Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚨 [security] Update rubocop-performance 1.19.1 → 1.24.0 (minor) #413

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🚨 [security] Update rubocop-performance 1.19.1 → 1.24.0 (minor) #413

wants to merge 1 commit into from

Conversation

depfu[bot]
Copy link
Contributor

@depfu depfu bot commented Feb 16, 2025

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rubocop-performance (1.19.1 → 1.24.0) · Repo · Changelog

Release Notes

1.24.0

New features

  • #490: Pluginfy RuboCop Performance. (@koic)
  • #462: Add new Performance/ZipWithoutBlock cop that checks patterns like .map { |id| [id] } or .map { [_1] } and can replace them with .zip. (@corsonknowles)

Bug fixes

  • #484: Fix Performance/CaseWhenSplat cop error on when node without body. (@viralpraxis)

1.23.1

Bug fixes

  • #478: Fix Performance/RedundantStringChars cop error in case of implicit receiver. (@viralpraxis)
  • #480: Fix Performance/Squeeze cop error on frozen AST string node value. (@viralpraxis)

1.23.0

New features

1.22.1

Bug fixes

  • #468: Fix false positives for Performance/BigDecimalWithNumericArgument when using float argument for BigDecimal. (@koic)

1.22.0

Bug fixes

  • #454: Fix false positives for Performance/BigDecimalWithNumericArgument when using BigDecimal 3.1+. (@koic)

Changes

  • #385: Disable Performance/BlockGivenWithExplicitBlock by default. (@earlopain)
  • #407: Make Performance/DoubleStartEndWith aware of safe navigation. (@earlopain)

1.21.1

Bug fixes

  • #452: Fix an error for Performance/RedundantEqualityComparisonBlock when the block is empty. (@earlopain)

1.21.0

New features

  • #446: Support Prism as a Ruby parser (experimental). (@koic)

Bug fixes

  • #437: Fix a false positive for Performance/ChainArrayAllocation when using select with block argument after select. (@koic)
  • #448: Fix a false positive for Performance/RedundantBlockCall when using block.call with block argument. (@koic)

Changes

1.20.2 (from changelog)

Bug fixes

  • #425: Fix a false positive for Performance/StringIdentifierArgument when using string interpolation with methods that don't support symbols with :: inside them. (@earlopain)

1.20.1

Bug fixes

  • #428: Fix false negatives for Performance/StringIdentifierArgument when using multiple string arguments. (@koic)

1.20.0

New features

  • #384: Support optimized String#dup for Performance/UnfreezeString when Ruby 3.3+. (@koic)

Bug fixes

  • #374: Fix an error for Performance/MapMethodChain when using map method chain without receiver. (@koic)
  • #386: Fix a false negative for Performance/StringIdentifierArgument when using string interpolation. (@earlopain)
  • #419: Make Performance/Count, Performance/FixedSize, Performance/FlatMap, Performance/InefficientHashSearch, Performance/RangeInclude, Performance/RedundantSortBlock, Performance/ReverseFirst, Performance/SelectMap, Performance/Size, Performance/SortReverse, and Performance/TimesMap cops aware of safe navigation operator. (@koic)
  • #390: Fix a false negative for Performance/ReverseEach when safe navigation is between reverse and each. (@fatkodima)
  • #401: Make Performance/Sum aware of safe navigation operator. (@koic)

Changes

  • #389: Improve Performance/MapCompact to handle more safe navigation calls. (@fatkodima)
  • #395: Enhance Performance/StringInclude to handle === method. (@fatkodima)
  • #388: Require RuboCop 1.30+ as runtime dependency. (@koic)
  • #380: Require RuboCop AST 1.30.0+. (@koic)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ rubocop (1.64.1 → 1.72.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ json (indirect, 2.7.2 → 2.10.1) · Repo · Changelog

Release Notes

2.10.1 (from changelog)

  • Fix a compatibility issue with MultiJson.dump(obj, pretty: true): no implicit conversion of false into Proc (TypeError).

2.10.0

What's Changed

  • strict: true now accept symbols as values. Previously they'd only be accepted as hash keys.
  • The C extension Parser has been entirely reimplemented from scratch.
  • Introduced JSON::Coder as a new API allowing to customize how non native types are serialized in a non-global way.
  • Introduced JSON::Fragment to allow assembling cached fragments in a safe way.
  • The Java implementation of the generator received many optimizations.

Full Changelog: v2.9.1...v2.10.0

2.9.1

What's Changed

  • Add support for Solaris 10 which lacks strnlen()

2.9.0

What's Changed

  • Fix C implementation of script_safe escaping to not confuse some other 3 wide characters with \u2028 and \u2029.
    e.g. JSON.generate(["倩", "瀨"], script_safe: true) would generate the wrong JSON.
  • JSON.dump(object, some_io) now write into the IO in chunks while previously it would buffer the entire JSON before writing.
  • JSON::GeneratorError now has a #invalid_object attribute, making it easier to understand why an object tree cannot be serialized.
  • Numerous improvements to the JRuby extension.

Full Changelog: v2.8.2...v2.9.0

2.8.2

What's Changed

  • JSON.load_file: explictly load the file as UTF-8

Full Changelog: v2.8.1...v2.8.2

2.8.1

  • Fix the java version of the package to include the extension implementation. Only concerns JRuby.

Full Changelog: v2.8.0...v2.8.1

2.8.0

What's Changed

  • Emit a deprecation warning when JSON.load create custom types without the create_additions option being explictly enabled.
    • Prefer to use JSON.unsafe_load(string) or JSON.load(string, create_additions: true).
  • Emit a deprecation warning when serializing valid UTF-8 strings encoded in ASCII_8BIT aka BINARY.
  • Bump required Ruby version to 2.7.
  • Add support for optionally parsing trailing commas, via allow_trailing_comma: true, which in cunjunction with the
    pre-existing support for comments, make it suitable to parse jsonc documents.
  • Many performance improvements to JSON.parse and JSON.load, up to 1.7x faster on real world documents.
  • Some minor performance improvements to JSON.dump and JSON.generate.

Parsing performance

Parsing performance is improved by 50-70% on realistic benchmarks, and even more on micro-benchmarks: https://gist.github.com/casperisfine/cf4b3a0594fae24b7d0eb93daaf3841a

== Parsing activitypub.json (58160 bytes)
ruby 3.4.0dev (2024-11-06T07:59:09Z precompute-hash-wh.. 7943f98a8a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
          json 2.7.2   638.000 i/100ms
                  oj   798.000 i/100ms
          Oj::Parser   948.000 i/100ms
           rapidjson   631.000 i/100ms
Calculating -------------------------------------
          json 2.7.2      6.423k (± 1.3%) i/s  (155.70 μs/i) -     32.538k in   5.067149s
                  oj      7.989k (± 1.0%) i/s  (125.17 μs/i) -     40.698k in   5.094544s
          Oj::Parser      9.472k (± 1.3%) i/s  (105.58 μs/i) -     47.400k in   5.005119s
           rapidjson      6.354k (± 1.1%) i/s  (157.37 μs/i) -     32.181k in   5.064962s

Comparison:

json 2.8.0:     9510.0 i/s

Oj::Parser:     9471.9 i/s - same-ish: difference falls within error

oj:     7989.4 i/s - 1.19x  slower

json 2.7.2:     6422.5 i/s - 1.48x  slower

rapidjson:     6354.5 i/s - 1.50x  slower


== Parsing twitter.json (567916 bytes)

ruby 3.4.0dev (2024-11-06T07:59:09Z precompute-hash-wh.. 7943f98a8a) +YJIT +PRISM [arm64-darwin24]

Warming up --------------------------------------

json 2.7.2    52.000 i/100ms

oj    64.000 i/100ms

Oj::Parser    76.000 i/100ms

rapidjson    57.000 i/100ms

Calculating -------------------------------------

json 2.7.2    526.860 (± 3.8%) i/s    (1.90 ms/i) -      2.652k in   5.042680s

oj    631.234 (± 1.7%) i/s    (1.58 ms/i) -      3.200k in   5.070973s

Oj::Parser    764.354 (± 3.5%) i/s    (1.31 ms/i) -      3.876k in   5.077736s

rapidjson    579.085 (± 2.8%) i/s    (1.73 ms/i) -      2.907k in   5.024620s


Comparison:

json 2.8.0:      884.0 i/s

Oj::Parser:      764.4 i/s - 1.16x  slower

oj:      631.2 i/s - 1.40x  slower

rapidjson:      579.1 i/s - 1.53x  slower

json 2.7.2:      526.9 i/s - 1.68x  slower


== Parsing citm_catalog.json (1727030 bytes)

ruby 3.4.0dev (2024-11-06T07:59:09Z precompute-hash-wh.. 7943f98a8a) +YJIT +PRISM [arm64-darwin24]

Warming up --------------------------------------

json 2.7.2    30.000 i/100ms

oj    35.000 i/100ms

Oj::Parser    45.000 i/100ms

rapidjson    40.000 i/100ms

Calculating -------------------------------------

json 2.7.2    304.584 (± 3.3%) i/s    (3.28 ms/i) -      1.530k in   5.029021s

oj    358.572 (± 0.8%) i/s    (2.79 ms/i) -      1.820k in   5.076123s

Oj::Parser    450.643 (± 3.1%) i/s    (2.22 ms/i) -      2.295k in   5.098150s

rapidjson    395.304 (± 1.5%) i/s    (2.53 ms/i) -      2.000k in   5.060537s


Comparison:

json 2.8.0:      449.8 i/s

Oj::Parser:      450.6 i/s - same-ish: difference falls within error

rapidjson:      395.3 i/s - 1.14x  slower

oj:      358.6 i/s - 1.25x  slower

json 2.7.2:      304.6 i/s - 1.48x  slower

Full Changelog: v2.7.3...v2.8.0

2.7.6

  • Fix a regression in JSON.generate when dealing with Hash keys that are string subclasses, call to_json on them.

Full Changelog: v2.7.5...v2.7.6

2.7.5

What's Changed

  • Fix a memory leak when #to_json methods raise an exception.
  • Gracefully handle formatting configs being set to nil instead of "".
  • Workaround another issue caused by conflicting versions of both json_pure and json being loaded.

Full Changelog: v2.7.4...v2.7.5

2.7.4

What's Changed

  • Workaround a bug in 3.4.8 and older rubygems/rubygems#6490.
    This bug would cause some gems with native extension to fail during compilation.
  • Workaround different versions of json and json_pure being loaded (not officially supported).
  • Make json_pure Ractor compatible.

Full Changelog: v2.7.3...v2.7.4

2.7.3

What's Changed

  • Numerous performance optimizations in JSON.generate and JSON.dump (up to 2 times faster).
  • Limit the size of ParserError exception messages, only include up to 32 bytes of the unparseable source.
  • Fix json-pure's Object#to_json to accept non state arguments
  • Fix multiline comment support in json-pure.
  • Fix JSON.parse to no longer mutate the argument encoding when passed an ASCII-8BIT string.
  • Fix String#to_json to raise on invalid encoding in json-pure.
  • Delete code that was based on CVTUTF.
  • Use the pure-Ruby generator on TruffleRuby.
  • Fix strict mode in json-pure to not break on Integer.

JSON.dump Performance

JSON.dump is now much faster, and on par or faster than alternative implementations:

== Encoding citm_catalog.json (500298 bytes)
ruby 3.4.0preview2 (2024-10-07 master 32c733f57b) +YJIT +PRISM [arm64-darwin23]
Warming up --------------------------------------
        json (2.7.3)   123.000 i/100ms
                  oj   124.000 i/100ms
Calculating -------------------------------------
        json (2.7.3)      1.312k (± 1.8%) i/s  (761.91 μs/i) -      6.642k in   5.062192s
                  oj      1.278k (± 2.0%) i/s  (782.35 μs/i) -      6.448k in   5.046587s

Comparison:

json (2.7.2):      884.0 i/s

json (2.7.3):     1312.5 i/s - 1.48x  faster

oj:     1278.2 i/s - 1.45x  faster



== Encoding twitter.json (466906 bytes)
ruby 3.4.0preview2 (2024-10-07 master 32c733f57b) +YJIT +PRISM [arm64-darwin23]
Warming up --------------------------------------
        json (2.7.3)   213.000 i/100ms
                  oj   222.000 i/100ms
Calculating -------------------------------------
        json (2.7.3)      2.140k (± 2.8%) i/s  (467.19 μs/i) -     10.863k in   5.079099s
                  oj      2.303k (± 3.2%) i/s  (434.27 μs/i) -     11.544k in   5.018239s

Comparison:
        json (2.7.2):     1250.5 i/s
                  oj:     2302.7 i/s - 1.84x  faster
        json (2.7.3):     2140.5 i/s - 1.71x  faster

Full Changelog: ruby/json@v2.7.2...v2.7.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ language_server-protocol (indirect, 3.17.0.3 → 3.17.0.4) · Repo · Changelog

Release Notes

3.17.0.4 (from changelog)

  • Add #close to Reader and Writer (#112)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parallel (indirect, 1.24.0 → 1.26.3) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ parser (indirect, 3.3.2.0 → 3.3.7.1) · Repo · Changelog

Release Notes

3.3.7.1 (from changelog)

API modifications:

  • parser/current: add -dev prefix to 3.4 branch (#1067) (Ilya Bylich)
  • parser/current: bump 3.2 branch to 3.2.7 (#1066) (Ilya Bylich)

3.3.7.0 (from changelog)

API modifications:

  • Bump maintenance branches to 3.3.7 (#1061) (Koichi ITO)
  • bump 3.4 branch, remove 3.0 from CI (EOL) (#1057) (Ilya Bylich)
  • assert that version-specific checks actually run against at least one version (#1050) (Earlopain)

Features implemented:

  • ruby34.y: reject return in singleton class (#1048) (Earlopain)

Bugs fixed:

  • Fix ruby-parse with a folder ending in .rb (#1047) (Earlopain)

3.3.6.0 (from changelog)

API modifications:

  • Bump maintenance branches to 3.3.6 (#1045) (Koichi ITO)

3.3.5.1 (from changelog)

API modifications:

  • Bump maintenance branches to 3.2.6 (#1044) (Koichi ITO)

3.3.5.0 (from changelog)

API modifications:

  • Bump maintenance branches to 3.3.5 (#1039) (Koichi ITO)

3.3.4.1 (from changelog)

API modifications:

  • Bump 3.2 branch to 3.2.5. (#1036) (Ilya Bylich)
  • Bump Racc to 1.8.1 (#1031) (Koichi ITO)

Bugs fixed:

  • builder.rb: catch encoding errors when parsing invalid encoding regexp (#1033) (Earlopain)

3.3.4.0 (from changelog)

API modifications:

  • Bump maintenance branches to 3.3.4 (#1027) (Koichi ITO)

3.3.3.0 (from changelog)

API modifications:

  • Bump maintenance branches to 3.3.3 (#1023) (Koichi ITO)
  • Bump Racc to 1.8.0 (#1018) (Koichi ITO)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.8.0 → 1.8.1) · Repo · Changelog

Release Notes

1.8.1

What's Changed

New Contributors

Full Changelog: v1.8.0...v1.8.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ regexp_parser (indirect, 2.9.2 → 2.10.0) · Repo · Changelog

Release Notes

2.10.0 (from changelog)

Added

  • #referenced_expressions
    • like #referenced_expression, but for multiplexing backrefs
    • returns the Group expressions that are being referenced

Fixed

  • fixed #char & #codepoint errors for single-digit hex escapes
    • e.g. \xA

2.9.3 (from changelog)

Fixed

  • fixed positive lookbehinds with character ">" being treated as named groups

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rexml (indirect, 3.2.8 → 3.4.1) · Repo · Changelog

Security Advisories 🚨

🚨 REXML ReDoS vulnerability

Impact

The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;).

This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03.

Patches

The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Workarounds

Use Ruby 3.2 or later instead of Ruby 3.1.

References

🚨 REXML denial of service vulnerability

Impact

The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes.

If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected.

Patches

The REXML gem 3.3.6 or later include the patch to fix the vulnerability.

