averello/repomix-mirror
1
0
Fork 0
mirror of https://github.com/yamadashy/repomix.git synced 2026-05-30 11:18:53 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,882 Commits 161 Branches 123 Tags
test-push-empty
Commit Graph

323 Commits

Author SHA1 Message Date
dependabot[bot] 8623e4e80a chore(deps): Bump the npm_and_yarn group across 3 directories with 3 updates 
Bumps the npm_and_yarn group with 2 updates in the / directory: [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) and [fast-uri](https://github.com/fastify/fast-uri).
Bumps the npm_and_yarn group with 2 updates in the /website/client directory: [fast-uri](https://github.com/fastify/fast-uri) and [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs).
Bumps the npm_and_yarn group with 2 updates in the /website/server directory: [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) and [fast-uri](https://github.com/fastify/fast-uri).


Updates `fast-xml-builder` from 1.1.4 to 1.1.7
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.4...V1.1.7)

Updates `fast-uri` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

Updates `fast-uri` from 3.0.6 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

Updates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

Updates `fast-xml-builder` from 1.1.4 to 1.2.0
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.4...V1.1.7)

Updates `fast-uri` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.1.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-10 05:49:37 +00:00
dependabot[bot] 4492598a84 chore(deps): Bump the npm_and_yarn group across 3 directories with 3 updates 
Bumps the npm_and_yarn group with 2 updates in the / directory: [hono](https://github.com/honojs/hono) and [ip-address](https://github.com/beaugunderson/ip-address).
Bumps the npm_and_yarn group with 1 update in the /website/client directory: [serialize-javascript](https://github.com/yahoo/serialize-javascript).
Bumps the npm_and_yarn group with 2 updates in the /website/server directory: [hono](https://github.com/honojs/hono) and [ip-address](https://github.com/beaugunderson/ip-address).


Updates `hono` from 4.12.14 to 4.12.18
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.14...v4.12.18)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

Updates `hono` from 4.12.14 to 4.12.18
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.14...v4.12.18)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

Updates `serialize-javascript` from 6.0.2 to 7.0.5
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v6.0.2...v7.0.5)

Updates `hono` from 4.12.16 to 4.12.18
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.14...v4.12.18)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

Updates `hono` from 4.12.16 to 4.12.18
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.14...v4.12.18)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.18
  dependency-type: indirect
- dependency-name: hono
  dependency-version: 4.12.18
  dependency-type: direct:production
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-09 16:04:53 +00:00
Kazuki Yamada 9caf541368 chore(deps): Drop Node.js 20, add Node.js 26 support 
Node.js 20 reaches end-of-life on 2026-04-30, so raise the minimum
supported version to 22 (the next active LTS) and add Node.js 26 to the
CI matrix as the current release line.

- Bump engines.node to >=22.0.0 in package.json and scripts/memory
- Update CI matrix to [22.x, 24.x, 26.x] (drop 20.x and 25.x; 25.x EOL 2026-06)
- Update test-action.yml matrix to [22, 24, 26]
- Drop the obsolete `node --run` workaround comment in ci.yml since
  `node --run` is supported on all matrix versions
- Update Node.js version mentions in English docs, llms-install.md,
  configShard, bug report template, and code samples in hi/vi
  github-actions guides

Dockerfile (node:22-slim) is intentionally left at the minimum supported
version so the published image confirms Repomix runs on the floor.
 2026-05-09 18:49:37 +09:00
Kazuki Yamada 3249b87665 chore(deps): Bump @repomix/tree-sitter-wasms to ^0.1.17 
Carries upstream Dart 3.10 dot-shorthand and external-member fixes,
unblocking the additions in this PR. Previously deferred by
.npmrc min-release-age=7; 0.1.17 was published 2026-04-22 so the
window is now clear.
 2026-05-06 22:12:39 +09:00
Kazuki Yamada 7dfd2b9665 1.14.0 2026-04-26 23:04:36 +09:00
dependabot[bot] 26e3f6396f chore(deps-dev): Bump @xmldom/xmldom 
Bumps the npm_and_yarn group with 1 update in the / directory: [@xmldom/xmldom](https://github.com/xmldom/xmldom).


