Merge pull request #93 from aligent/fix/aikido-security-sast--6511476-kgtW

TheOrangePuff · web-flow · commit 02ef7886f119 · 2025-10-27T16:34:01.000+10:30
[Aikido] AI Fix for Template Injection in GitHub Workflows Action
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -19,7 +19,9 @@ jobs:
           ref: ${{ github.event.pull_request.head.ref }}
 
       - name: Fetch target
-        run: git fetch origin ${{ github.event.pull_request.base.ref }}
+        env:
+          BASE_REF: ${{ github.event.pull_request.base.ref }}
+        run: git fetch origin $BASE_REF
 
       - uses: actions/setup-node@v4
         with:
diff --git a/README.md b/README.md
@@ -55,7 +55,7 @@ npm install --global yarn
 
 2. Run `yarn install`
 
-3. Duplicate the `.env.template` file as `.env` for the mesh you are working on, fill in the values and place it in the corrosponding mesh directory.
+3. Duplicate the `.env.template` file as `.env` for the mesh you are working on, fill in the values and place it in the corresponding mesh directory.
 
 BigCommerce:
 
diff --git a/packages/modules/bigcommerce/src/factories/helpers/transform-wishlists.ts b/packages/modules/bigcommerce/src/factories/helpers/transform-wishlists.ts
@@ -1,14 +1,14 @@
+import { WishlistConnection, WishlistItemConnection } from '@aligent/bigcommerce-operations';
 import {
     ConfigurableProduct,
     Maybe,
     ProductInterface,
     Wishlist,
-    WishlistVisibilityEnum,
     WishlistItemInterface,
+    WishlistVisibilityEnum,
 } from '@aligent/bigcommerce-resolvers';
-import { WishlistConnection, WishlistItemConnection } from '@aligent/bigcommerce-operations';
-import { getTransformedProductData } from '../transform-products-data';
 import { isTruthy } from '@aligent/utils';
+import { getTransformedProductData } from '../transform-products-data';
 
 export const getTransformedWishlists = (wishlists: WishlistConnection): Array<Wishlist> => {
     if (!wishlists.edges) return [];
@@ -43,7 +43,7 @@ export const getTransformedWishListItems = (
     if (!wishListItems.edges) return [];
     return wishListItems.edges
         .map((wishlistItem) => {
-            if (!wishlistItem || !wishlistItem.node) return null;
+            if (!wishlistItem || !wishlistItem.node || !wishlistItem.node.product) return null;
             const { entityId, variantEntityId: wishlistItemVariantId } = wishlistItem.node;
             const transformedProduct = getTransformedProductData(
                 wishlistItem.node.product,
