Bump API schema to {"messag#16680
Hidden character warning
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| // SENTRY_API_SCHEMA_SHA is used in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| // DO NOT change variable name unless you change it in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| const SENTRY_API_SCHEMA_SHA = '42495fc378961e27521a842bf9e6e10e9f864d72'; | ||
| const SENTRY_API_SCHEMA_SHA = '{"message":"API rate limit exceeded for 68.220.59.224. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}'; |
There was a problem hiding this comment.
GitHub API error response committed as schema SHA
High Severity
SENTRY_API_SCHEMA_SHA was replaced with a GitHub API rate-limit error JSON response instead of a valid commit SHA. This value is interpolated into a raw.githubusercontent.com URL on line 29, which will produce an invalid URL and cause the OpenAPI schema fetch to fail, breaking the API docs build.
| // SENTRY_API_SCHEMA_SHA is used in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| // DO NOT change variable name unless you change it in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| const SENTRY_API_SCHEMA_SHA = '42495fc378961e27521a842bf9e6e10e9f864d72'; | ||
| const SENTRY_API_SCHEMA_SHA = '{"message":"API rate limit exceeded for 68.220.59.224. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}'; |
There was a problem hiding this comment.
CI infrastructure IP address leaked in source code
Low Severity
The accidentally committed GitHub API rate-limit error embeds the IP address 68.220.59.224 of the CI runner infrastructure into the public source code. This is a minor information disclosure that exposes internal infrastructure details.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| // SENTRY_API_SCHEMA_SHA is used in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| // DO NOT change variable name unless you change it in the sentry-docs GHA workflow in getsentry/sentry-api-schema. | ||
| const SENTRY_API_SCHEMA_SHA = '42495fc378961e27521a842bf9e6e10e9f864d72'; | ||
| const SENTRY_API_SCHEMA_SHA = '{"message":"API rate limit exceeded for 68.220.59.224. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}'; |
There was a problem hiding this comment.
Bug: The constant SENTRY_API_SCHEMA_SHA contains a JSON error message instead of a valid Git SHA, which will cause a build-time crash when constructing a URL.
Severity: CRITICAL
Suggested Fix
Replace the corrupted JSON string in SENTRY_API_SCHEMA_SHA with the correct 40-character hexadecimal Git commit SHA for the sentry-api-schema repository. Additionally, consider adding try-catch blocks around the fetch call in resolveOpenAPI() to gracefully handle potential network errors or invalid responses in the future, preventing similar build failures.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: src/build/resolveOpenAPI.ts#L11
Potential issue: The constant `SENTRY_API_SCHEMA_SHA` has been assigned a JSON error
string from the GitHub API instead of a valid Git commit SHA. This corrupted value is
used to construct a URL for fetching the OpenAPI schema. The resulting URL is malformed,
causing the `fetch` call to throw a `TypeError`. Since this error occurs within the
`generateStaticParams` function and is not handled by a `try-catch` block, it will lead
to an unhandled promise rejection, crashing the entire Next.js build process and
preventing the documentation site from being deployed.
Did we get this right? 👍 / 👎 to inform future reviews.
No description provided.