Open
Conversation
- Add pnpm override for preact >=10.28.2 to fix high severity JSON VNode Injection vulnerability (GHSA-36hm-qxxp-pg3m) - Add missing rel="noopener noreferrer" to external links in PageFrame.astro and MoveReferenceDisabled.astro to prevent potential tabnapping attacks
Added pnpm overrides for lodash and lodash-es to force version 4.17.23, addressing the security vulnerability in older versions.
- Remove Pontem Move Playground link from smart contracts docs - Remove Pontem wallet references from faucet API docs - Updates EN, ES, and ZH locales Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The LanguageSelect component was using window.location.pathname which loses the URL fragment (hash). This fix: - Uses window.location.href with the hash preserved instead - Adds stopImmediatePropagation to prevent the default Starlight handler This fixes the bug where fragments like #section were lost when users switched between language versions of a page.
Co-authored-by: greg <greg@gnazar.io>
The script was incorrectly matching releases with tag names like 'aptos-cli-7.14.2'
(without 'v' prefix) which are incomplete/draft releases with no assets.
Changes:
1. Update latest_release_info to match only 'aptos-cli-v' prefixed tags
2. Add check that the release has assets before selecting it
3. Improve version extraction to be more explicit and add fallback
This fixes the SemVer parsing error:
'unexpected character 'a' while parsing major version number'
Which occurred because tags like 'aptos-cli-7.14.2' would return the full
tag name as the version when split('-v') found no '-v' substring.
|
Cursor Agent can help with this pull request. Just |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a bug in the Aptos CLI installation script where version parsing was failing due to incorrect tag filtering. The issue was that the script was matching GitHub release tags without the 'v' prefix (e.g., aptos-cli-7.14.2) which lacked downloadable assets, instead of the correct versioned releases with assets (e.g., aptos-cli-v7.14.2).
Changes:
- Updated release filtering to specifically look for tags starting with "aptos-cli-v" (with 'v' prefix)
- Added check to ensure selected releases have assets before using them
- Improved version extraction logic with explicit prefix removal instead of string splitting
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+443
to
+451
| # Extract version by removing the "aptos-cli-v" prefix from the tag name | ||
| # Tags are expected to be in format "aptos-cli-v{version}" (e.g., "aptos-cli-v7.14.2") | ||
| tag_name = self.latest_release_info["tag_name"] | ||
| prefix = "aptos-cli-v" | ||
| if tag_name.startswith(prefix): | ||
| version_to_install = tag_name[len(prefix):] | ||
| else: | ||
| # Fallback to split method for backwards compatibility | ||
| version_to_install = tag_name.split("-v")[-1] |
There was a problem hiding this comment.
The fallback logic in the else block (lines 450-451) is unreachable because latest_release_info property already filters to only return releases where tag_name starts with "aptos-cli-v" (line 279). The condition at line 447 will always be true. Consider removing the unreachable fallback code or documenting why it's kept for defensive programming purposes.
Suggested change
| # Extract version by removing the "aptos-cli-v" prefix from the tag name | |
| # Tags are expected to be in format "aptos-cli-v{version}" (e.g., "aptos-cli-v7.14.2") | |
| tag_name = self.latest_release_info["tag_name"] | |
| prefix = "aptos-cli-v" | |
| if tag_name.startswith(prefix): | |
| version_to_install = tag_name[len(prefix):] | |
| else: | |
| # Fallback to split method for backwards compatibility | |
| version_to_install = tag_name.split("-v")[-1] | |
| # Extract version by removing the "aptos-cli-v" prefix from the tag name. | |
| # Tags are expected to be in format "aptos-cli-v{version}" (e.g., "aptos-cli-v7.14.2"), | |
| # and latest_release_info only returns releases with this prefix. | |
| tag_name = self.latest_release_info["tag_name"] | |
| prefix = "aptos-cli-v" | |
| version_to_install = tag_name[len(prefix):] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes SemVer parsing in Rust CLI update logic and adds reference install scripts.
The previous logic for fetching CLI updates incorrectly matched GitHub release tags like
aptos-cli-7.14.2(without a 'v' prefix and no downloadable assets) instead of valid releases likeaptos-cli-v7.14.2. This caused version extraction failures and "unexpected character 'a'" errors when attempting to parse the version.Slack Thread