fix(deps): update npm dependencies updates (major)#119
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
b52e4f8 to
044cd2a
Compare
044cd2a to
fa91fc4
Compare
fa91fc4 to
3a55de3
Compare
366df52 to
d521a00
Compare
d521a00 to
03714cc
Compare
e3cc39b to
a0b3c19
Compare
a0b3c19 to
f454430
Compare
476a7fc to
edafdb8
Compare
edafdb8 to
cf9a2b2
Compare
51513df to
32d2877
Compare
042fa53 to
eb48add
Compare
20b9635 to
ed81e4a
Compare
ed81e4a to
bd32030
Compare
bd32030 to
658d7e9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.8.0→2.0.14.0.*→5.0.*2.0.7→3.1.1419.0.*→20.2.*Release Notes
jshttp/http-errors (http-errors)
v2.0.1Compare Source
==================
v2.0.0Compare Source
==================
I'mateapotexport; useImATeapotinsteadUnorderedCollectionconstructor toTooEarlyevalusage withFunctionconstructorprocessto check for listeners418 I'm a Teapot425 Unordered Collectionto standard425 Too Earlyv1.8.1Compare Source
==================
kucherenko/jscpd (jscpd)
v5.0.12Compare Source
Highlights
Bug Fixes
cpdbinary and npm packages tojscpd— the CLI binary was namedcpd(cpd.exeon Windows), which collided with an executable name flagged by some antivirus software (McAfee, Trend Micro), causing false-positive blocking. The binary and platform npm packages are now namedjscpd/jscpd-*. Closes #826 (#854);line comments for Lisp/Clojure/Scheme/Racket — these languages fell through to C-style comment handling, so;comments were tokenized as code and--mode weak/--skip-commentscouldn't drop them. Closes #849 (#850, thanks @laurynas-biveinis)Chores
@jscpd/core,@jscpd/finder,@jscpd/tokenizer,@jscpd/html-reporter,@jscpd/badge-reporter,@jscpd/leveldb-store, and@jscpd/redis-storepackage metadata (#831–#837, thanks @9904099)Dependencies
askamato 0.16.0 in/rustlogto 0.4.33 in/rustenv_loggerto 0.11.11 in/rustrustc-hashto 2.1.3 in/rustThanks
Big thanks to @laurynas-biveinis, @chrisc-onaorg, and @9904099 for their contributions to this release! 🙌
Published Packages
cpd-core@0.1.6on crates.iocpd-finder@0.1.8on crates.iocpd-reporter@0.1.7on crates.iocpd-tokenizer@0.1.7on crates.iojscpd@5.0.12on crates.iocpd@5.0.12on npmjscpd@5.0.12on npmjscpd-darwin-arm64@​5.0.12on npmjscpd-darwin-x64@​5.0.12on npmjscpd-linux-x64-gnu@5.0.12on npmjscpd-linux-arm64-gnu@5.0.12on npmjscpd-linux-x64-musl@5.0.12on npmjscpd-windows-x64-msvc@5.0.12on npmv5.0.11Compare Source
New Features
Dependencies
cpd-corebumped to 0.1.6,cpd-tokenizerbumped to 0.1.7v5.0.10Compare Source
Bug Fixes
absolute: false. Fixes #827--skip-localto match jscpd v4 TypeScript semanticsRefactoring
cpd-reporter/src/shared.rsgitoxidetogit blame --porcelainv5.0.9Compare Source
New Features
jscpd-copy-paste-detectoraction for GitHub Actions Marketplace. Scan your repo for copy/paste in CI withuses: kucherenko/jscpd/.github/workflows/action.yml@v5Bug Fixes
cpdis installed as a nested dependency (e.g. in a project'snode_modulesvia a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816v5.0.8Compare Source
Bug Fixes
vm.max_map_count(default 131 072 on Linux). The walker previously held a liveMmapper discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813--patternnot matching relative paths when the scan root is absolute (e.g. CWD). Patterns likesrc/**/*.tsnow match correctly by comparing against both the relative path and the full absolute path, and bare patterns like*.tsgain a**/prefix to match at any depth. Fixes #811\nnow count the final line correctlyv5.0.7Compare Source
Bug Fixes
test/bundlerwith 320K+ nested for-loops). OXC's recursive-descent parser allocates one stack frame per AST nesting level; pathological inputs now exceed the default 8 MiB thread stack. Fixed by building a local rayonThreadPoolwith 64 MiB stacks instead of using the global pool (which silently fails on re-init)--max-sizeto1mb— files exceeding the limit are skipped at walk time, consistent with jscpd v4'smaxSizebehavior. This prevents OXC from ever seeing megabyte-scale generated files that would overflow the stack--workers Nnow correctly takes effect on everyrun()call (previouslybuild_global()silently no-op'd after the first invocation)v5.0.6Compare Source
