fix(deps): update all non-major dependencies#2592
Open
renovate-bot wants to merge 1 commit into
Open
Conversation
forking-renovate
Bot
added
📦 dependencies
renovate-bot
added
📦 dependencies
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2592 +/- ##
=======================================
Coverage 100.0% 100.0%
=======================================
Files 199 199
Lines 25168 25168
Branches 8908 8908
=======================================
Hits 25168 25168
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
angular-slickgrid
aurelia-slickgrid
slickgrid-react
slickgrid-vue
@slickgrid-universal/angular-row-detail-plugin
@slickgrid-universal/aurelia-row-detail-plugin
@slickgrid-universal/react-row-detail-plugin
@slickgrid-universal/vue-row-detail-plugin
@slickgrid-universal/binding
@slickgrid-universal/common
@slickgrid-universal/composite-editor-component
@slickgrid-universal/custom-footer-component
@slickgrid-universal/custom-tooltip-plugin
@slickgrid-universal/empty-warning-component
@slickgrid-universal/event-pub-sub
@slickgrid-universal/excel-export
@slickgrid-universal/graphql
@slickgrid-universal/odata
@slickgrid-universal/pagination-component
@slickgrid-universal/pdf-export
@slickgrid-universal/row-detail-view-plugin
@slickgrid-universal/rxjs-observable
@slickgrid-universal/sql
@slickgrid-universal/text-export
@slickgrid-universal/utils
@slickgrid-universal/vanilla-bundle
@slickgrid-universal/vanilla-force-bundle
commit: |
renovate-bot
force-pushed
the
renovate/all-minor-patch
branch
from
38d0f54 to
f114847
Compare
renovate-bot
changed the title
renovate-bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
04cc19f to
6d2dfea
Compare
renovate-bot
force-pushed
the
renovate/all-minor-patch
branch
from
6d2dfea to
976caa4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^5.0.0→^5.0.1^2.0.326→^2.0.328^2.0.2→^2.0.3^19.2.14→^19.2.15^6.0.1→^6.0.2^6.0.6→^6.0.7^5.0.0-beta.2→^5.0.0-beta.3^5.0.0-beta.2→^5.0.0-beta.3^3.2.9→^3.3.1^3.4.3→^3.4.5^5.0.0→^5.0.1^2.76.0→^2.79.0^0.8.2→^0.8.3^4.12.18→^4.12.22^1.65.0→^1.66.0^8.5.14→^8.5.15^1.99.0→^1.100.0^8.0.13→^8.0.14^5.0.0→^5.0.1^5.0.0-beta.2→^5.0.0-beta.3^3.2.9→^3.3.1Release Notes
ghiscoding/excel-builder-vanilla (@excel-builder-vanilla/types)
v5.0.1Compare Source
Bug Fixes
microsoft/fluentui-system-icons (@fluentui/react-icons)
v2.0.328Compare Source
v2.0.327Compare Source
honojs/node-server (@hono/node-server)
v2.0.3Compare Source
What's Changed
ServeStaticOptionscomment with the current spec by @kakkokari-gtyih in #356New Contributors
Full Changelog: honojs/node-server@v2.0.2...v2.0.3
vitejs/vite-plugin-react (@vitejs/plugin-react)
v6.0.2Compare Source
Allow all options in reactCompilerPreset (#1189)
This is a type only change. Only
compilationModeandtargetoptions were available forreactCompilerPreset.vitejs/vite-plugin-vue (@vitejs/plugin-vue)
v6.0.7Features
@rolldown/pluginutilsversion (#776) (941b651)Bug Fixes
vitest-dev/vitest (@vitest/coverage-v8)
v5.0.0-beta.3Compare Source
🚨 Breaking Changes
expect.pollwhen function didn't resolve in time - by @hi-ogawa and Codex in #10233 (4df04)🚀 Features
kindinpage.mark- by @AriPerkkio in #10302 (053e8)context.markfor custom command tracing - by @AriPerkkio in #10329 (aa514)🐞 Bug Fixes
attachmentsDirroot only config - by @hi-ogawa and Codex in #10334 (fab1b)__esModule- by @hi-ogawa in #10363 (2b135)wrapDynamicImporttransform on ssr environment - by @hi-ogawa in #10355 (d3c96)FORCE_COLORover agent detection - by @dokson in #10272 (7e66b)excludeto not inherit negation globs fromtest.include- by @AriPerkkio in #10299 (28685)toNotFake- by @BPScott, @hi-ogawa and Codex in #10043 (bbf2f)summaryto intercept logger's streams even when they are notprocess.std*streams - by @AriPerkkio in #10340 (f79e7)testModulesinonTestRunEndwhen merging blobs from different root directory test runs - by @hi-ogawa and Codex in #10348 (745b3)🏎 Performance
View changes on GitHub
vuejs/language-tools (@vue/language-core)
v3.3.1Compare Source
language-core
language-service
typescript-plugin
vscode
v3.3.0Compare Source
language-core
v-ifbranch fragments when collecting single root nodes - Thanks to @KazariEX!SfcAPIs toIR- Thanks to @KazariEX!language-service
html.customData(#5910) - Thanks to @Bomberus!=""only for plain boolean props completion edits - Thanks to @KazariEX!typescript-plugin
vscode
extraFileExtensionsin tsserverconfigurerequest payload (#6048) - Thanks to @KazariEX!cure53/DOMPurify (dompurify)
v3.4.5Compare Source
v3.4.4: DOMPurify 3.4.4Compare Source
selectedcontentelement to default allow-list, thanks @lukewarlowcommandandcommandforattributes to default allowed-list, thanks @lukewarlowIN_PLACEoperations, thanks @DEMON1Aghiscoding/excel-builder-vanilla (excel-builder-vanilla)
v5.0.1Compare Source
Note: Version bump only for package excel-builder-vanilla
fallow-rs/fallow (fallow)
v2.79.0Compare Source
Added
ember-source,ember-cli,@embroider/core,@embroider/compat, or@glimmer/component. Whitelists the build- / CLI- / runtime-resolved tooling that no source file imports (ember-sourceitself,ember-cli,ember-cli-htmlbars, etc.) so those packages do not surface asunused-dependency. Packages that a modern Ember app imports directly (@glimmer/component,@glimmer/tracking, etc.) are deliberately omitted; the normal import graph credits them, and listing them in the tooling allowlist would mask real removals when a user drops the dependency. Declares scoped used-class-member rules forComponent,Route,Controller,Service,Helper,Modifier,Application, andRouterso framework-invoked lifecycle methods (model,setupController, etc.) are not flagged as unused on subclasses. Declares the specific@ember/*paths thatember-sourceexposes through the AMD loader (classic) and the Embroider rewriter (@ember/application,@ember/array, etc.) as virtual-module prefixes so they no longer surface asunresolved-importorunlisted-dependency. The list is deliberately enumerated rather than a blanket@ember/because parts of the@ember/*namespace are real npm packages users install explicitly (@ember/test-helpers,@ember/render-modifiers, etc.); a blanket prefix would mask legitimate missing-dep bugs when one of those is removed frompackage.json. The source of truth for the enumeration isember-source'spackage.json#exportsfield. Because matching is prefix-based, new subpaths under existing roots (e.g. future@ember/object/...additions) are covered automatically. Known gaps: bareimport Ember from 'ember'and v1 addon subpaths likeember-in-viewport/modifiers/in-viewportstill needignoreDependenciesor an inline suppression until addon-shape resolution is added (not planned). Exposes Ember's classic-layout filesystem conventions (app/components/**,app/routes/**,app/services/**,tests/**/*-test.{js,ts,gjs,gts},config/,ember-cli-build.js,testem.js) as entry-point globs since the Ember resolver loads those modules by convention rather than via staticimport. Scoped to strict-mode Ember apps and v2 addons: classic v1 addon layouts (addon/,addon-test-support/) are intentionally out of scope because they predate strict-mode.gts/.gjsand gain nothing from the plugin's value-adds; v1-addon maintainers can declare those paths viaentryin their fallow config..gts/.gjssingle-file components were already parseable thanks to the existing<template>-stripping helper; tracking imports referenced only inside<template>blocks (and inside co-located.hbstemplates) is intentionally deferred, which will extend the same scaffolding withsfc_template-style scanning. Thanks @mike-engel for the plugin (PR #369).<template>blocks credit imported-binding usage in.gts/.gjs. Imports referenced only inside a<template>...</template>block are no longer flagged asunused-import: PascalCase tag invocation (<HelloWorld />), mustache helper ({{capitalize x}}), triple-stash helper ({{{formatHtml body}}}), sub-expression helper ({{if (and a b) "y" "n"}}), element modifier ({{on "click" handle}}), and dotted reference ({{utils.formatDate value}}) are all credited. Handlebars/Glimmer built-in keywords (if,unless,each,let,yield, etc.),this.*chains,@argreferences, and named-argument keys are never resolved as imports. Block-parameter introductions (as |item index|) are accumulated as template-scope locals so they shadow same-named imports. Co-located.hbstemplates remain a known limitation: imports referenced only inside a sibling.hbsfile still surface as unused on the sibling.js/.ts; the plugin'sentry_patternskeep the JS sibling reachable as a file, and migrating to.gtsremoves the limitation entirely. The extraction cache (CACHE_VERSIONbumped to 95) invalidates automatically on upgrade so warm.gts/.gjsentries are re-extracted with template-visible import usage.Fixed
