Skip to content

[Auto release] release 2.0.4#199

Merged
666haiwen merged 80 commits intomainfrom
release/2.0.4
Mar 20, 2025
Merged

[Auto release] release 2.0.4#199
666haiwen merged 80 commits intomainfrom
release/2.0.4

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Mar 20, 2025

🆕 feat

  • @visactor/vmind: add umd output to build

666haiwen and others added 30 commits December 4, 2024 17:42
@666haiwen
feat(vchart-edtior): add vchart spec atom template
457ac2b
@666haiwen
feat(vchart-edtior): format assistant result
f22c259
@666haiwen
feat(vchart-edtior): queryKeyPath with spec
e72b3da
@xile611
feat: merge spec of vchart
dec7acc
@666haiwen
Merge pull request #171 from VisActor/feat/vchart_editor_merge_spec
3eaa74b 
feat: merge spec of vchart
@xile611
fix: update merge spec of legends
bca0c86
@666haiwen
feat(rag): add qa keyPath options
aea3823
@666haiwen
feat(rag_demo): add try catch in case of error
8be043f
@666haiwen
feat(rag): add useSpec options and delete button
fad2ae2
@666haiwen
feat(rag_test): add feedback model of user
0771858
@666haiwen
feat(rag): add use query transfer option, default useTopKey
9b57b87
@xile611
fix: fix spec when spec contain parent path
3534cf0
@xile611
fix: fix merge of context
0a25f5f
@666haiwen
Merge pull request #172 from VisActor/feat/vchart_editor_merge_spec
9ff4bca 
Feat/vchart editor merge spec
@xile611
chore: update jest to 0.29
c43ad93
@xile611
fix: fix conflict texts
5916036
@xile611
Merge branch 'feat/vchart_editor' into chore/update-jest
5a29891
@666haiwen
Merge pull request #173 from VisActor/chore/update-jest
354a835 
chore: update jest to 0.29
@xile611
fix: fix spec connection of vchart
bd1a9f0
@xile611
chore: fix error of sass
633b7fd
@xile611
feat: add handle of fucntion and series
9f415de
@xile611
fix: fix vchart spec when leafSpec is simple type
64caedb
@xile611
fix: handle case of series
b34609d
@xile611
fix: fix merge spec of vchart
7383aec
@xile611
test: add test case for vchartspec utils
74888f3
@666haiwen
feat(rag): feedback optimizer
379d410
@xile611
refactor: update vchartspec utils
55e33a8
@xile611
fix: update merge spec of vchart
a56eb39
@xile611
test: update test case of commonchart
511abeb
@xile611
Merge branch 'feat/vchart_editor' into feat/vchart_editor_merge_spec
9954a11
666haiwen and others added 24 commits March 4, 2025 16:54
@666haiwen
Merge pull request #188 from VisActor/fix/merge-spec-2
82de247 
test: update test case of bar
@666haiwen
Merge branch 'feat/vchart_editor' of https://github.com/VisActor/VMind
1d34cc4 
…into feat/vchart_editor
@666haiwen
feat(editor): demo style update
b8cb9d0
@666haiwen
Merge pull request #190 from VisActor/sync/main-2.0.3
55b283d 
[Auto Sync] Sync the code from branch main to branch develop after release 2.0.3
@666haiwen
Merge branch 'develop' into feat/vchart_editor
7927f73
@666haiwen
feat: update opeanAPI md
a4abf47
@666haiwen
Merge branch 'develop' into feat/vchart_editor
e9da92b
@666haiwen
feat: replace doubao of skylark in md
bb3d137
@666haiwen
fix: fix data may not array in chart insights atom
0c5ded6
@666haiwen
feat: add feedback and duelaxis demo
d1c46d3
@666haiwen
feat: agent demo transfer to vmind open api server
3e3dfad
@xile611
fix: fix error of set
1f9bedc
@666haiwen
Merge pull request #192 from VisActor/fix/set-error
1ba17e2 
fix: fix error of `set`
@666haiwen
feat: add umd package to build
922fc9b
@xile611
Merge pull request #193 from VisActor/feat/umd
d265f4b 
feat: add umd package to build
@666haiwen
feat: add CustomRequest options in Vmind
d820750
@666haiwen
Merge pull request #196 from VisActor/feat/customRequest
8b621a3 
feat: add CustomRequest options in Vmind
@666haiwen
Merge remote-tracking branch 'origin/develop' into feat/vchart_editor
7ce8ba4
@xile611
Merge pull request #197 from VisActor/feat/vchart_editor
2f584a1 
Feat/vchart editor:Add VChartSpec Atom and demo of vchart editor
@666haiwen
fix: fieldInfo can be empyt in chartGeneration, custom Model url fix
2a1c0a7
@666haiwen
fix: radar chart may no categoryField
7db20be
@666haiwen
fix: line/bar chart should not with label visible
88adc31
@666haiwen
Merge pull request #198 from VisActor/fix/refactor_chart
6dda9b5 
Fix: fix some chart generation bugs
@666haiwen
build: prelease version 2.0.4
e849810
@github-actions github-actions Bot requested a review from da730 March 20, 2025 02:27
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 20, 2025
View reviewed changes
Comment thread packages/vmind/src/core/rag.ts
.map(item => {
// 使用正则表达式解析字符串
const match = item.match(/\('(.+)', ([\d.]+)\)/);
const match = item.match(/\("(.+?)", ([\d.]+)\)/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings starting with '("' and with many repetitions of '("a'.
This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings starting with '("' and with many repetitions of '("a'.
Comment thread packages/vmind/src/core/rag.ts
if (match) {
return [match[1], parseFloat(match[2])];
}
const oldMatch = item.match(/\('(.+)', ([\d.]+)\)/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings starting with '('' and with many repetitions of '('a'.
This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings starting with '('' and with many repetitions of '('a'.
Comment thread packages/vmind/src/utils/set.ts
if (isValid(nested[key])) {
merge(nested, { [key]: newValue });
} else {
nested[key] = newValue;

Check warning

Code scanning / CodeQL

Prototype-polluting function Medium

The property chain
here
Loading
is recursively assigned to
nested
Loading
without guarding against prototype pollution.

Copilot Autofix

AI about 1 year ago

To fix the prototype pollution issue, we need to ensure that the baseSet function does not allow setting properties like __proto__ or constructor. This can be achieved by adding a check to block these properties before performing the assignment or merge.

  • Modify the baseSet function to include a check that skips any keys that are __proto__ or constructor.
  • This change should be made in the baseSet function, specifically around the lines where the assignment or merge is performed.
Suggested changeset 1
packages/vmind/src/utils/set.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/vmind/src/utils/set.ts b/packages/vmind/src/utils/set.ts
--- a/packages/vmind/src/utils/set.ts
+++ b/packages/vmind/src/utils/set.ts
@@ -65,2 +65,5 @@
     const key = path[index];
+    if (key === "__proto__" || key === "constructor") {
+      continue;
+    }
     let newValue = value;
EOF
@@ -65,2 +65,5 @@
const key = path[index];
if (key === "__proto__" || key === "constructor") {
continue;
}
let newValue = value;
Copilot is powered by AI and may make mistakes. Always verify output.
@666haiwen 666haiwen merged commit 6d8f41a into main Mar 20, 2025
3 of 4 checks passed
@666haiwen 666haiwen deleted the release/2.0.4 branch March 20, 2025 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@666haiwen 666haiwen 666haiwen approved these changes

@da730 da730 Awaiting requested review from da730

Assignees

No one assigned

Labels

release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@666haiwen @github-advanced-security @xile611