visual-editor/plugin"

export default defineConfig({
    plugins: [react(), yextVisualEditorPlugin(), yextSSG()],
    build: {
        assetsDir: "locations/assets"
    }
});
```

**config.yaml**
```
buildConfiguration:
  buildCommand: npm run build
  installDependenciesStep:
    command: npm install
    requiredFiles:
      - package.json
      - package-lock.json
      - .npmrc
livePreviewConfiguration:
  setupCommand: ":"
sitemap:
  excludeList:
    - edit
serving:
  reverseProxyPrefix: www.brand.com/locations
dynamicRoutes:
  - from: /assets/*
    to: /locations/assets/:splat
    status: 200
```

The **dist/assets** are also updated:
<img width="211" height="268" alt="image"
src="https://github.com/user-attachments/assets/226d213e-81f2-4795-baa5-fb2a8ee7bf28"
/>


See example of a run here:
YextSolutions/pages-visual-editor-starter#330
@coderabbitai

coderabbitai Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d4d02b37-355d-4e2f-a4e8-2bde0aeed777

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 1.3.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@jwartofsky-yext jwartofsky-yext changed the title 1.3.0 chore: merge changes into 1.2.x Jun 12, 2026
@jwartofsky-yext jwartofsky-yext marked this pull request as ready for review June 12, 2026 17:35
@jwartofsky-yext jwartofsky-yext requested a review from a team as a code owner June 12, 2026 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkilpatrick mkilpatrick mkilpatrick approved these changes

@briantstephan briantstephan Awaiting requested review from briantstephan

@benlife5 benlife5 Awaiting requested review from benlife5

@asanehisa asanehisa Awaiting requested review from asanehisa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jwartofsky-yext @mkilpatrick @benlife5 @briantstephan