React Router v7 and Remix generated
./+types/*route modules no longer surface as unresolved imports when the generated files are absent from a clean checkout. Before, route modules usingimport type { Route } from "./+types/root"reported false-positiveunresolved-importfindings because those modules are produced by the framework's typegen step and are often gitignored. After, the React Router and Remix plugins declare./+types/as a generated type-import prefix. The suppression is plugin-gated and type-only, so runtime imports under the same prefix still report normally. (Closes #645.)JSX resource attributes no longer report as unresolved imports. Before, generic TSX metadata such as
<link rel="stylesheet" href="style-a.css" />,<link rel="modulepreload" href="/vendor.js" />, and<script src="./script-a.js" />emitted synthetic side-effect imports, so serializer tests in projects like Hono produced large falseunresolved-importsclusters for runtime HTML literals. After, generic JSX resource attributes are ignored by default, while HTML files and barehtmltagged-template asset scanning keep their existing graph edges. The extraction cache version is bumped so warm caches drop stale JSX resource edges. (Closes #640.)Combined human summaries are less repetitive, and
fallow explainaccepts issue labels with spaces. Before,fallow --summaryin human mode could print both a section header and the summary renderer's own title for the same analysis, and combined runs could repeat theloaded config:notice once per analysis phase. After, combined summary sections keep their high-level headers without duplicating titles, config-load notices are deduped per config file, andfallow explain unused files/fallow explain code duplicationwork the same as the existing hyphenated spellings.Public class members exposed through non-private package entry points are no longer reported as removable internals. Library-style packages that re-export builder or database classes from
package.jsonentry points (main, rootexports, or subpathexports) previously reported every uncalled public method asunused-class-member, even though those methods are part of the consumer API.find_unused_membersnow treats classes reached from an actual non-private package entry point re-export, from the transitiveexport *closure rooted at one, or fromsrc/**/index.*source subpath indexes in packages with noexportsmap as public API and skips class member findings for those exports. The skip is limited to class methods/properties, so enum member behavior, private app packages, and internal reachable classes are unchanged. Covers renamed re-exports, default-as-named re-exports, source-first rootindex.jsfallbacks, package subpath exports, exportless source subpath indexes, and multi-hop star barrels. (Closes #643.)Workspace and self package imports that point at missing prebuild output now resolve back to source. Before, packages such as Nitro and Redux Toolkit could report false
unresolved-imports,unlisted-dependencies,unused-dependencies, andunused-fileswhenpackage.jsonimportsorexportsselecteddisttargets before a build had run. After, fallow uses the nearest package manifest for#...imports and known root/workspace package manifests for self or workspace package specifiers, maps project-relative output targets back to trackedsrccandidates, and preserves dependency usage metadata when those package imports resolve to internal source files. Unmatched hash aliases, missing source targets, undeclared workspace imports, and unrelated unused files still report. (Closes #641.)Cloudflare Workers, Content Collections, and Node