Workarounds

Don't parse untrusted XMLs with tree parser API.

References

🚨 REXML DoS vulnerability

Impact

The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API.

If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability.

Patches

The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

Workarounds

Don't parse untrusted XMLs with SAX2 or pull parser API.

References

🚨 REXML DoS vulnerability

Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

🚨 REXML denial of service vulnerability

Impact

The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

Release Notes

3.4.0

Improvement

  • Improved performance.

  • JRuby: Improved parse performance.

    • GH-219
    • Patch by João Duarte

  • Added support for reusing pull parser.

  • Improved error handling when source is IO.

Thanks

  • NAITOH Jun

  • João Duarte

  • Dmitry Pogrebnoy

3.3.9

Improvements

  • Improved performance.

Fixes

  • Fixed a parse bug for text only invalid XML.

  • Fixed a parse bug that &#0x...; is accepted as a character
    reference.

Thanks

  • NAITOH Jun

3.3.8

Improvements

  • SAX2: Improve parse performance.

Fixes

  • Fixed a bug that unexpected attribute namespace conflict error for
    the predefined "xml" namespace is reported.
    • GH-208
    • Patch by KITAITI Makoto

Thanks

  • NAITOH Jun

  • KITAITI Makoto

3.3.7

Improvements

  • Added local entity expansion limit methods

    • GH-192
    • GH-202
    • Reported by takuya kodama.
    • Patch by NAITOH Jun.

  • Removed explicit strscan dependency

    • GH-204
    • Patch by Bo Anderson.

Thanks

  • takuya kodama

  • NAITOH Jun

  • Bo Anderson

3.3.6

Improvements

  • Removed duplicated entity expansions for performance.

    • GH-194
    • Patch by Viktor Ivarsson.

  • Improved namespace conflicted attribute check performance. It was
    too slow for deep elements.

    • Reported by l33thaxor.

Fixes

  • Fixed a bug that default entity expansions are counted for
    security check. Default entity expansions should not be counted
    because they don't have a security risk.

  • Fixed a parser bug that parameter entity references in internal
    subsets are expanded. It's not allowed in the XML specification.

  • Fixed a stream parser bug that user-defined entity references in
    text aren't expanded.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

  • l33thaxor

3.3.5

Fixes

  • Fixed a bug that REXML::Security.entity_expansion_text_limit
    check has wrong text size calculation in SAX and pull parsers.
    • GH-193
    • GH-195
    • Reported by Viktor Ivarsson.
    • Patch by NAITOH Jun.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

3.3.4

Fixes

  • Fixed a bug that REXML::Security isn't defined when
    REXML::Parsers::StreamParser is used and
    rexml/parsers/streamparser is only required.
    • GH-189
    • Patch by takuya kodama.

Thanks

  • takuya kodama

3.3.3

Improvements

  • Added support for detecting invalid XML that has unsupported
    content before root element

  • Added support for REXML::Security.entity_expansion_limit= and
    REXML::Security.entity_expansion_text_limit= in SAX2 and pull
    parsers

  • Added more tests for invalid XMLs.

  • Added more performance tests.

    • Patch by Watson.

  • Improved parse performance.

    • GH-186
    • Patch by tomoya ishida.

Thanks

  • NAITOH Jun

  • Watson

  • tomoya ishida

3.3.2

Improvements

  • Improved parse performance.

  • Improved parse performance.

  • Added support for raising a parse exception when an XML has extra
    content after the root element.

  • Added support for raising a parse exception when an XML
    declaration exists in wrong position.

  • Removed needless a space after XML declaration in pretty print mode.

  • Stopped to emit :text event after the root element.

Fixes

  • Fixed a bug that SAX2 parser doesn't expand predefined entities for
    characters callback.

Thanks

  • NAITOH Jun

  • Watson

3.3.1

Improvements

  • Added support for detecting malformed top-level comments.

    • GH-145
    • Patch by Hiroya Fujinami.

  • Improved REXML::Element#attribute performance.

    • GH-146
    • Patch by Hiroya Fujinami.

  • Added support for detecting malformed <!--> comments.

    • GH-147
    • Patch by Hiroya Fujinami.