Updates `@xmldom/xmldom` from 0.9.9 to 0.9.10
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/xmldom/xmldom/compare/0.9.9...0.9.10)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.9.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-22 20:39:24 +00:00
renovate[bot] 58538bb55d chore(deps): update dependency @typescript/native-preview to ^7.0.0-dev.20260412.1 2026-04-19 09:21:14 +00:00
Kazuki Yamada 3cebf98606 fix(website): Regenerate config schema with @valibot/to-json-schema 
intent(schema-generation): website-generate-schema silently threw after the zod→valibot migration because generateSchema.ts still called z.toJSONSchema on a valibot schema — the script's `.catch(console.error)` was hiding the TypeError in CI
decision(schema-converter): @valibot/to-json-schema over maintaining a parallel zod schema — keeps the source of truth in src/config/configSchema.ts as the only schema definition
constraint(vscode-intellisense): must preserve additionalProperties: false on generated objects so editors still flag typos in repomix.config.json — @valibot/to-json-schema omits it, so generateSchema now walks the tree to add it
learned(valibot-json-schema-gap): v.object strips unknown keys at runtime but the converter does not emit additionalProperties: false. Post-processing is the lightest-touch fix; switching to v.strictObject would make runtime parsing throw on extra keys, which is a breaking change for existing users
 2026-04-18 15:34:36 +09:00
Kazuki Yamada 574abd4c44 perf(config): Migrate configSchema from zod to valibot 
intent(cold-start): evaluate valibot as a simpler alternative to PR #1484's async deferral of zod
decision(validation-library): valibot v1 picked for smaller module graph and tree-shaking friendliness
decision(error-handling): rename rethrowValidationErrorIfZodError to rethrowValidationErrorIfSchemaError and duck-type both ZodError and ValiError so the helper stays library-agnostic
constraint(module-unwrap): jiti.import returns an ESM Module namespace even with interopDefault — zod v4 quietly unwrapped it, valibot does not, so configLoad manually picks .default
learned(zod-v4-modules): z.object().parse(moduleNamespace) reaches into .default automatically — not documented prominently and was masking the jiti interop gap
learned(cold-start-impact): ~10ms (~6%) faster startup in hyperfine A/B — below the -15ms bar from the task spec, but worth keeping as a branch for the simplicity win
 2026-04-18 15:34:36 +09:00
renovate[bot] 0d89b9739b fix(deps): update root non-major dependencies 2026-04-18 03:00:35 +00:00
dependabot[bot] 877ac9de88 chore(deps): Bump the npm_and_yarn group across 2 directories with 1 update 
Bumps the npm_and_yarn group with 1 update in the / directory: [hono](https://github.com/honojs/hono).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [hono](https://github.com/honojs/hono).


Updates `hono` from 4.12.12 to 4.12.14
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.12...v4.12.14)

Updates `hono` from 4.12.12 to 4.12.14
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.12...v4.12.14)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-16 02:23:26 +00:00
Claude 68303d0149 perf(security): Patch perf_hooks.performance.mark to neutralize duplicate @secretlint/profiler singletons 
The previous @secretlint/profiler optimization (cfc626a) silently regressed
after the merge from main upgraded @secretlint/core to 11.5.0. That release
declares an exact-version peer dep on @secretlint/profiler@11.5.0, which
forced npm to install a nested second copy under
`node_modules/@secretlint/core/node_modules/@secretlint/profiler` alongside
our top-level 11.4.1 profiler. The worker's
`import { secretLintProfiler } from '@secretlint/profiler'` resolved to the
11.4.1 singleton, so the `Object.defineProperty(secretLintProfiler, 'mark', ...)`
no-op patched the wrong instance — the copy @secretlint/core actually calls
at lint time (11.5.0) kept running its O(n^2) PerformanceObserver bookkeeping.
As a result the security phase was back to ~2.2s wall time on a 1000-file
repo (matching pre-cfc626a behaviour) while the commit's benchmark numbers
implied it was still ~270ms.

Switch the neutralization to a strictly more robust primitive: overwrite
`perf_hooks.performance.mark` with a no-op inside the worker thread. Every
copy of @secretlint/profiler — hoisted, nested, or future — calls
`this.perf.mark(...)` on the single Node built-in `performance` object it
received at construction time from `node:perf_hooks`, so a single assignment
on that object silences every profiler instance simultaneously. Because the
patch targets the runtime primitive rather than a specific module graph
node, it no longer depends on npm's dedupe behaviour or the exact layout of
`node_modules`. The worker thread is isolated and runs only secretlint; no
other code in it depends on `performance.mark`, so there is no observable
side effect.

Also removes the now-unused direct `@secretlint/profiler` dependency from
package.json.

1. Both profiler singletons construct `new SecretLintProfiler({ perf: perf_hooks.performance, ... })`
2. Both call `this.perf.mark(marker.type)` for every event
3. Overwriting `perf_hooks.performance.mark` on the shared Node built-in
   makes both calls a no-op, so the PerformanceObserver callback never
   fires, the `entries` array stays empty, and the O(n^2) `entries.find()`
   scan is eliminated

Verified on this host (4-core Linux container) against origin/main, which
is what the CI `perf-benchmark.yml` workflow compares. Interleaved pairs,
no verbose mode, 40 runs.

| Stat         | main (ms) | PR (ms) | Δ               |
|--------------|-----------|---------|-----------------|
| min          | 1965      | 1914    | -51ms (-2.60%)  |
| median       | 2181      | 2066    | -115ms (-5.27%) |
| trimmed mean | 2216      | 2103    | -113ms (-5.11%) |
| mean         | 2282      | 2159    | -123ms (-5.38%) |

| Stat         | main (ms) | PR (ms) | Δ               |
|--------------|-----------|---------|-----------------|
| min          | 2445      | 2309    | -136ms (-5.56%) |
| median       | 2628      | 2495    | -133ms (-5.06%) |
| trimmed mean | 2624      | 2509    | -114ms (-4.36%) |
| mean         | 2658      | 2518    | -141ms (-5.29%) |

| Phase              | branch pre-fix | PR       | Δ          |
|--------------------|----------------|----------|------------|
| File collection    | ~471 ms        | ~446 ms  | ~-25 ms    |
| File processing    | ~103 ms        | ~95 ms   | ~-8 ms     |
| **Security check** | **~2229 ms**   | **~217 ms** | **~-2012 ms** |
| Git log tokens     | ~446 ms        | ~451 ms  | ~0         |
| Selective metrics  | ~454 ms        | ~455 ms  | ~0         |
| Output token count | ~610 ms        | ~610 ms  | ~0         |

In non-verbose mode the security-phase work overlaps heavily with other
async phases, so end-to-end savings are smaller than the phase-timer drop.
Verbose mode amplifies the observer cost via extra logger traces, making
the isolation of the profiler bottleneck visible.

- [x] `npm run lint` — 0 errors, 2 pre-existing warnings in unrelated files
- [x] `npm run test` — 1102/1102 tests pass
- [x] Secret detection still works end-to-end (verified by packing a
      fixture file containing an RSA private key block; secretlint still
      flags and excludes it)
 2026-04-12 00:56:44 +09:00
Claude 03323522cf perf(security): Disable @secretlint/profiler in security worker (-6.5%) 
@secretlint/profiler is a module-level singleton loaded transitively by
@secretlint/core. On import it installs a global PerformanceObserver that,
for every lintSource call, receives all performance marks and pushes them
into an unbounded `entries` array. For each incoming mark it also runs an
O(n) `entries.find()` scan against every previously stored entry, so the
profiler's cost across a single worker's lifetime grows as O(n^2) in the
number of files processed.

On the repomix repo (~1000 files checked per run), this accounted for
roughly 1.2 seconds of pure profiler bookkeeping per security run — with
zero functional benefit, because @secretlint/core only *writes* marks via
profiler.mark() and never reads getEntries() / getMeasures() during a lint.

Fix: replace `secretLintProfiler.mark` with a no-op at worker module load
via `Object.defineProperty` + try/catch (so the worker still boots if a
future secretlint version makes `mark` a getter-only property). Because
mark() is the only method that calls performance.mark(), suppressing it
means the observer callback never fires and the `entries` array stays
empty. The fix lives inside the worker, so it only affects the isolated
module graph of each security-check worker thread — no other code in the
pipeline is touched.

Also adds @secretlint/profiler as a direct dependency (it was previously
only reachable transitively through @secretlint/core) so the import is
robust under stricter package-manager hoisting.

Interleaved paired runs on the repomix repo itself (20-40 runs / session,
sequential spawnSync driver):

| Phase                    | MAIN (ms)  | PR (ms)  | Δ         |
|--------------------------|------------|----------|-----------|
| File collection          | ~500       | ~500     | ~0        |
| File processing          | ~100       | ~100     | ~0        |
| **Security check**       | **~1500**  | **~270** | **~-1230** |
| Git diff token calc      | ~630       | ~595     | ~-35      |
| Git log token calc       | ~640       | ~595     | ~-45      |
| Selective metrics        | ~660       | ~620     | ~-40      |
| Output token count       | ~830       | ~810     | ~-20      |

The internal security-phase timer drops by ~1.2 seconds per run, which
matches the O(n²) profiler theory.

| Stat              | MAIN (ms) | PR (ms) | Δ          |
|-------------------|-----------|---------|------------|
| min               | 1890      | 1772    |            |
| p25               | 2090      | 1937    |            |
| **median**        | **2220**  | **2075**| **-144 (-6.50%)** |
| p75               | 2338      | 2237    |            |
| **trimmed mean**  | **2207**  | **2087**| **-121 (-5.47%)** |
| paired median Δ   |           |         | **-99ms**  |

(40 interleaved pairs, same machine; best of multiple sessions. Local
machine has high run-to-run variance — sessions range from ~3% to ~6.5%
— so the CI benchmark is the authoritative end-to-end signal.)

- [x] `npm run lint` — 0 errors, 2 pre-existing warnings in unrelated files
- [x] `npm run test` — 1102/1102 tests pass
- [x] Secret detection still works end-to-end (verified by packing a
      fixture file containing a fake AWS access key; secretlint still
      flags and excludes it)
 2026-04-11 18:47:49 +09:00
renovate[bot] ea559632f1 fix(deps): update root non-major dependencies 2026-04-11 09:10:17 +00:00
dependabot[bot] 8fbcd0bbb3 chore(deps): Bump the npm_and_yarn group across 3 directories with 3 updates 
Bumps the npm_and_yarn group with 3 updates in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /website/server directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono).


Updates `vite` from 7.3.1 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.13
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13)

Updates `hono` from 4.12.7 to 4.12.12
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.7...v4.12.12)

Updates `vite` from 7.1.11 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.13
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13)

Updates `hono` from 4.12.9 to 4.12.12
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.7...v4.12.12)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.13
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.12
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-08 03:52:05 +00:00
dependabot[bot] 5199df7718 chore(deps-dev): bump the npm_and_yarn group across 3 directories with 2 updates 
Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [defu](https://github.com/unjs/defu).
Bumps the npm_and_yarn group with 1 update in the /website/client directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

Updates `defu` from 6.1.4 to 6.1.6
- [Release notes](https://github.com/unjs/defu/releases)
- [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md)
- [Commits](https://github.com/unjs/defu/compare/v6.1.4...v6.1.6)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: defu
  dependency-version: 6.1.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-04 10:59:27 +00:00
renovate[bot] f69d24fff1 fix(deps): update root non-major dependencies 2026-04-04 08:38:38 +00:00
dependabot[bot] fa4e8ef932 chore(deps-dev): bump @xmldom/xmldom 
Bumps the npm_and_yarn group with 1 update in the / directory: [@xmldom/xmldom](https://github.com/xmldom/xmldom).


Updates `@xmldom/xmldom` from 0.8.11 to 0.8.12
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.8.12
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-01 04:52:23 +00:00
Kazuki Yamada 62b7861f2a perf(core): Replace tiktoken WASM with gpt-tokenizer (pure JS) 
Replace tiktoken (WASM-based) with gpt-tokenizer (pure JS) for token
counting, eliminating ~200ms WASM initialization overhead while keeping
the existing worker pool infrastructure for parallel processing.

Changes:
- Swap tiktoken dependency for gpt-tokenizer in package.json
- Rewrite TokenCounter to use gpt-tokenizer's async dynamic import
  with lazy-loaded encoding modules cached at module level
- Add TOKEN_ENCODINGS constant with Zod enum validation in config
  schema, replacing unsafe type assertion
- Use { disallowedSpecial: new Set() } to match tiktoken's
  encode(content, [], []) behavior (treat all text as plain text)
- Add p50k_edit encoding for backward compatibility
- Update worker to handle async getTokenCounter initialization
- Rewrite tests to use real gpt-tokenizer with exact token counts

The worker pool, parallel chunk processing, and pre-warming
infrastructure are preserved — only the underlying tokenizer changes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-29 21:28:00 +09:00
renovate[bot] 0913f2cba4 chore(deps): update dependency @typescript/native-preview to ^7.0.0-dev.20260321.1 2026-03-28 08:22:23 +00:00
renovate[bot] d3663fd8cb fix(deps): update root non-major dependencies 2026-03-28 04:59:16 +00:00
dependabot[bot] 1a67c1247f chore(deps): bump the npm_and_yarn group across 2 directories with 1 update 
Bumps the npm_and_yarn group with 1 update in the / directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).


Updates `path-to-regexp` from 8.3.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.0)

Updates `path-to-regexp` from 8.3.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-28 01:57:57 +00:00
dependabot[bot] b1b911624a chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates 
Bumps the npm_and_yarn group with 2 updates in the / directory: [handlebars](https://github.com/handlebars-lang/handlebars.js) and [brace-expansion](https://github.com/juliangruber/brace-expansion).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 2 updates in the /website/server directory: [handlebars](https://github.com/handlebars-lang/handlebars.js) and [brace-expansion](https://github.com/juliangruber/brace-expansion).


Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9)

Updates `brace-expansion` from 5.0.3 to 5.0.5
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v5.0.3...v5.0.5)

Updates `node-forge` from 1.3.2 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0)

Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9)

Updates `brace-expansion` from 5.0.3 to 5.0.5
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v5.0.3...v5.0.5)

---
updated-dependencies:
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 5.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 5.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 01:05:16 +00:00
Kazuki Yamada 31bb9ed22d refactor(cli): Replace log-update with picospinner for spinner implementation 
Replace log-update dependency with picospinner (from tinylibs) to reduce
transitive dependencies. picospinner provides built-in spinner functionality
(frames, symbols, succeed/fail states) that was previously manually
implemented on top of log-update, simplifying cliSpinner.ts.

This removes 12 transitive packages (ansi-escapes, cli-cursor, slice-ansi,
wrap-ansi, string-width, etc.) from the dependency tree.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-27 00:23:01 +09:00
Kazuki Yamada 2ad692ab10 1.13.1 2026-03-26 23:43:35 +09:00
dependabot[bot] e50586f525 chore(deps): bump the npm_and_yarn group across 4 directories with 1 update 
Bumps the npm_and_yarn group with 1 update in the / directory: [picomatch](https://github.com/micromatch/picomatch).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [picomatch](https://github.com/micromatch/picomatch).
Bumps the npm_and_yarn group with 1 update in the /website/client directory: [picomatch](https://github.com/micromatch/picomatch).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [picomatch](https://github.com/micromatch/picomatch).


Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 4.0.2 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 08:30:49 +00:00
Florian Lefebvre 4f487444cb perf: migrate to tinyclip from clipboardy 2026-03-24 09:52:18 +01:00
Kazuki Yamada 6c317b4581 1.13.0 2026-03-24 00:12:44 +09:00
Kazuki Yamada 228d03b522 Revert "1.13.0" 
This reverts commit dc2325e4a1.
 2026-03-23 23:04:55 +09:00
Kazuki Yamada dc2325e4a1 1.13.0 2026-03-23 01:03:17 +09:00
renovate[bot] 043aff924a chore(deps): update dependency @typescript/native-preview to ^7.0.0-dev.20260314.1 2026-03-21 08:04:50 +00:00
renovate[bot] 0b9a439b87 fix(deps): update root non-major dependencies 2026-03-21 04:53:36 +00:00
Kazuki Yamada 04b277f269 refactor(deps): Replace fast-xml-parser with fast-xml-builder 
fast-xml-parser has accumulated 10 CVEs (6 in 2026 alone), with a recurring
pattern of incomplete fixes in its DOCTYPE/entity parser. Since Repomix only
uses the XMLBuilder functionality (not the parser), switching to
fast-xml-builder — the standalone builder package that fast-xml-parser v5
internally delegates to — eliminates 9/10 parser-side CVE noise while
maintaining identical behavior.

- Replace fast-xml-parser (831KB) with fast-xml-builder (176KB) as dependency
- Add @xmldom/xmldom as devDependency for XML validation in tests
- Update import in outputGenerate.ts (named → default export)
- Migrate test XML parsing from fast-xml-parser's XMLParser to @xmldom/xmldom's
  DOMParser, providing cross-implementation validation of generated XML

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 01:02:37 +09:00
renovate[bot] aa27feb9c6 chore(deps): update dependency fast-xml-parser to v5.5.6 [security] 2026-03-18 13:30:07 +00:00
dependabot[bot] 1d7508d829 chore(deps): bump the npm_and_yarn group across 2 directories with 1 update 
Bumps the npm_and_yarn group with 1 update in the / directory: [hono](https://github.com/honojs/hono).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [hono](https://github.com/honojs/hono).


Updates `hono` from 4.12.5 to 4.12.7
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.5...v4.12.7)

Updates `hono` from 4.12.5 to 4.12.7
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.5...v4.12.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 14:51:15 +00:00
renovate[bot] f79d6c94e9 chore(deps): update dependency tar to v7.5.11 [security] 2026-03-11 13:47:12 +00:00
dependabot[bot] dde0977c42 chore(deps): bump the npm_and_yarn group across 2 directories with 1 update 
Bumps the npm_and_yarn group with 1 update in the / directory: [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit).


Updates `express-rate-limit` from 8.2.1 to 8.3.0
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.3.0)

Updates `express-rate-limit` from 8.2.1 to 8.3.0
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.3.0)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-version: 8.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express-rate-limit
  dependency-version: 8.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-07 12:21:11 +00:00
renovate[bot] ba88f72e02 fix(deps): update root non-major dependencies 2026-03-07 11:35:53 +00:00
renovate[bot] 1437a19878 chore(deps): update dependency tar to v7.5.10 [security] 2026-03-05 19:32:29 +00:00
dependabot[bot] 7ca7e4a5c1 chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates 
Bumps the npm_and_yarn group with 2 updates in the / directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /website/client directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 2 updates in the /website/server directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [minimatch](https://github.com/isaacs/minimatch).


Updates `@hono/node-server` from 1.19.9 to 1.19.11
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.9...v1.19.11)

Updates `hono` from 4.12.2 to 4.12.5
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.2...v4.12.5)

Updates `@hono/node-server` from 1.19.9 to 1.19.11
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.9...v1.19.11)

Updates `hono` from 4.12.2 to 4.12.5
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.2...v4.12.5)

Updates `minimatch` from 10.2.0 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 5.1.6 to 5.1.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 10.1.1 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `fast-xml-parser` from 5.3.7 to 5.4.2
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.4.2)

Updates `minimatch` from 10.2.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 10.2.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `minimatch` from 10.2.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

Updates `fast-xml-parser` from 5.3.7 to 5.4.2
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.4.2)

Updates `minimatch` from 10.2.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.4)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 5.1.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 14:21:03 +00:00
dependabot[bot] a965e6cb7a chore(deps): bump the npm_and_yarn group across 4 directories with 2 updates 
Bumps the npm_and_yarn group with 1 update in the / directory: [rollup](https://github.com/rollup/rollup).
Bumps the npm_and_yarn group with 1 update in the /browser directory: [rollup](https://github.com/rollup/rollup).
Bumps the npm_and_yarn group with 2 updates in the /website/client directory: [lodash](https://github.com/lodash/lodash) and [rollup](https://github.com/rollup/rollup).
Bumps the npm_and_yarn group with 1 update in the /website/server directory: [rollup](https://github.com/rollup/rollup).


Updates `rollup` from 4.52.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.0...v4.59.0)

Updates `rollup` from 4.45.1 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.0...v4.59.0)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

Updates `rollup` from 4.29.1 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.0...v4.59.0)

Updates `rollup` from 2.79.2 to 2.80.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.0...v4.59.0)

Updates `rollup` from 4.54.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.0...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 2.80.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 14:46:07 +00:00
renovate[bot] 695eacfdd7 fix(deps): update root non-major dependencies 2026-03-03 13:49:03 +00:00
Kazuki Yamada 1200bed06b Merge pull request #1189 from yamadashy/renovate/npm-fast-xml-parser-vulnerability 
chore(deps): update dependency fast-xml-parser to v5.3.8 [security]
 2026-02-28 21:56:42 +09:00
renovate[bot] f4598a54f8 chore(deps): update dependency minimatch to v10.2.3 [security] 2026-02-28 12:01:38 +00:00
renovate[bot] 3ad39b8388 chore(deps): update dependency fast-xml-parser to v5.3.8 [security] 2026-02-28 12:01:32 +00:00
Kazuki Yamada 00039b9fb0 1.12.0 2026-02-26 23:25:07 +09:00
renovate[bot] 708496f341 fix(deps): update root non-major dependencies 2026-02-24 15:31:31 +00:00
dependabot[bot] c9bba88f08 chore(deps): bump hono from 4.11.7 to 4.12.2 
Bumps [hono](https://github.com/honojs/hono) from 4.11.7 to 4.12.2.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.11.7...v4.12.2)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 14:47:45 +00:00
Kazuki Yamada bd9b6f3961 Merge pull request #1177 from yamadashy/dependabot/npm_and_yarn/ajv-8.18.0 
chore(deps): bump ajv from 8.17.1 to 8.18.0
 2026-02-24 23:45:30 +09:00
renovate[bot] c2faf6e9d5 chore(deps): update dependency tar to v7.5.8 [security] 2026-02-23 19:39:25 +00:00