module.register()loaders no longer surface as false positives. Three convention-driven shapes were previously reported asunused-file/unused-exportbecause fallow had no static way to follow them. After: (1) Cloudflare Workers projects with"main": "src/worker.tsx"(or anyenv.<name>.mainoverride) inwrangler.{toml,json,jsonc}keep that worker entry alive; the static glob also widens tosrc/{index,worker}.{ts,tsx,js,jsx,mts,mjs}so JSX worker entries from rwsdk, React Router worker, and Hono on Workers stay reachable without reading the config. (2) Content Collections projects (@content-collections/{core,vite,next,solid-start,remix-vite,qwik,vinxi}) keep their rootcontent-collections.{ts,tsx,js,jsx,mts,mjs,cts,cjs}config alive, and the@content-collections/*packages stay credited as tooling deps. The plugin activates when any framework integration is a direct dep, so the common case of installing only@content-collections/vite(withcorearriving transitively) still works. (3) Nodemodule.register('./hooks/loader.ts', import.meta.url)calls (or theregister(url)form whereurlis bound tonew URL('./loader.ts', import.meta.url), including the conditionalcondition ? srcUrl : distUrlshape) now credit the loader file's hook exports: the currentinitialize/resolve/load/globalPreloadset plus the legacygetFormat/getSource/transformSourcefor projects still on older Node. The extraction cache version is bumped, so users on warm caches will see a one-time re-extract on first run after upgrading. Thanks @M-Hassan-Raza for the patch. (Closes #588, #589, #590.)Playwright
extend()fixture helpers are credited as used class members. Before, helper classes referenced only as Playwright fixtures (test.extend({ helper: async ({}, use) => use(new MyHelper(page)) })) had every public method reported asunused-class-memberbecause the visitor only tracked direct call expressions, not the property-access shape that fixture consumers use (await helper.click('button')). After, the AST visitor's class-member usage tracker credits identifier references to fixture-bound helper classes the same way it credits direct invocations, so Playwright Page Object Model patterns no longer surface false-positive removable-internal findings.HTML asset scanner skips build-time template-placeholder specifiers.
<script src="{{rootURL}}assets/app.js">(Ember'sapp/index.html),<script src="###APPNAME###/...">(ember-cli blueprint scaffolds), and the equivalent shapes from any other framework that embeds Handlebars / Mustache / Jinja2 / pre-compiled Vue or Angular template syntax inside checked-in HTML are filtered at extraction time instead of being seeded as unresolvable specifiers that surface asunresolved-import.{{and###are never valid characters in a real<script src>/<link href>path, so the filter is generic across template engines rather than gated on a plugin. Applies to<script src>,<link rel="stylesheet" href>, and<link rel="modulepreload" href>.v2.78.1Compare Source
Fixed
Windows clippy on
mainis green again. The pre-existing#[expect(dead_code)]annotation onScopedChild::idwas unfulfilled on Windows because the function ispubin apub mod, so rustc never flags it as dead under-D warnings. Switched to#[allow]which tolerates the lint not firing, restoring the Windows leg ofci.yml. No user-visible behavior change.npm install fallowpostinstall no longer fails on shared-IP CI runners withdigest-unavailable. Before, the postinstall verifier fetched each platform binary's expected SHA-256 from the unauthenticated GitHub release API (api.github.com/repos/fallow-rs/fallow/releases/tags/v<version>), so pooled CI IPs (Buildkite, GHA shared runners, internal build clusters) routinely exceeded the 60 req/hr unauthenticated limit andpnpm install --frozen-lockfileaborted withfallow: binary verification failed ... (digest-unavailable): GitHub release API returned HTTP 403: API rate limit exceeded. After, the release workflow'snpm-prepjob computes the SHA-256 of every binary inside each@fallow-cli/<platform>package and writes it into the platform package'spackage.jsonunderfallowDigests.verify-binary.jsreads that embedded value first and only falls back to the GitHub API for platform packages published before v2.78.1 that do not yet carry the field, so steady-state installs perform zero network calls during digest verification. TheEd25519signature layer and theFALLOW_SKIP_BINARY_VERIFYescape hatch are unchanged. (Closes #597.)v2.78.0Compare Source
Added
fallow flagsdefault SDK detector list expanded to PostHog, Vercel Flags, ConfigCat, Optimizely, and Eppo. Before, the built-in detector set covered LaunchDarkly, Statsig, Unleash, and GrowthBook only; teams using any of the five additional providers had to wire upflags.sdkPatternsmanually in.fallowrc.jsonor accept zero detections. After, every project runningfallow flags(or the barefallowcombined pipeline with the flags rule on) picks up flag usage from those five SDKs out of the box, matching the call-shape conventions each library publishes (posthog.isFeatureEnabled('flag-name'),useFlag('flag-name')andgetFlag('flag-name')for@vercel/flags,configcatClient.getValueAsync('flag-name', default),optimizely.isFeatureEnabled('flag-name'),eppoClient.getStringAssignment('flag-name', subject, default)). User-authoredflags.sdkPatternsstill apply on top of the expanded built-in set, so existing custom detectors continue to win when they overlap. (Closes #563.)--explainnow works in human output and in combined-mode JSON, not just subcommand JSON. Before,--explainwas a documented top-level flag promising "Include metric definitions and rule descriptions in output" but it only fired on the subcommand+JSON path (fallow dead-code --explain --format json, etc.); every other invocation (fallow --explain,fallow --explain --format json,fallow dead-code --explainhuman,fallow health --explainhuman,fallow dupes --explainhuman, plus the combined-mode variants) produced output byte-identical to the same invocation without the flag. After, the human renderers each gain aDescription:line under each rule / metric with the prose pulled fromcrates/cli/src/explain.rs::{CHECK_RULES, HEALTH_RULES, DUPES_RULES}, and combined-mode JSON gains a top-level_metafield aggregating the per-analysis_metablocks so a singlefallow --explain --format jsoncall surfaces the full rule + metric description set. Subcommand+JSON behaviour is unchanged. (Closes #559.)License verification rejects JWTs whose
iatclaim is more than 24h in the future relative to the local clock, surfacing clock-skew problems loudly instead of silently letting expired licenses pass. Before, the verifier infallow-licensecompared the JWT'sexpclaim againstSystemTime::now()with no skew bound on either side: a laptop with the clock set to 2020 would treat a 2025-expired license asValidfor years; a JWT withiatin the future (an out-of-sync signing server, or a replayed token from a forward-shifted clock) was accepted without question. After,verify_jwt_with_skewruns an explicitclaims.iat > now + tolerancecheck after signature verification and before the grace ladder. The same inequality catches both directions of skew (a forward-signed JWT and a clock-behind-reality), sincenow < iat - toleranceis equivalent toiat > now + tolerance. Rejection surfaces as a newLicenseError::ClockSkewvariant whoseDisplaymessage names CI containers without NTP, dead BIOS batteries, and clock drift as common non-user causes, and renders the magnitude as a human-friendly duration (e.g.2 days) rather than raw seconds. The existingverify_jwt(raw, key, now, hard_fail_days)signature is preserved as a thin shim that delegates with the default tolerance, so out-of-tree embedders of thefallow-licensecrate see no breaking change. The default tolerance (24h, matchingjsonwebtoken/pyjwt/jjwtleeway conventions) is overridable via the newFALLOW_LICENSE_SKEW_TOLERANCE_SECONDSenv var for CI environments with predictable drift; lenient parsing (unset / empty / unparsable / negative all fall back to the default) keeps a typo in a runner env block from failing license verification. Theiat-only check is deliberately asymmetric toexp: the existing 7/30/hard-fail grace ladder already absorbs sub-dayexpskew, so layering tolerance onexpwould duplicate coverage. (Closes #453.)Changed
fallowon a moderately-sized project saw nothing between command issue and the final summary, with no indication that the process was alive. After,fallow_coreholds one persistent indicatif spinner spawned at the start of the run and reused across every stage, with the stage label updated in place as the pipeline advances ("Discovering files", "Extracting AST", "Building graph", "Detecting dead code", etc.). The spinner draws on stderr regardless of--format, respectsFALLOW_QUIET=1/--quiet/ non-TTY stderr (suppressed in those cases for clean piped output), and is mutually exclusive with--trace-style stderr emission. No JSON / SARIF / CodeClimate output change. (Closes #560.)Fixed
TanStack Router
./routeTree.genimports no longer surface as unresolved when the generated route tree is absent from a clean checkout. Before, projects using TanStack Router or Start could import./routeTree.genfromsrc/router.tsxand get a false-positiveunresolved-importbecausesrc/routeTree.gen.tsis generated by TanStack tooling and is often gitignored until codegen runs. The TanStack Router plugin now declares/routeTree.genas a generated import suffix, so active TanStack projects suppress that framework artifact while ordinary missing relative imports still report. (Closes #646.)fallow --scoreandfallow --trendnow render the health score and trend in human terminal output. Before, the bare combined-mode invocations computed the score and serialized it to JSON / SARIF / CodeClimate, butcrates/cli/src/combined.rs::print_orientation_headernever called the existingrender_health_score/render_health_trendhelpers incrates/cli/src/report/human/health.rs. A user runningfallow --scoreto read the project score in the terminal saw the same orientation header as a plainfallowrun, whilefallow --score --format json | jq .health.health_scorereturned the populated object. After,print_orientation_headercollects score + trend lines via those helpers (now exported throughcrate::report) and emits them on stderr above the vital signs block, matching the visual treatment offallow health --score(● Health score: <score> <grade>plus the per-penalty deductions line). A newskip_score_and_trendfield onReportContexttells the downstream Complexity section'sprint_health_humanto skip the score / trend block so the line is rendered exactly once (combined-mode call site setstrue, standalonefallow healthandfallow auditkeepfalseso their renderers stay inline). When--trendis set the trend table also renders; vital signs continue to be suppressed in that case as before.--min-scoreexit-code gating, JSON / SARIF / CodeClimate output, and the no-flag barefallowhuman output are unchanged. (Closes #557.)fallow check --format codeclimate --productionno longer panics withinternal error: entered unreachable codewhen a--production-suppressed dep / export / member rule resolves toSeverity::Off. Three generic-iterator helpers incrates/cli/src/report/codeclimate.rs(push_dep_cc_issues,push_unused_export_issues,push_unused_member_issues) eagerly calledseverity_to_codeclimate(severity)BEFORE iterating their findings, so a call withseverity = Offand an empty (or filtered-down) findings vec hit theOff => unreachable!()arm and exited 101. The fix moves the severity mapping inside each helper's loop body, so the call only fires when there is a finding to emit; behaviour for non-empty findings is byte-identical and a newbuild_codeclimate_with_off_severity_and_empty_findings_does_not_panicregression test locks it in. Slice-based helpers were already safe via their existingis_empty()early-return guards. The same PR also centralisedseverity_to_codeclimatenext to the SARIF and review-label mappers incrates/cli/src/report/ci/severity.rs::codeclimate_severity, so adding a futureSeverityvariant now compile-fails at all three CI-format mappers simultaneously. Wire shape unchanged: existing CodeClimate snapshot tests pass byte-identically. (Closes #452.)fallow list --filesandfallow list --entry-pointsnow emit forward-slashed paths in both--format jsonand the default plain-text output. Before, the per-path projection skipped the.replace('\\', "/")normalisation that the sibling workspaces array already applied viaformat_display_path, so Windows consumers receivedsrc\index.ts-shaped paths via JSON (breaking CI glob filters, MCP agents, and downstream pipelines that assume POSIX-style separators) and via stdout when piping toxargs/grep. The plain-text--filesand--entry-pointssites are now routed throughformat_display_pathso the four list emission paths share one canonical helper. Sibling regression testslist_json_files_are_relative_pathsandlist_json_entry_point_paths_are_relativewere tightened withassert!(!path.contains('\\'))and a strictstarts_with("src/")clause so a backslashed path now fails CI on the Windows leg pre-fix and passes post-fix. Refs #561; follow-up to #575.Focused duplicate analysis (
fallow audit --gate new-only,fallow dupes --changed-since) no longer drops every clone group on Windows whenopts.rootand the changed-files set disagree on Windows verbatim-prefix shape.crates/core/src/duplicates/shingle_filter.rs::filter_to_focus_candidatesandcrates/core/src/duplicates/detect/mod.rs::detect_innerboth comparedfocus_files.contains(&file.path)directly. On Windows,focus_filesenters with non-verbatim paths (joined onto adunce::canonicalized toplevel fromtry_get_changed_files), whilefile.pathmay carry the\\?\verbatim prefix when the caller pre-canonicalisedopts.rootwithstd::fs::canonicalize(the audit test fixtures do this to exercise the macOS/var/folders/...->/private/var/folders/...symlink case). Byte-levelFxHashSet::containsmismatched on the prefix component, every file landed as non-focus, and the dupes detector materialised zero clone groups. After, both sites normalise the focus set's entries viadunce::simplifiedonce at function entry, then look up vianormalized_focus.contains(dunce::simplified(&file.path)).dunce::simplifiedis a no-op string-level operation on POSIX and on non-verbatim Windows paths, so the fix is zero-cost off the bug's hot path. Closes the last 2 Windows-only audit test failures:audit_dupes_only_materializes_groups_touching_changed_filesandaudit_gate_new_only_inherits_pre_existing_duplicates_in_focused_files. Refs #561.try_get_changed_filesnow normalises forward-slash segments to backslash on Windows so theFxHashSet::containscheck against discovery-emitted paths actually matches.git diff --name-onlyemits paths shapedsrc/legacy.tsregardless of host OS.PathBuf::joinon Windows appends with the native backslash separator without converting separators inside the appended segment, so the resulting buffer landed asC:\Users\...\Temp\test\src/legacy.ts(mixed separators). File discovery via walkdir produces all-backslash paths (C:\Users\...\Temp\test\src\legacy.ts).FxHashSet::containscompares bytes, not components; the two forms mismatched and the focused duplicates / changed-since filters silently dropped every finding. On POSIX the segment is already in native form so the new#[cfg(windows)]-guarded replace is a no-op. Closes the last two Windows-only audit test failures:audit_dupes_only_materializes_groups_touching_changed_filesandaudit_gate_new_only_inherits_pre_existing_duplicates_in_focused_files. Also fixespath_is_inside_temp_dirto usedunce::simplified(no I/O) so it accepts both verbatim and non-verbatim input shapes including synthetic test paths. Refs #561.fallow audit's docs-only fast path, reusable-worktree cache hash, worktree-identity comparison, andpath_is_inside_temp_dirfilter all usedunce::canonicalizeinstead ofstd::fs::canonicalizeto keep Windows path-prefix comparisons consistent. Follow-up sweep to the CHANGELOG entry below (which only fixedresolve_git_toplevel's canonicalisation). Four additional production sites incrates/cli/src/audit.rsstill usedstd::fs::canonicalize, each producing a\\?\C:\...verbatim path on Windows that mismatched against non-verbatim paths flowing in through other code paths (opts.root,std::env::temp_dir(), etc.). The mismatch broke three audit unit tests (audit_dupes_only_materializes_groups_touching_changed_files,audit_gate_new_only_inherits_pre_existing_duplicates_in_focused_files,audit_gate_new_only_skips_base_snapshot_for_docs_only_diff) which surfaced after the prior fix closed the changed_files mismatch. Sites switched:can_reuse_current_as_base::canonical_cache_dir,reusable_audit_worktree_path::repo_root,paths_equal, andpath_is_inside_temp_dir.dunce::canonicalizeis identical tostd::fs::canonicalizeon POSIX. Refs #561.fallow's nudge, refactoring-targets, Angular rollup, and inherited-from human-output lines now render workspace-relative paths instead of bare basenames. Before, the combined-mode failure footer renderedFailed: dead-code (...), health (...) ... start with index.ts, the orientation header's refactoring-targets nudge rendered3 refactoring targets ... start with index.ts (complexity), the Angular component rollup line rendered `rolled up: ... on MyComponent.method + ... on temConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.