Conversation
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🦋 Changeset detectedLatest commit: 18da92e The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
dosubot
Bot
added
size:L
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1373d46ea3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return isYoutubeId(id) ? id : undefined; | ||
| } | ||
|
|
||
| if (host !== 'youtube.com' && !host.endsWith('.youtube.com')) return; |
There was a problem hiding this comment.
The new host gate for YouTube only allows youtube.com/*.youtube.com and youtu.be, which drops previously supported thumbnail URL forms such as img.youtube.com/vi/<id>/... and i.ytimg.com/vi/<id>/.... With this change, pasting those URLs now returns undefined instead of normalized embed data, so media insertion paths that relied on the old parser behavior regress. Please include the thumbnail host variants in YouTube provider detection.
Useful? React with 👍 / 👎.
| host !== 'vimeo.com' && | ||
| !host.endsWith('.vimeo.com') && | ||
| host !== 'vimeopro.com' && | ||
| !host.endsWith('.vimeopro.com') |
There was a problem hiding this comment.
parseVimeoId now only accepts vimeo.com/*.vimeo.com and vimeopro.com/*.vimeopro.com, which excludes i.vimeocdn.com/video/<id> URLs that were parsed before. This causes valid Vimeo inputs to stop resolving to embed metadata and breaks compatibility for users pasting CDN-style Vimeo links. Add vimeocdn.com to the Vimeo host checks to preserve prior behavior.
Useful? React with 👍 / 👎.
dosubot
Bot
added
size:XL
1 participant
🐛 Fixes CVE-2026-5986 exposure in
@platejs/media🟢 95-100% confidence
parseVideoUrltiming regression failed at ~360mspnpm checkpnpm check✅ Outcome
js-video-url-parserfrom@platejs/mediaandpnpm-lock.yaml..changeset/*.mdfile.taskandmajor-taskto put the block directly in PR descriptions instead of waiting for CI.[Release] Version packagesusingAPI_TOKEN_GITHUBso the publish workflow can still trigger.pnpm checkstill prints the existing footnote hook warning and duplicate@platejs/coretest notice; no errors.🏗️ Design
parseVideoUrl; callers keep the same helper and metadata shape.pull_request_targetonly checks out base-repo code and reads PR file names through the GitHub API.🧪 Verified
bun test packages/media/src/lib/media-embed/parseVideoUrl.spec.tspnpm turbo build --filter=./packages/mediapnpm turbo typecheck --filter=./packages/mediabun test tooling/scripts/auto-release-pr.test.mjsnode --check tooling/scripts/auto-release-pr.mjs && node --check tooling/scripts/auto-release-pr.test.mjsgit diff --check.github/workflows/changeset-auto-release.ymland.github/workflows/release.ymlpnpm installpnpm lint:fixpnpm check