New Features
.jscpd.jsonfieldspath,pattern,ignore, andignorePatternare now read and applied, matching jscpd v4 behaviorignoreandignorePatternare now distinct:ignorematches file-level globs,ignorePatternmatches code-level regex patterns (previously conflated).jscpd.jsonpath config support — reads scan directories from thepathfield, resolving relative paths against the config file's directoryjscpdnpm wrapper package — publishes the same Rust binary under thejscpdname on npm with v5.x versioning--exit-codenow matches v4 behavior: accepts optional integer value (--exit-codeexits 1,--exit-code 2exits 2);--thresholdand--exit-codeare now independentmemmap2) eliminates heap copies of file contents; SIMD-accelerated line counting (viamemchr); parallel detection pipeline usesflat_mapto avoid intermediate allocations; JS tokenizer no longer clones source strings before parsing (thanks to @auterium, #808)Bug Fixes
--exit-codeto match jscpd v4's--exitCodebehavior (was boolean, now optional integer)v5.0.5Compare Source
v5.0.4Compare Source
New Features
--absolute,--ignore-case,--formats-exts,--formats-namesflags; fixed--threshold, improved--max-sizeBug Fixes
jscpd-report.htmlat theoutput_dirrootas_nanos()instead ofsubsec_nanos())v4.2.5Compare Source
Bug Fixes
tokenswas always reported as0in JSON output; now computed from token positions (end.position - start.position) (#801)..gitignorefiles in parent directories up to the repo root are now read and combined with scan-directory.gitignorefiles. Also reads.git/info/excludeand the globalcore.excludesFilefor full parity with Git's ignore resolution (#741).cli.minTokens, etc.) to thecli.opts()API required by Commander v8+. The--no-gitignore/--gitignoreflag handling was rewritten to use Commander's native negation support instead ofrawArgsinspection.v4.2.4Compare Source
v4.2.3Compare Source
v4.2.2Compare Source
v4.2.1Compare Source
v4.2.0Compare Source
Breaking Changes
.vuefiles are no longer tokenized asmarkup. Each block is now dispatched to its own sub-format:<script>→javascript,<script lang="ts">→typescript,<template>→markup,<style>→css,<style lang="scss">→scss,<style lang="less">→less. Clone reports for.vuefiles now appear under these resolved sub-format names. Any tooling or configuration that relied on.vueclones being reported undermarkupmust be updated.--formatsExtsusers — custom mappings that pointed.vuetomarkup(e.g."formatsExts": { "markup": ["vue"] }) will no longer take effect because.vueis handled by the dedicatedvueformat processor. Remove or update such mappings.New Features
prismjsnpm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan)..vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A<script>block in a.vuefile can match a.tsfile; a fenced code block in Markdown can match a.pyfile./usr/bin/env python3) are auto-detected by their#!shebang line and tokenized in the correct language.--store-path— configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.--skipComments— shorthand flag for--mode weak, which strips comments before detection.--formats-names— map specific filenames (e.g.Makefile,Dockerfile) to a detection format.Bug Fixes
@jscpd/core#728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.@jscpd/tokenizer#737) — the Lisp string regex/"(?:[^"\\]*|\\.)*"/could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear/"(?:[^"\\]|\\[\s\S])*"/pattern.package.json(#739) —readJSONSyncthrew an unhandledSyntaxErrorwhenpackage.jsoncontained invalid JSON, killing the process. Now emits a warning and continues with an empty config.vue) as the store namespace for all SFC blocks, preventing a<script>block in one.vuefile from ever matching a<script>block in another. The namespace now reflects each block's resolved sub-format.@jscpd/tokenizer.Known Limitations
