Skip to content

Releases: nvuillam/npm-groovy-lint

v18.0.0

Choose a tag to compare

@nvuillam nvuillam released this 30 Jun 19:24

What's Changed

  • Upgrade java-caller to v5 (#584)
    • Breaking (upstream): when no compatible local JDK is found, the JRE that java-caller auto-downloads now comes from Eclipse Temurin (api.adoptium.net) instead of the deprecated AdoptOpenJDK endpoint
    • Fixes hanging of CodeNarc calls during Java detection on Node 24 + Windows (java-caller run() / java -version no longer stalls)
  • Speed up CI test suite: pre-warm the CodeNarc server once before the Mocha run, and replace the full node × java × os product (20 jobs) with a curated 8-job matrix

Pull Requests

  • Update all non-major dependencies by @renovate[bot] in #574
  • Update all non-major dependencies by @renovate[bot] in #576
  • Update dependency which to v7 by @renovate[bot] in #573
  • Update dependency npm-run-all2 to v9 by @renovate[bot] in #575
  • Update babel monorepo to v8 by @renovate[bot] in #578
  • Update actions/checkout action to v7 by @renovate[bot] in #579
  • Update dependency js-yaml to v5 by @renovate[bot] in #580
  • Update all non-major dependencies by @renovate[bot] in #582
  • Update dependency prettier to v3.9.4 by @renovate[bot] in #583
  • Update dependency java-caller to v5 by @renovate[bot] in #584
  • [GitHub Dependents Info] Updated markdown file by @github-actions[bot] in #566
  • docs(changelog): document java-caller v5 upgrade and breaking change by @nvuillam in #586

Full Changelog: v17.0.5...v18.0.0

v17.0.5

Choose a tag to compare

@nvuillam nvuillam released this 07 May 20:35

What's Changed

  • Bump uuid from 13.0.0 to 14.0.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #570
  • Upgrade axios from 1.15.0 to 1.16.0 to fix security vulnerabilities by @Copilot in #572
  • Update all non-major dependencies by @renovate[bot] in #567

Full Changelog: v17.0.4...v17.0.5

v17.0.4

Choose a tag to compare

@nvuillam nvuillam released this 15 Apr 05:10

What's Changed

  • Upgrade dependencies

Pull Requests

  • Update dependency axios to v1.15.0 [SECURITY] by @renovate[bot] in #563
  • Update all non-major dependencies by @renovate[bot] in #560
  • Update dependency diff to v9 by @renovate[bot] in #564
  • [GitHub Dependents Info] Updated markdown file by @github-actions[bot] in #559

Full Changelog: v17.0.3...v17.0.4

v17.0.3

Choose a tag to compare

@nvuillam nvuillam released this 31 Mar 05:39

What's Changed

  • Pin axios version to stay safe regarding its hack (we already were, it's a preventive action !) by @nvuillam in #561

Full Changelog: v17.0.2...v17.0.3

v17.0.2

Choose a tag to compare

@nvuillam nvuillam released this 29 Mar 17:49

What's Changed

  • Upgrade dependencies

Pull Requests

  • chore(deps): update dependency handlebars to v4.7.9 [security] by @renovate[bot] in #557
  • chore(deps): update all non-major dependencies by @renovate[bot] in #551
  • chore(deps): update docker/login-action action to v4 by @renovate[bot] in #552
  • chore(deps): update docker/setup-qemu-action action to v4 by @renovate[bot] in #553
  • chore(deps): update docker/setup-buildx-action action to v4 by @renovate[bot] in #554
  • chore(deps): update docker/build-push-action action to v7 by @renovate[bot] in #555
  • Upgrade java-caller by @nvuillam in #558
  • [GitHub Dependents Info] Updated markdown file by @github-actions[bot] in #516

Full Changelog: v17.0.0...v17.0.2

v17.0.0

Choose a tag to compare

@nvuillam nvuillam released this 28 Feb 19:49

What's Changed

  • Minimum Node version is now Node 22
  • Upgrade dependencies
  • Migrate code to match import-fresh v4 new behaviour
  • Fix closing brace indentation for lines with multiple braces (inline closures)
  • Revert UnnecessaryGString for strings with slashes
  • Reduce noise in CI test output
  • Performance updates
    • Use exponential backoff (50ms→400ms) for server startup polling instead of fixed 400ms interval
    • Replace synchronous readdirSync with async readdir in temp file cleanup
    • Use structuredClone() instead of JSON.parse(JSON.stringify()) for deep cloning
    • Cache loaded lint rules to avoid re-importing all rule files on every call
    • Reuse single GroovyShell/GroovyClassLoader per request instead of per file
    • Use bounded FixedThreadPool instead of unbounded CachedThreadPool in CodeNarcServer
    • Reduce HTTP request timeout from 600s to 120s for local server calls
  • Security updates
    • Restrict temp directory permissions from 0777 to 0700 (owner-only)
    • Replace Math.random() with crypto.randomUUID() for temp file/directory names
    • Add 50 MB request body size limit on CodeNarcServer to prevent OOM attacks
    • Limit stack trace depth in error responses to 20 frames

Pull Requests

  • chore(deps): update actions/setup-node action to v6.2.0 by @renovate[bot] in #530
  • chore(deps): update dependency axios to v1.13.3 by @renovate[bot] in #533
  • chore(deps): update all non-major dependencies by @renovate[bot] in #534
  • Bump tar from 7.5.6 to 7.5.7 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #535
  • chore(deps): update dependency @babel/core to v7.29.0 by @renovate[bot] in #536
  • Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #538
  • chore(deps): update all non-major dependencies by @renovate[bot] in #537
  • chore(deps): update dependency nyc to v18 by @renovate[bot] in #543
  • chore(deps): update actions/upload-artifact action to v7 - autoclosed by @renovate[bot] in #546
  • revert: UnnecessaryGString for strings with slashes by @stevenh in #545
  • Upgrade axios & deps by @nvuillam in #548
  • Fix closing brace indentation for lines with multiple braces (inline closures) by @Copilot in #547
  • fix(deps): update dependency node-sarif-builder to v4 by @renovate[bot] in #549
  • Node22 minimum + Reduce noise in CI test output + update dependency import-fresh to v4 by @renovate[bot] in #544
  • Optimizes server performance and strengthens security by @nvuillam in #550

New Contributors

  • @Copilot made their first contribution in #547

Full Changelog: v16.2.0...v17.0.0

v16.2.0

Choose a tag to compare

@nvuillam nvuillam released this 24 Jan 10:46

What's Changed

  • Use npm Trusted Publishers program to sign releases
  • Generate multi-platform Docker images (linux/amd64, linux/arm64)
  • Add docker images to GitHub Container Registry (ghcr.io/nvuillam/npm-groovy-lint)
  • Scope Java requirements to Java 17 to 24
  • Upgrade dependencies

Pull requests

New Contributors

Full Changelog: v16.1.1...v16.2.0

v16.1.1

Choose a tag to compare

@nvuillam nvuillam released this 31 Dec 01:16
  • Fix release workflow

Full Changelog: v16.1.0...v16.1.1

v16.1.0

Choose a tag to compare

@nvuillam nvuillam released this 31 Dec 00:58

What's Changed

  • Implement exclusion of specific rules in the fix process
  • Upgrade dependencies

Pull Requests

  • chore(deps): update peter-evans/create-pull-request action to v8 by @renovate[bot] in #508
  • chore(deps): update actions/upload-artifact action to v6 by @renovate[bot] in #509
  • chore(deps): update all non-major dependencies by @renovate[bot] in #510
  • Adds GitHub Dependents Info workflow by @nvuillam in #512
  • chore(deps): update dependency node-sarif-builder to v3.4.0 by @renovate[bot] in #518
  • Implement exclusion of specific rules in the fix process by @HagegeR in #517

New Contributors

Full Changelog: v16.0.1...v16.1.0

v16.0.1

Choose a tag to compare

@nvuillam nvuillam released this 07 Dec 11:21

What's Changed

New Contributors

Full Changelog: v16.0.0...v16.0.1