Skip to content

v0.6.1: Fix False Security Categorization

Choose a tag to compare

View all tags
@stroupaloop stroupaloop released this 20 Jun 06:06
· 20 commits to main since this release
v0.6.1
c62dfe2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

πŸ› Bug Fixes

This patch release fixes a critical issue where pr-vibe was incorrectly categorizing ESLint style warnings as security vulnerabilities.

What's Fixed

  • βœ… Type imports (e.g., "prefer type-only import") now correctly categorized as STYLE, not SECURITY
  • βœ… Empty catch blocks now correctly categorized as CODE_QUALITY, not SECURITY
  • βœ… Console.log statements now correctly categorized as DEBUG, not SECURITY
  • βœ… Commit messages now accurate: "style: Apply code formatting" instead of "SECURITY: Fixed vulnerability"

Technical Details

  • Added context-aware categorization that checks style patterns before security patterns
  • Introduced new STYLE and DEBUG categories for better classification
  • Enhanced bot comment parsing to understand CodeRabbit severity indicators (⚠️ β‰  security)
  • Added comprehensive test suite to prevent regression

Feedback

This fix addresses user feedback from PR lvrginc/application#9659 where style issues were causing unnecessary alarm by being flagged as security vulnerabilities.

Install/Update: npm install -g pr-vibe@latest

Assets 2
Loading