Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade tree-sitter-cli from 0.20.8 to 0.22.6 #2

Merged
merged 1 commit into from
Aug 10, 2024

Conversation

abdulrahman305
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 9 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Release notes
Package name: tree-sitter-cli
  • 0.22.6 - 2024-05-05

    [0.22.6] — 2024-05-05

    Features

    • Improve handling of serialization buffer overflows (#3318)
    • Reverse iteration through node parents (#3214)
    • cli: Support NO_COLOR (#3299)
    • cli: Add test listing and allow users to parse a specific test number (#3067)
    • grammar: Add "inherits" field if available (#3295)

    Bug Fixes

    • Correctly load field data from wasm languages
    • Improve error message when the tree-sitter field is malformed
    • Don't error out on package.json lookup errors if --no-bindings is passed (#3323)
    • cli: Keep default cc flags in build
    • cli: Properly account for multi-grammar repos when using docker to build a wasm parser (#3337)
    • generate: Don't check arbitrarily named dirs
    • generate: Take AsRef<Path> for the path parameter to avoid clones (#3322)
    • highlight: Correct signature of ts_highlighter_add_language
    • lib: Do not return field names for extras (#3330)
    • lib: Advance the lookahead end byte by 4 when there's an invalid code point (#3305)
    • rust: Update README example (#3307)
    • rust: Use unix + wasi cfg instead of not windows for fd (#3304)
    • test: Allow newlines in between test name and attribute
    • wasm: Correct childrenFromFieldXXX method signatures (#3301)
    • xtask: Always bump every crate in tandem
    • zig: Make usable as a zig dependency (#3315)

    Documentation

    • Mention build command variables
    • Swap \s for \\s in query example
    • highlight: Typo (#3290)

    Refactor

    • tests: Migrate remaining grammar.json tests to grammar.js (#3325)

    Build System and CI

    • Add nightly rustfmt to workflow for linting (#3333)
    • Fix address sanitizer step (#3188)
    • deps: Bump cc from 1.0.92 to 1.0.94 in the cargo group (#3298)
    • deps: Bump the cargo group with 6 updates (#3313)
    • xtask: Bump build.zig.zon version when bumping versions
  • 0.22.5 - 2024-04-14

    [0.22.5] — 2024-04-14

    Bug Fixes

    • Avoid generating unused character set constants
    • cli: Test parsing on windows (#3289)
    • rust: Compilation on wasm32-wasi (#3293)
  • 0.22.4 - 2024-04-13

    [0.22.4] — 2024-04-12

    Bug Fixes

    • Fix sorting of transitions within a lex state
    • Include 2-character ranges in array-based state transitions

    Build System and CI

    • Always bump at least the patch version in bump xtask
  • 0.22.3 - 2024-04-12

    [0.22.3] — 2024-04-12

    Features

    • Add strncat to wasm stdlib
    • Generate simpler code for matching large character sets (#3234)
    • When loading languages via WASM, gracefully handle memory errors and leaks in external scanners (#3181)

    Bug Fixes

    • bindings: Add utf-8 flag to python & node (#3278)
    • bindings: Generate parser.c if missing (#3277)
    • bindings: Remove required platforms for swift (#3264)
    • cli: Fix mismatched parenthesis when accounting for && (#3274)
    • lib: Do not consider childless nodes for ts_node_parent (#3191)
    • lib: Properly account for aliased root nodes and root nodes with
      children in ts_subtree_string (#3191)
    • lib: Account for the root node of a tree cursor being an alias (#3191)
    • lib: Use correct format specifier in log message (#3255)
    • parser: Fix variadic macro (#3229)
    • render: Proper function prototypes (#3277)
    • windows: Add /utf-8 flag for parsers using unicode symbols (#3223)
    • Add a semicolon after SKIP macros (#3264)
    • Add back build-wasm temporarily (#3203)
    • Add lifetime to matches function (#3254)
    • Default output directory for build --wasm should use current_dir (#3203)
    • Fix sorting of wasm stdlib symbols
    • Insert "tree-sitter" section in current directory's package.json if it exists (#3224)
    • Tie the lifetime of the cursor to the query in QueryCursor::captures() (#3266)
    • Wrong flag check in build.rs

    Performance

    • cli: Reduced the compile time of generated parsers by generating C code with fewer conditionals (#3234)

    Documentation

    • Add NGINX grammar

    Refactor

    • parser: Make REDUCE macro non-variadic (#3280)
    • js: Misc fixes & tidying
    • rust: Misc fixes & tidying

    Testing

    • Add regression test for node parent + string bug (#3191)
    • test: Allow colons in test names (#3264)

    Build System and CI

    • Upgrade wasmtime
    • Update emscripten version (#3272)
    • dependabot: Improve PR labels (#3282)
  • 0.22.2 - 2024-03-17

    [0.22.2] — 2024-03-17

    Breaking

    • cli: Add a separate build command to compile parsers

    Features

    • bindings/rust: Expose Parser::included_ranges
    • Lower the lib's MSRV (#3169)
    • lib: Implement Display for Node (#3177)

    Bug Fixes

    • bindings/wasm: Fix Parser.getIncludedRanges() (#3164)
    • lib: Makefile installation on macOS (#3167)
    • lib: Makefile installation (#3173)
    • lib: Avoid possible UB of calling memset on a null ptr when 0 is passed into array_grow_by (#3176)
    • lib: Allow hiding symbols (#3180)

    Documentation

    Refactor

    • Remove dependency on which crate (#3172)
    • Turbofish styling

    Testing

    • Fix header writes (#3174)

    Build System and CI

    • Simplify workflows (#3002)
    • lib: Allow overriding CFLAGS on the commandline (#3159)
  • 0.22.1 - 2024-03-10

    Changelog

    [0.22.1] — 2024-03-10

    Bug Fixes

    • Cli build script behavior on release
  • 0.22.0 - 2024-03-10

    Changelog

    [0.22.0] — 2024-03-10

    Breaking

    • Remove top-level corpus dir for tests
      The cli will now only look in test/corpus for tests
    • Remove redundant escape regex & curly brace regex preprocessing (#2838)
    • bindings: Convert node bindings to NAPI (#3077)
    • wasm: Make current*, is*, and has* methods properties (#3103)
    • wasm: Keep API in-line with upstream and start aligning with node (#3149)

    Features

    • Add xtasks to assist with bumping crates (#3065)
    • Improve language bindings (#2438)
    • Expose the allocator and array header files for external scanners (#3063)
    • Add typings for the node bindings
    • Replace nan with node-addon-api and conditionally print logs
    • bindings: Add more make targets
    • bindings: Add peerDependencies for npm
    • bindings: Add prebuildify to node
    • bindings: Remove dsl types file (#3126)
    • node: Type tag the language (#3109)
    • test: Add attributes for corpus tests

    Bug Fixes

    • Apply some scan-build suggestions (unused assignment/garbage access) (#3056)
    • Wrap || comparison in parentheses when && is used (#3070)
    • Ignore unused variables in the array macros (#3083)
    • binding.cc overwrite should replace PARSER_NAME (#3116)
    • Don't use __declspec(dllexport) on windows (#3128)
    • Parsers should export the language function on windows
    • Allow the regex v flag (#3154)
    • assertions: Case shouldn't matter for comment node detection
    • bindings: Editorconfig and setup.py fixes (#3082)
    • bindings: Insert types after main if it exists (#3122)
    • bindings: Fix template oversights (#3155)
    • cli: Only output the sources with --no-bindings (#3123)
    • generate: Add .npmignore, populate Swift's exclude list (#3085)
    • generate: Extern allocator functions for the template don't need to be "exported" (#3132)
    • generate: Camel case name in Cargo.toml description (#3140)
    • lib: Include api.h so ts_set_allocator is visible (#3092)

    Documentation

    • Add GitHub user and PR info to the changelog
    • Add css for inline code (#2844)
    • Document test attributes
    • Add Ohm language parser
    • Remove duplicate the's (#3120)
    • Add discord and matrix badges (#3148)

    Refactor

    • Rename TS_REUSE_ALLOCATOR flag (#3088)
    • Remove extern/const where possible
    • array: Use pragma GCC in clang too
    • bindings: Remove npmignore (#3089)

    Testing

    • Don't use TS_REUSE_ALLOCATOR on Darwin systems (#3087)
    • Add test case for parse stack merging with incorrect error cost bug (#3098)

    Build System and CI

    • Improve changelog settings (#3064)
    • Unify crate versions via workspace (#3074)
    • Update cc to remove annoying debug output (#3075)
    • Adjust dependabot settings (#3079)
    • Use c11 everywhere
    • Add uninstall command
    • Don't skip tests on failing lint (#3102)
    • Remove unused deps, bump deps, and bump MSRV to 1.74.1 (#3153)
    • bindings: Metadata improvements
    • bindings: Make everything c11 (#3099)
    • dependabot: Update weekly instead of daily (#3112)
    • deps: Bump the cargo group with 1 update (#3081)
    • deps: Bump the cargo group with 1 update (#3097)
    • deps: Bump deps & lockfile (#3060)
    • deps: Bump the cargo group with 4 updates (#3134)
    • lint: Detect if Cargo.lock needs to be updated (#3066)
    • lint: Make lockfile check quiet (#3078)
    • swift: Move 'cLanguageStandard' behind 'targets' (#3101)

    Other

    • Make Node.js language bindings context aware (#2841)
      They don't have any dynamic global data, so all it takes is just declaring them as such
    • Fix crash when attempting to load ancient languages via wasm (#3068)
    • Use workspace dependencies for internal crates like Tree-sitter (#3076)
    • Remove vendored wasmtime headers (#3084)
      When building rust binding, use wasmtime headers provided via cargo
      by the wasmtime-c-api crate.
    • Fix invalid parse stack recursive merging with mismatched error cost (#3086)
      Allowing this invalid merge caused an invariant to be violated
      later on during parsing, when handling a later error.
    • Fix regression in subtree_compare (#3111)
    • docs: Add Ohm language parser (#3114)
    • Delete binding_files.rs (#3106)
    • bindings: Consistent wording (#3096)
    • bindings: Ignore more artifacts (#3119)
  • 0.21.0 - 2024-02-21

    Changelog

    [0.21.0] - 2024-02-21

    Breaking

    • Remove the apply-all-captures flag, make last-wins precedence the default

      NOTE: This change might cause breakage in your grammar's highlight tests.
      Just flip the order around of the relevant queries, and keep in mind that the
      last query that matches will win.

    Features

    • Use lockfiles to dedup recompilation
    • Improve error message for files with an unknown grammar path (#2475)
    • Implement first-line-regex (#2479)
    • Error out if an empty string is in the extras array
    • Allow specifying an external scanner's files (#3031)
    • Better error info when a scanner is missing required symbols
    • cli: Add an optional grammar-path argument for the playground (#3014)
    • cli: Add optional config-path argument (#3050)
    • loader: Add more commonly used default parser directories

    Bug Fixes

    • Prettify xml output and add node position info (#2970)
    • Inherited grammar generation
    • Properly error out when the word property is an invalid rule
    • Update schema for regex flags (#3006)
    • Properly handle Query.matches when filtering out results (#3013)
    • Sexp format edge case with quoted closed parenthesis (#3016)
    • Always push the default files if there's no externals
    • Don't log NUL characters (#3037)
    • Don't throw an error if the user uses map in the grammar (#3041)
    • Remove redundant imports (#3047)
    • cli: Installation via a HTTP tunnel proxy (#2824)
    • cli: Don't update tests automatically if parse errors are detected (#3033)
    • cli: Don't use long for grammar_path
    • test: Allow writing updates to tests without erroneous nodes instead of denying all of them if a single error is found
    • test: Edge case when parsing UNEXPECTED/MISSING nodes with an indentation level greater than 0
    • wasm: Remove C++ mangled symbols (#2971)

    Documentation

    • Create issue template (#2978)
    • Document regex limitations
    • Mention that token($.foo) is illegal
    • Explicitly mention behavior of walking outside the given "root" node for a TSTreeCursor (

Snyk has created this PR to upgrade tree-sitter-cli from 0.20.8 to 0.22.6.

See this package in npm:
tree-sitter-cli

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/d0d88628-ed6d-4d56-9934-a879dc24a83e?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

korbit-ai bot commented Jul 2, 2024

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

  • To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
  • You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
  • On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
  • Lastly, to learn more, check out our Docs.

Copy link

codeautopilot bot commented Jul 2, 2024

PR summary

This pull request upgrades the tree-sitter-cli dependency from version 0.20.8 to 0.22.6. The purpose of this upgrade is to keep dependencies up-to-date, which helps in fixing existing vulnerabilities and quickly addressing newly disclosed ones. The upgrade includes several new features, bug fixes, performance improvements, and documentation updates.

Suggestion

Consider running a full suite of tests to ensure that the upgrade does not introduce any regressions or compatibility issues. Additionally, review the release notes for any breaking changes that might affect your project.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 60.03%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com

@abdulrahman305 abdulrahman305 merged commit 502ac0e into main Aug 10, 2024
3 of 9 checks passed
@abdulrahman305 abdulrahman305 deleted the snyk-upgrade-8819b597134cef3e03ff4099f0941f0e branch August 10, 2024 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants