And in doing so, updates the mime dependency and updates the version of node we target in Babel configuration, so... is probably slightly faster, in tiny ways.
Last release before requiring Node 6!
Bug Fixes
github links for @typedef comments should link to comment, not context (#1024) (37a91b2)
Make documentation.js compatible with node 4.x for one more version (#1033) (5067ee0)
Features
Support --shallow argument for lint command. Closes #956 (#995) (64f660d)
Support the .mjs extension by default. (#1023) (b8a7e0d)
use reference links for Markdown output, improving brevity (ab494dd)
#411 Big performance improvement. Previously an O(n) array-copying operation inside the innermost loop of jsdiff's base diffing code increased the overall worst-case time complexity of computing a diff from O(n²) to O(n³). This is now fixed, bringing the worst-case time complexity down to what it theoretically should be for a Myers diff implementation.
#448 Performance improvement. Diagonals whose furthest-reaching D-path would go off the edge of the edit graph are now skipped, rather than being pointlessly considered as called for by the original Myers diff algorithm. This dramatically speeds up computing diffs where the new text just appends or truncates content at the end of the old text.
#351 Importing from the lib folder - e.g. require("diff/lib/diff/word.js") - will work again now. This had been broken for users on the latest version of Node since Node 17.5.0, which changed how Node interprets the exports property in jsdiff's package.json file.
#344diffLines, createTwoFilesPatch, and other patch-creation methods now take an optional stripTrailingCr: true option which causes Windows-style \r\n line endings to be replaced with Unix-style \n line endings before calculating the diff, just like GNU diff's --strip-trailing-cr flag.
The resource property will not contain the port, but the host one will.
Throw an error if the input is invalid. Hence, file paths like /home/path/to/dir will only be valid if the file:// protocol is added (file://home/path/to/dir)
Throw an error if the input length exceeds the maximum length (parse.MAX_URL_LENGTH), by default 2048.
To trigger a single review, invoke the @coderabbitai review command.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Share
- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)
Tips
### Chat
There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai):
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- `I pushed a fix in commit .`
- `Generate unit testing code for this file.`
- `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
- `@coderabbitai generate unit testing code for this file.`
- `@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- `@coderabbitai generate interesting stats about this repository and render them as a table.`
- `@coderabbitai show all the console.log statements in this repository.`
- `@coderabbitai read src/utils.ts and generate unit testing code.`
- `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
### CodeRabbit Commands (invoked as PR comments)
- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai help` to get help.
Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
### CodeRabbit Configration File (`.coderabbit.yaml`)
- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json`
### Documentation and Community
- Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked
package source code to understand the potential risk. Ensure the package
is not malicious before proceeding. If you're unsure how to proceed, reach
out to your security team or ask the Socket team for help at support [AT]
socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all
Bumps the npm_and_yarn group with 8 updates in the / directory:
0.0.74.0.014.0.34.2.14.2.30.10.300.10.640.0.51.2.80.0.10.0.46.1.116.2.10.7.350.7.37Removes
ansi-htmlUpdates
documentationfrom 4.0.0 to 14.0.3Release notes
Sourced from documentation's releases.
Changelog
Sourced from documentation's changelog.
Commits
8aae14bchore(release): 14.0.39c42abbbuild(deps): bump actions/setup-node from 3.6.0 to 3.8.0 (#1614)d4559bebuild(deps-dev): bump mock-fs from 5.1.4 to 5.2.0 (#1601)e030a3fSort memberof (#1452)930edd2Update USAGE.md (#1463)1cc2f98fix: fix GFM markdown output (#1553)4600c97Remove broken David badge on README (#1611)12cfa02Update NODE_API.md (#1616)de30e89Update membership.js (#1620)8fcbeaeFix a few typos on CHANGELOG (#1610)Updates
browserify-signfrom 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ecv4.2.39247adf[patch] widen support to 0.12f427270[Deps] update `parse-asn187f3a35[Dev Deps] updateaud,npmignore,tapefb261ce[Deps] updateelliptic4d0ee49[patch] drop minimum node support to v19e2bf12[Deps] pinhash-baseto ~3.0, due to a breaking change168e16f[Deps] pinellipticdue to a breaking change37a4758[actions] remove redundant finisher4af5a90v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
difffrom 1.4.0 to 5.2.0Changelog
Sourced from diff's changelog.
... (truncated)
Commits
370a9df5.2.0 release (#483)a2f726aAdd myself to the list of maintainers (#482)dfc6fe4Add examples to docs of creating and applying patches (importantly including ...b5d1cfaModify node_example.js to support showing added/deleted spaces (#479)533893dAddtimeoutoption (#478)1f1ec96Replace broken link to Myers's paper in the README with a working one (#476)707fcccAdd note to README about settingcontextto Infinity or MAX_SAFE_INTEGER. (...1c7514cFix mistake in README (#471)ca8718cBump follow-redirects from 1.14.8 to 1.15.4 (#470)25a14afMigrate to DABH's fork of colors (#469)Maintainer changes
This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.
Updates
remark-htmlfrom 6.0.1 to 7.0.0Release notes
Sourced from remark-html's releases.
Commits
acdc1a77.0.0281ba72Updatemdast-util-to-hast625d303Addskip_cleanupto Travise8bcbaaUpdate Node in Traviscf3eba1Updateremark,remark-cliUpdates
yargs-parserfrom 4.2.1 to 5.0.1Changelog
Sourced from yargs-parser's changelog.
Commits
eab6c03chore: release 5.0.1 (#363)1c417bdfix(security): address GHSA-p9pc-299p-vxgp (#362)e93a345chore: mark release in commit history (#361)ee15863chore: push new package version4774207fix: back-porting prototype fixes for really old version (#271)2c95ba9chore(release): 5.0.05755fa5docs: use absolute path to yargs logo76cee1ffix: environment variables should take precedence over config file (#81)Maintainer changes
This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.
Updates
ellipticfrom 6.5.4 to 6.5.5Commits
75700786.5.5206da2elib: lint0a78e03[Fix] restore node < 4 compatUpdates
es5-extfrom 0.10.30 to 0.10.64Release notes
Sourced from es5-ext's releases.
... (truncated)
Changelog
Sourced from es5-ext's changelog.
... (truncated)
Commits
f76b03dchore: Release v0.10.642881acdchore: Bump dependenciesc2e2bb9fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72docs: Fix date in the changelogde4e03cchore: Release v0.10.633fd53b7chore: Upgradelint-stagedto v13bf8ed79chore: Ensure postinstall script does not crash on Windows2cbbb07chore: Bump dependencies22d0416chore: Bump LICENSE yeara52e957fix: Support ES2015+ function definitions infunction#toStringTokens()Updates
minimistfrom 0.0.5 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2v1.2.8a026794Merge tag 'v0.2.3'c0b2661v0.2.363b8fee[Fix] Fix long option followed by single dash (#17)72239e6[Tests] Remove duplicate test (#12)34b0f1c[eslint] fix indentation3226afa[Dev Deps] add missingnpmignoredev dep098873c[Dev Deps] update@ljharb/eslint-config,aud9ec4d27[Fix] Fix long option followed by single dashba92fe6[actions] Avoid 0.6 tests due to build failuresMaintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Updates
faucetfrom 0.0.1 to 0.0.4Changelog
Sourced from faucet's changelog.
Commits
6f06608v0.0.479c3ff2[Fix] downgradetap-parserto v0.7.084d8f72[Deps] updatearray.prototype.foreach,array.prototype.join, `array.proto...42d4d86[Dev Deps] update@ljharb/eslint-config,aud5ea8305[Deps] updatedefined,minimist8e5332d[actions] update checkout actionec6db3av0.0.3fa1ee37[Deps] updatetap-parser43a11c4[Deps] updatedefined358d919[Fix] usereadable-streamto fix tests in node < 1Maintainer changes
This version was pushed to npm by ljharb, a new releaser for faucet since your current version.
Updates
inifrom 1.3.8 to 3.0.1Release notes
Sourced from ini's releases.
Changelog
Sourced from ini's changelog.
Commits
153678bchore(main): release 3.0.1 (#167)5d9ab39fix: linting (#166)b20d6a5chore: bump@npmcli/template-ossfrom 3.4.2 to 3.4.3 (#162)611c02dchore: bump@npmcli/template-ossfrom 3.4.1 to 3.4.2 (#161)05b02acchore: bump@npmcli/template-ossfrom 3.2.2 to 3.4.1 (#160)e24ffefchore(main): release 3.0.0 (#157)00a7cdbchore: bump tap from 15.2.3 to 16.0.1 (#158)e3a5d18fix: replace deprecated String.prototype.substr() (#155)837831adeps:@npmcli/template-oss@3.2.2 (#156)4f289942.0.1Maintainer changes
This version was pushed to npm by gar, a new releaser for ini since your current version.
Updates
parse-urlfrom 3.0.2 to 8.1.0Release notes
Sourced from parse-url's releases.
... (truncated)
Commits
4412976Updated docsac17353Merge branch 'patch-1' of github.com:briancoit/parse-url into new-version778a0a5Merge branch 'support-custom-user' of github.com:privatenumber/parse-url into...0baab4fMerge branch 'improve-regex' of github.com:privatenumber/parse-url into new-v...d1a4395Merge branch 'fix-cjs' of github.com:privatenumber/parse-url into new-versionUnable to locate .performanceTestingBot config file
Processing PR updates...
Check out the playback for this Pull Request here.
Thanks @dependabot[bot] for opening this PR!
For COLLABORATOR only :
To add labels, comment on the issue
/label add label1,label2,label3To remove labels, comment on the issue
/label remove label1,label2,label3Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Share
- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)Tips
### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commitNew and removed dependencies detected. Learn more about Socket for GitHub ↗︎
+120+76🚮 Removed packages: npm/documentation@4.0.0, npm/faucet@0.0.1
View full report↗︎
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
node -e "try{require('./_postinstall')}catch(e){}" || exit 0package-lock.jsonpackage.jsonView full report↗︎
Next steps
What is an install script?
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with
@SocketSecurity ignorefollowed by a space separated list ofecosystem/package-name@versionspecifiers. e.g.@SocketSecurity ignore npm/foo@1.0.0or ignore all packages with@SocketSecurity ignore-all@SocketSecurity ignore npm/es5-ext@0.10.64