  • Added support for detecting unclosed DOCTYPE.

    • GH-152
    • Patch by Hiroya Fujinami.

  • Added changlog_uri metadata to gemspec.

  • Improved parse performance.

Fixes

  • Fixed a bug that large XML can't be parsed.

  • Fixed a bug that private constants are visible.

Thanks

  • Hiroya Fujinami

  • NAITOH Jun

  • fynsta

3.3.0

Improvements

  • Added support for strscan 0.7.0 installed with Ruby 2.6.
    • GH-142
    • Reported by Fernando Trigoso.

Thanks

  • Fernando Trigoso

3.2.9

Improvements

  • Added support for old strscan.

  • Improved attribute value parse performance.

  • Improved REXML::Node#each_recursive performance.

  • Improved text parse performance.

    • Reported by mprogrammer.

Thanks

  • Adam
  • NAITOH Jun
  • Hiroya Fujinami
  • mprogrammer

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rubocop-ast (indirect, 1.31.3 → 1.38.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unicode-display_width (indirect, 2.5.0 → 3.1.4) · Repo · Changelog

Release Notes

3.1.4 (from changelog)

  • Fix that skin tone modifiers were ignored when used in a non-ZWJ sequence context (= single emoji char + modifier) #29
  • Add more docs and specs about modifier handling

3.1.3 (from changelog)

Better handling of non-UTF-8 strings, patch by @Earlopain:

  • Data with BINARY encoding is interpreted as UTF-8, if possible
  • Use invalid: :replace and undef: :replace options when converting to UTF-8

3.1.2 (from changelog)

  • Performance improvements

3.1.1 (from changelog)

  • Performance improvements

3.1.0 (from changelog)

Improve Emoji support:

  • Emoji modes: Differentiate between well-formed Emoji (:possible) and any ZWJ/modifier sequence (:all). The latter is more common and more efficient to implement.
  • Unify rgi_{fqe,mqe,uqe} options to just :rgi to keep things simpler (corresponds to the former :rgi_uqe option). Most terminals that want to support the RGI set will probably want to catch Emoji sequences with missing VS16s.
  • Add new :all_no_vs16 and :rgi_at modes to be able to support some terminals that needs these quirks
  • Add alias emoji: :auto for emoji: true and emoji: :none for emoji: false
  • :auto mode: Only consider terminal cells when recommending Emoji support level (Emoji themselves might display differently)
  • :auto mode: Set default Emoji mode for unknown/unsupported terminals to :none
  • Rename :basic mode to :vs16

3.0.1 (from changelog)

  • Add WezTerm and foot as good Emoji terminals

3.0.0 (from changelog)

Rework Emoji support:

  • Emoji widths are now enabled by default
  • Only reduce Emoji width to 2 when RGI Emoji detected (configurable)
  • VS16 turns Emoji characters of width 1 into full-width
  • Please note that Emoji parsing has a notable impact on performance. You can use the emoji: false option to disable Emoji adjustments
  • Tries to detect terminal's Emoji support level automatically (from ENV vars)

Index fixes and updates:

  • Private-use characters are considered ambiguous (were given width 1 before)
  • Fix that a few zero-width ignorable codepoints from recent Unicode were missing
  • Consider the following separators to be zero-width:
    • U+2028 - LINE SEPARATOR - Zl
    • U+2029 - PARAGRAPH SEPARATOR - Zp

Other:

  • Add keyword arguments to Unicode::DisplayWidth.of. If you are using a hash with overwrite values as third parameter, be sure to put it in curly braces.
  • Using third parameter or explicit hash as fourth parameter is deprecated, please migrate to the keyword arguments API
  • Gem raises ArgumentError for ambiguous values other than 1 or 2
  • Performance optimizations
  • Require Ruby 2.5

2.6.0 (from changelog)

  • Unicode 16

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 lint_roller (added, 1.1.0)

🆕 unicode-emoji (added, 4.0.4)

🗑️ strscan (removed)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu cancel merge
Cancels automatic merging of this PR
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

@depfu depfu bot added the depfu label Feb 16, 2025
@depfu depfu bot mentioned this pull request Feb 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
depfu
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants