Skip to content

chore(deps): bump jscpd from 4.2.5 to 5.0.11#829

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/jscpd-5.0.11
Open

chore(deps): bump jscpd from 4.2.5 to 5.0.11#829
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/jscpd-5.0.11

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps jscpd from 4.2.5 to 5.0.11.

Release notes

Sourced from jscpd's releases.

Release v5.0.10

cpd (Rust) v5.0.10

Bug Fixes

  • Emit scan-root-relative paths in all reporters when absolute: false (or the default). Previously, jscpd /abs/path from a different CWD left absolute paths in SARIF/JSON/XML/HTML/CSV/Markdown/console output, and Windows/macOS path canonicalization could leave \\?\ or ./ prefixes. Paths are now normalized against the canonicalized scan root (with CWD fallback) and stripped of any leading ./ or .\\ component. Fixes #827
  • Fix --skip-local to match jscpd v4 TypeScript semantics: it now filters clones where both fragments are under the same scan root, instead of only skipping clones in the same parent directory

Refactoring

  • DRY duplication in reporters: extract shared helpers (print_clone_header, print_clone_locations, print_snippet, write_report_file, report statistics, test fixtures, etc.) into cpd-reporter/src/shared.rs. Console, console-full, CSV, JSON, HTML, Markdown, silent, XML, and SARIF reporters now reuse the same implementation, reducing the monorepo's reported duplication ratio from 5.0% to 0.56% and fixing a latent --absolute path relativization bug in the same pass
  • Move blame enrichment from gitoxide to git blame --porcelain; capture elapsed time after blame so timing includes blame work
  • Resolve needless_borrow clippy warnings in CSV and Markdown reporters

Documentation

  • Add Nix and Homebrew install instructions to Rust READMEs. #818
  • Update project homepage URLs to https://jscpd.dev in all Cargo.toml and npm package.json files, add curl install method to READMEs, clean up outdated badges
  • Remove defunct Universal Analytics tracking pixels from all READMEs

Published Packages

  • cpd-core@0.1.5 on crates.io
  • cpd-finder@0.1.8 on crates.io
  • cpd-reporter@0.1.7 on crates.io
  • cpd-tokenizer@0.1.6 on crates.io
  • jscpd@5.0.10 on crates.io
  • cpd@5.0.10 on npm
  • jscpd@5.0.10 on npm
  • cpd-darwin-arm64@5.0.10 on npm
  • cpd-darwin-x64@5.0.10 on npm
  • cpd-linux-x64-gnu@5.0.10 on npm
  • cpd-linux-arm64-gnu@5.0.10 on npm
  • cpd-linux-x64-musl@5.0.10 on npm
  • cpd-windows-x64-msvc@5.0.10 on npm

Install

npm install -g cpd
# or
npm install -g jscpd
# or
cargo install jscpd

v5.0.9

New Features

  • GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5

... (truncated)

Changelog

Sourced from jscpd's changelog.

5.0.11

New Features

  • Razor (.razor) support — new tokenizer for Razor files in the Rust backend (thanks to @​chrisc-onaorg in #829)

Dependencies

  • cpd-core bumped to 0.1.6, cpd-tokenizer bumped to 0.1.7

5.0.10

Bug Fixes

  • Emit scan-root-relative paths in all reporters when absolute: false. Fixes #827
  • Fix --skip-local to match jscpd v4 TypeScript semantics

Refactoring

  • DRY duplication in reporters: extract shared helpers into cpd-reporter/src/shared.rs
  • Move blame enrichment from gitoxide to git blame --porcelain

5.0.9

New Features

  • GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5

Bug Fixes

  • Resolve platform binary resolution when cpd is installed as a nested dependency (e.g. in a project's node_modules via a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816

5.0.8

Bug Fixes

  • Prevent mmap exhaustion crashes when scanning repositories with more files than vm.max_map_count (default 131 072 on Linux). The walker previously held a live Mmap per discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813
  • Fix --pattern not matching relative paths when the scan root is absolute (e.g. CWD). Patterns like src/**/*.ts now match correctly by comparing against both the relative path and the full absolute path, and bare patterns like *.ts gain a **/ prefix to match at any depth. Fixes #811
  • Fix trailing-newline off-by-one in line-count filter: files not ending with \n now count the final line correctly

5.0.7

... (truncated)

Commits
  • 115f7fb release: cpd-v5.0.11
  • c4cf41a release: cpd-v5.0.10
  • 9f6b8f5 docs: add Nix and Homebrew install instructions (#818)
  • 527bb08 chore: remove defunct Universal Analytics tracking pixels from all READMEs
  • dbe90b0 docs: update project URLs to jscpd.dev, add curl install, clean up badges
  • dcef743 release: cpd-v5.0.9
  • d330dda fix(#816): resolve platform package in nested node_modules
  • 2a7d19d release: cpd-v5.0.8
  • b75884d release: cpd-v5.0.7
  • 7507f9d fix: use project sizes without .git folders in benchmarks
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jscpd](https://github.com/kucherenko/jscpd/tree/HEAD/rust/jscpd) from 4.2.5 to 5.0.11.
- [Release notes](https://github.com/kucherenko/jscpd/releases)
- [Changelog](https://github.com/kucherenko/jscpd/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucherenko/jscpd/commits/v5.0.11/rust/jscpd)

---
updated-dependencies:
- dependency-name: jscpd
  dependency-version: 5.0.11
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.20%. Comparing base (3ee6fe2) to head (db21cc0).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #829   +/-   ##
=======================================
  Coverage   99.20%   99.20%           
=======================================
  Files         345      345           
  Lines       40420    40420           
=======================================
  Hits        40098    40098           
  Misses        322      322           
Components Coverage Δ
apps/api 98.45% <ø> (ø)
apps/worker 99.91% <ø> (ø)
apps/vertical-* 100.00% <ø> (ø)
kb 100.00% <ø> (ø)
sales 100.00% <ø> (ø)
conversation-engine 98.88% <ø> (ø)
llm-router 100.00% <ø> (ø)
storage 99.91% <ø> (ø)
verticals 100.00% <ø> (ø)
channels (telegram/whatsapp/facebook/web/core) 99.95% <ø> (ø)
observability 100.00% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Bundle Report

Bundle size has no change ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants