Skip to content

fix(bulk-publish): add null guard on asset.publish_details before forEach#260

Open
aniket-shikhare-cstk wants to merge 2 commits into
feat/Asset-Scanning-v1from
fix/asset-publish-details-null-guard
Open

fix(bulk-publish): add null guard on asset.publish_details before forEach#260
aniket-shikhare-cstk wants to merge 2 commits into
feat/Asset-Scanning-v1from
fix/asset-publish-details-null-guard

Conversation

@aniket-shikhare-cstk

Copy link
Copy Markdown

Summary

  • displayAssetsDetails() in publish.js iterated asset?.publish_details.forEach(...) where the optional chain only guarded asset, not publish_details
  • Assets loaded from a --data-dir backup may not have a publish_details field (e.g. assets never previously published), causing a TypeError: Cannot read properties of undefined (reading 'forEach')
  • Added a second optional chain: asset?.publish_details?.forEach(...) — consistent with the safe Array.isArray(entry?.publish_details) guard already used for entries in the same file

Root Cause

The crash occurred in the error path (catch block at line 393) after the bulk publish API call had already been dispatched successfully. The assets were sent for publish, but the post-publish display/logging function crashed when encountering assets without a publish_details field.

Test plan

  • Run cm:assets:publish with a --data-dir backup that contains assets with no prior publish_details
  • Confirm no TypeError in output and CLI exits cleanly
  • Run existing bulk-publish e2e suite and confirm all asset publish test cases pass

…Each

Assets loaded from --data-dir backup may not have a publish_details field
if they were never published. The optional chain only guarded `asset`,
not `publish_details`, causing a TypeError in displayAssetsDetails().
@aniket-shikhare-cstk aniket-shikhare-cstk requested a review from a team as a code owner June 30, 2026 09:46
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 54 25 ✅ Passed
🟡 Medium Severity 121 7 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 2 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 54
  • Medium without fixes: 7
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prevents a runtime crash in the contentstack-bulk-publish plugin when rendering asset publish details after a bulk publish, specifically when assets loaded from --data-dir backups don’t have publish_details.

Changes:

  • Adds an additional null/undefined guard when iterating over asset.publish_details in displayAssetsDetails() to avoid TypeError in post-publish logging.
Comments suppressed due to low confidence (1)

packages/contentstack-bulk-publish/src/consumer/publish.js:68

  • publish_details?.forEach(...) only guards null/undefined. If publish_details is present but not an array (e.g., {} from a backup/transform), this will still throw because forEach is not a function. displayEntriesDetails() in this same file already uses an Array.isArray(...) guard; applying the same pattern here avoids the remaining crash case and keeps the code consistent.
      asset?.publish_details?.forEach((pd) => {
        if (Object.keys(mapping).includes(pd.environment)) {
        console.log(
          chalk.green(
            `Asset UID: '${asset.uid}'${pd.version ? `, Version: '${pd.version}'` : ''}${

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

…sets.js

setConfig() assigned to `config` at module scope but the variable was
never declared, causing a ReferenceError on any cm:assets:publish run
that goes through the data-dir flow.
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 54 25 ✅ Passed
🟡 Medium Severity 121 7 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 2 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 54
  • Medium without fixes: 7
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants