Closed
Conversation
Contributor
Summary of ChangesHello @ExtReMLapin, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request resolves a critical bug in Cypher query execution where parameters used within inline node-pattern property filters in Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
Contributor
🧪 CI InsightsHere's what we observed from your CI run for bdfb377. 🟢 All jobs passed!But CI Insights is watching 👀 |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces a crucial fix for parameter resolution within MATCH clauses, specifically addressing cases where parameters are represented as ParameterReference objects. The MatchNodeStep.java file now correctly resolves these parameters, ensuring that property filters in node patterns function as expected. A new regression test in ParameterTest.java has been added to validate this fix, demonstrating that inline node-pattern parameter matching now works correctly. This significantly improves the robustness and correctness of Cypher query execution.
Comment on lines
+517
to
+518
| if (paramValue != null) | ||
| expectedValue = paramValue; |
Contributor
There was a problem hiding this comment.
If paramValue is null (meaning the parameter was not found or explicitly set to null), expectedValue will remain a CypherASTBuilder.ParameterReference object. This can lead to incorrect comparisons later in the matchesProperties method, as a ParameterReference object will be compared directly against a vertex property value, or potentially cause a ClassCastException if subsequent logic expects a String or null. The expectedValue should be set to null if the parameter resolves to null.
Suggested change
| if (paramValue != null) | |
| expectedValue = paramValue; | |
| expectedValue = paramValue; |
When a MERGE query used parameter references (e.g., $username) in node properties, the ParameterReference objects were not resolved before property matching. This caused MERGE to always create a new node instead of finding the existing one, mirroring the bug that was already fixed in MatchNodeStep.matchesProperties(). The fix adds ParameterReference resolution in MergeStep.evaluateProperties(), which is called before matchesProperties() for both node and edge patterns. Regression tests added to OpenCypherMergeTest: - mergeFindsNodeWithParameterReference: verifies no duplicate is created - mergeCreatesNodeWithParameterReference: verifies creation still works https://claude.ai/code/session_012HJWpf6hyoiJSrFo2Wyim1
…rpm3 fix: resolve ParameterReference in MERGE property matching
Contributor
|
Fixed manually |
skofra0
pushed a commit
to skofra0/arcadedb
that referenced
this pull request
Feb 23, 2026
…[skip ci] Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7. Release notes *Sourced from [org.assertj:assertj-core's releases](https://github.com/assertj/assertj/releases).* > v3.27.7 > ------- > > 🔒 Security > --------------- > > ### Core > > * Fix XXE vulnerability in `isXmlEqualTo` assertion (CVE-2026-24400) > + See [GHSA-rqfh-9r24-8c9r](GHSA-rqfh-9r24-8c9r) for details; many thanks to [`@wxt201`](https://github.com/wxt201) and [`@Song-Li`](https://github.com/Song-Li) for responsibly reporting it! > > :no\_entry\_sign: Deprecated > ---------------------------- > > ### Core > > * Deprecate `XmlStringPrettyFormatter` with no replacement > > 🐛 Bug Fixes > --------------- > > ### Guava > > * Navigation to `assertj-core` or `guava` types from `assertj-guava` Javadoc site has unnecessary header [ArcadeData#3478](https://redirect.github.com/assertj/assertj/issues/3478) > > 🔨 Dependency Upgrades > ---------------------------- > > ### Core > > * Upgrade to Byte Buddy 1.18.3 > * Upgrade to JUnit BOM 5.14.1 > > ### Guava > > * Upgrade to Guava 33.5.0-jre Commits * [`e840716`](assertj/assertj@e840716) [maven-release-plugin] prepare release assertj-build-3.27.7 * [`85ca7eb`](assertj/assertj@85ca7eb) Deprecate `XmlStringPrettyFormatter` * [`77081dc`](assertj/assertj@77081dc) Merge commit from fork * [`b68fc24`](assertj/assertj@b68fc24) Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ... * [`0cf5bb6`](assertj/assertj@0cf5bb6) Bump `kotlin.version` from 2.1.0 to 2.2.21 * [`d393ef1`](assertj/assertj@d393ef1) Abort tests when symbolic links cannot be created ([#3788](https://redirect.github.com/assertj/assertj/issues/3788)) * [`2212433`](assertj/assertj@2212433) Add IntelliJ custom inspection for test class names * [`5717d02`](assertj/assertj@5717d02) Update JetBrains icon * [`a8ec20b`](assertj/assertj@a8ec20b) Add icon for JetBrains products * [`c05fb3d`](assertj/assertj@c05fb3d) Bump Maven to 3.9.12 and Wrapper to 3.3.4 * Additional commits viewable in [compare view](assertj/assertj@assertj-build-3.27.6...assertj-build-3.27.7) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
skofra0
pushed a commit
to skofra0/arcadedb
that referenced
this pull request
Feb 23, 2026
Bumps the github-actions group with 2 updates: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `anthropics/claude-code-action` from 1.0.46 to 1.0.51 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.51 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.51> > > v1.0.50 > ------- > > What's Changed > -------------- > > * revert: undo PR checkout fork support and unique branch naming by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#937](https://redirect.github.com/anthropics/claude-code-action/pull/937) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.50> > > v1.0.49 > ------- > > What's Changed > -------------- > > * fix: replace deprecated :\* with modern \* wildcard in git permissions by [`@Dave-London`](https://github.com/Dave-London) in [anthropics/claude-code-action#929](https://redirect.github.com/anthropics/claude-code-action/pull/929) > * fix: skip CI MCP server installation when actions:read permission is missing by [`@OctavianGuzu`](https://github.com/OctavianGuzu) in [anthropics/claude-code-action#933](https://redirect.github.com/anthropics/claude-code-action/pull/933) > * Fix/PR checkout branch name conflicts by [`@kirisame-wang`](https://github.com/kirisame-wang) in [anthropics/claude-code-action#931](https://redirect.github.com/anthropics/claude-code-action/pull/931) > > New Contributors > ---------------- > > * [`@OctavianGuzu`](https://github.com/OctavianGuzu) made their first contribution in [anthropics/claude-code-action#933](https://redirect.github.com/anthropics/claude-code-action/pull/933) > * [`@kirisame-wang`](https://github.com/kirisame-wang) made their first contribution in [anthropics/claude-code-action#931](https://redirect.github.com/anthropics/claude-code-action/pull/931) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.49> > > v1.0.48 > ------- > > What's Changed > -------------- > > * Fix PR checkout to support fork PRs by [`@Tsuesun`](https://github.com/Tsuesun) in [anthropics/claude-code-action#851](https://redirect.github.com/anthropics/claude-code-action/pull/851) > > New Contributors > ---------------- > > * [`@Tsuesun`](https://github.com/Tsuesun) made their first contribution in [anthropics/claude-code-action#851](https://redirect.github.com/anthropics/claude-code-action/pull/851) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.48> > > v1.0.47 > ------- > > What's Changed > -------------- > > * Update claude-opus-4-5 to claude-opus-4-6 in workflow by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#909](https://redirect.github.com/anthropics/claude-code-action/pull/909) > * fix: skip dev dependencies in CI install step by [`@Dave-London`](https://github.com/Dave-London) in [anthropics/claude-code-action#919](https://redirect.github.com/anthropics/claude-code-action/pull/919) > > New Contributors > ---------------- > > * [`@Dave-London`](https://github.com/Dave-London) made their first contribution in [anthropics/claude-code-action#919](https://redirect.github.com/anthropics/claude-code-action/pull/919) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.47> Commits * [`ea36d6a`](anthropics/claude-code-action@ea36d6a) chore: bump Claude Code to 2.1.42 and Agent SDK to 0.2.42 * [`c22f7c3`](anthropics/claude-code-action@c22f7c3) revert: undo PR checkout fork support and unique branch naming ([ArcadeData#937](https://redirect.github.com/anthropics/claude-code-action/issues/937)) * [`f669191`](anthropics/claude-code-action@f669191) fix: use unique local branch names for PR checkout to avoid conflicts ([ArcadeData#931](https://redirect.github.com/anthropics/claude-code-action/issues/931)) * [`8c383c5`](anthropics/claude-code-action@8c383c5) fix: skip CI MCP server installation when actions:read permission is missing ... * [`1bb0e74`](anthropics/claude-code-action@1bb0e74) fix: replace deprecated :\* with modern \* wildcard in git permissions ([ArcadeData#929](https://redirect.github.com/anthropics/claude-code-action/issues/929)) * [`23ed4cb`](anthropics/claude-code-action@23ed4cb) chore: bump Claude Code to 2.1.39 and Agent SDK to 0.2.39 * [`21e3fe0`](anthropics/claude-code-action@21e3fe0) Fix PR checkout to support fork PRs ([ArcadeData#851](https://redirect.github.com/anthropics/claude-code-action/issues/851)) * [`b433f16`](anthropics/claude-code-action@b433f16) chore: bump Claude Code to 2.1.38 and Agent SDK to 0.2.38 * [`7695f78`](anthropics/claude-code-action@7695f78) fix: skip dev dependencies in CI install step ([ArcadeData#919](https://redirect.github.com/anthropics/claude-code-action/issues/919)) * [`d5b01b6`](anthropics/claude-code-action@d5b01b6) Update claude-opus-4-5 to claude-opus-4-6 in workflow ([ArcadeData#909](https://redirect.github.com/anthropics/claude-code-action/issues/909)) * See full diff in [compare view](anthropics/claude-code-action@6c61301...ea36d6a) Updates `github/codeql-action` from 4.32.2 to 4.32.3 Release notes *Sourced from [github/codeql-action's releases](https://github.com/github/codeql-action/releases).* > v4.32.3 > ------- > > * Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [ArcadeData#3466](https://redirect.github.com/github/codeql-action/pull/3466) Changelog *Sourced from [github/codeql-action's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.32.3 - 13 Feb 2026 > -------------------- > > * Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [ArcadeData#3466](https://redirect.github.com/github/codeql-action/pull/3466) > > 4.32.2 - 05 Feb 2026 > -------------------- > > * Update default CodeQL bundle version to [2.24.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1). [ArcadeData#3460](https://redirect.github.com/github/codeql-action/pull/3460) > > 4.32.1 - 02 Feb 2026 > -------------------- > > * A warning is now shown in Default Setup workflow logs if a [private package registry is configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) using a GitHub Personal Access Token (PAT), but no username is configured. [ArcadeData#3422](https://redirect.github.com/github/codeql-action/pull/3422) > * Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. [ArcadeData#3421](https://redirect.github.com/github/codeql-action/pull/3421) > > 4.32.0 - 26 Jan 2026 > -------------------- > > * Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [ArcadeData#3425](https://redirect.github.com/github/codeql-action/pull/3425) > > 4.31.11 - 23 Jan 2026 > --------------------- > > * When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [ArcadeData#3409](https://redirect.github.com/github/codeql-action/pull/3409) > * Improved error handling throughout the CodeQL Action. [ArcadeData#3415](https://redirect.github.com/github/codeql-action/pull/3415) > * Added experimental support for automatically excluding [generated files](https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github) from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. [ArcadeData#3318](https://redirect.github.com/github/codeql-action/pull/3318) > * The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. [ArcadeData#3403](https://redirect.github.com/github/codeql-action/pull/3403) > > 4.31.10 - 12 Jan 2026 > --------------------- > > * Update default CodeQL bundle version to 2.23.9. [ArcadeData#3393](https://redirect.github.com/github/codeql-action/pull/3393) > > 4.31.9 - 16 Dec 2025 > -------------------- > > No user facing changes. > > 4.31.8 - 11 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.8. [ArcadeData#3354](https://redirect.github.com/github/codeql-action/pull/3354) > > 4.31.7 - 05 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.7. [ArcadeData#3343](https://redirect.github.com/github/codeql-action/pull/3343) > > 4.31.6 - 01 Dec 2025 > -------------------- ... (truncated) Commits * [`9e907b5`](github/codeql-action@9e907b5) Merge pull request [ArcadeData#3479](https://redirect.github.com/github/codeql-action/issues/3479) from github/update-v4.32.3-4bf6fa4e2 * [`1814c9f`](github/codeql-action@1814c9f) Update changelog for v4.32.3 * [`4bf6fa4`](github/codeql-action@4bf6fa4) Merge pull request [ArcadeData#3478](https://redirect.github.com/github/codeql-action/issues/3478) from github/mbg/changelog/add-connection-test-entry * [`9658e23`](github/codeql-action@9658e23) Merge pull request [ArcadeData#3476](https://redirect.github.com/github/codeql-action/issues/3476) from github/henrymercer/retry-auth-errors * [`be75dd9`](github/codeql-action@be75dd9) Add changelog entry for [ArcadeData#3466](https://redirect.github.com/github/codeql-action/issues/3466) * [`05bca54`](github/codeql-action@05bca54) Apply suggestion from [`@Copilot`](https://github.com/Copilot) * [`2d6b98c`](github/codeql-action@2d6b98c) Merge pull request [ArcadeData#3475](https://redirect.github.com/github/codeql-action/issues/3475) from github/henrymercer/retry-auth-errors * [`876cecb`](github/codeql-action@876cecb) Avoid requesting features in CCR * [`43b46a1`](github/codeql-action@43b46a1) Retry API authentication errors since these can be transient * [`8ad4b6e`](github/codeql-action@8ad4b6e) Merge pull request [ArcadeData#3472](https://redirect.github.com/github/codeql-action/issues/3472) from github/dependabot/github\_actions/dot-github/wor... * Additional commits viewable in [compare view](github/codeql-action@45cbd0c...9e907b5) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #3476
[WARNING] Tests run: 980, Failures: 0, Errors: 0, Skipped: 6Claude wrote the fix and got lost in a compilation loop bug, checked the fix, it works
Checklist
mvn clean packagecommand