v4.1.1Compare Source
v4.1.0Compare Source
New Features
aireporter that produces compact, token-efficient clone output specifically designed for feeding results into language models and AI tooling. Use--reporters aito activate it.jscpd://statisticsresource and supports a recheck endpoint so AI agents can trigger a rescan without restarting the process.--noTipsflag — suppress the usage-tip messages that appear after a detection run.Performance
spark-md5dependency has been removed in favour of a lighter built-in implementation. Startup time and memory usage are noticeably reduced on large codebases.reprismsyntax library with the officialprismjsnpm package, shrinking the installed footprint.Bug Fixes
start.lineexpectation for weak-mode clone detection.v4.0.9Compare Source
v4.0.8Compare Source
v4.0.7Compare Source
New Features
jscpd-serverpackage ships a RESTful HTTP API for code-duplication detection. Ideal for CI pipelines, IDE plugins, and services that need on-demand analysis without spinning up a CLI process.example_github_action.ymlstarter workflow is included in the repository.Bug Fixes
resolveIgnorePatternhas been fixed).v4.0.6Compare Source
Bug Fixes
remy/nodemon (nodemon)
v3.1.14Compare Source
Bug Fixes
v3.1.13Compare Source
Bug Fixes
v3.1.12Compare Source
Bug Fixes
v3.1.11Compare Source
Bug Fixes
v3.1.10Compare Source
Bug Fixes
v3.1.9Compare Source
Bug Fixes
exitcrash(9c9de6e)v3.1.8Compare Source
Bug Fixes
v3.1.7Compare Source
Bug Fixes
v3.1.6Compare Source
Bug Fixes
v3.1.5Compare Source
Bug Fixes
v3.1.4Compare Source
Bug Fixes
v3.1.3Compare Source
Bug Fixes
v3.1.2Compare Source
Bug Fixes
v3.1.1Compare Source
Bug Fixes
v3.1.0Compare Source
Features
v3.0.3Compare Source
Bug Fixes
v3.0.2Compare Source
Bug Fixes
v3.0.1Compare Source
Bug Fixes
v3.0.0Compare Source
Bug Fixes
Features
BREAKING CHANGES
However there's no function being used in semver that breaks node 8,
so it's technically still possible to run with node 8, but it will
no longer be supported (or tested in CI).
v2.0.22Compare Source
Bug Fixes
v2.0.21Compare Source
Bug Fixes
v2.0.20Compare Source
Bug Fixes
v2.0.19Compare Source
Bug Fixes
v2.0.18Compare Source
Bug Fixes
v2.0.17Compare Source
Bug Fixes
v2.0.16Compare Source
Bug Fixes
v2.0.15Compare Source
Bug Fixes
v2.0.14Compare Source
Bug Fixes
v2.0.13Compare Source
Bug Fixes
v2.0.12Compare Source
Bug Fixes
v2.0.11Compare Source
Bug Fixes
v2.0.10Compare Source
Bug Fixes
v2.0.9Compare Source
Bug Fixes
v2.0.8Compare Source
Bug Fixes
release-it/release-it (release-it)
v20.2.1Compare Source
284e63c)3156203)v20.2.0Compare Source
244d811)2476065)v20.1.0Compare Source
ecefe44) - thanks @Yeom-JinHo!5cc5ebd) - thanks @driiftkiing!14a478e) - thanks @KlausDerKleber!npm.stage) (aa20f56)29f079b)c63b4e4)4ebb66e)a2a262c)0cb51a9)v20.0.1Compare Source
f783e82) - thanks @ahippler!19921fc) - thanks @dependabot[bot]!8616a21) - thanks @rajnsunny!bee3138)v20.0.0Compare Source
5585b72) - thanks @driiftkiing!write: falseguard innpm.bump(resolve #1267) (a2d1b99)f427a85)v19.2.4Compare Source
b45dd1a) - thanks @Yeom-JinHo!cd8acdc)v19.2.3Compare Source
316dbfa)f6cc8f3)6e6dd4b)v19.2.2Compare Source
getChangelogmethod (7a56364)v19.2.1Compare Source
b7aca7c)5c0a6ee)v19.2.0Compare Source
e1f825d)424c9f6)06f41bb)382e346) - thanks @julienbenac!publishPackageManagerconfig option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#1169) (0dafc0b) - thanks @chrispader!--workspaces=falsewith npm (12bb89c)05a5986)c9d6ebf)v19.1.0Compare Source
8ccd060)c4cd2ba)a10b20d)--workspaces=falseto get rid of thenull/matcheserror (14a4907)b8c1247)release-it-beautiful-changelogplugin to list of plugins (#1261) (1b68c21)7969849)v19.0.6Compare Source
92b49d3)21309d3) - thanks @dependabot[bot]!3fbaab1) - thanks @dependabot[bot]!7a12b12)1f48d03)Configuration
📅 Schedule: (in timezone Europe/Paris)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.