chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
fast-check (source)	^3.23.2 → ^4.8.0
jscpd	^4.1.1 → ^4.2.0
vite (source)	^8.0.12 → ^8.0.13

cc @skulidropek

---

Release Notes

dubzzz/fast-check (fast-check)

v4.8.0

Compare Source

New arbitrary to chain in a loop fashion
[Code][Diff]

Features

• (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

• (PR#6965) Bug: Restore ability not to use skipLibCheck
• (PR#6877) CI: Lowercase discussion_category_name to "announcements"
• (PR#6878) CI: Scope permissions of clean-caches
• (PR#6880) CI: Add PR-authoring guidance for Claude
• (PR#6887) CI: Delete CLAUDE.md
• (PR#6888) CI: Use tilde ranges for security dependency overrides
• (PR#6891) CI: Disable Renovate updates on pnpm overrides
• (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
• (PR#6905) CI: Enable pnpm global virtual store
• (PR#6933) CI: Pin pnpm in npm install commands
• (PR#6932) CI: Grant discussions: write to release jobs
• (PR#6935) CI: Skip PR template check for dubzzz
• (PR#6937) CI: Mirror the repo to tangled
• (PR#6938) CI: Add missing runs-on for tangled
• (PR#6889) Doc: Add release notes for fast-check 4.7.0
• (PR#6900) Doc: Fix broken API reference links
• (PR#6844) Doc: Extract manual setup guide into dedicated page
• (PR#6845) Doc: Add index pages for documentation sections
• (PR#6918) Doc: Fix Documentation link to point to first doc page
• (PR#6939) Doc: Link to Tangled mirror of fast-check
• (PR#6934) Test: Tolerate \p{...} value drift in docs tests
• (PR#6951) Test: Fix poisoning tests for latest Node

---

v4.7.0

Compare Source

Unicode property support in stringMatching
[Code][Diff]

Features

• (PR#6866) Reversible json arbitrary
• (PR#6868) Parse \p{} and \P{} in stringMatching
• (PR#6870) Support for \p{UnicodeProperty} in stringMatching
• (PR#6871) Support negated unicode properties in stringMatching

Fixes

• (PR#6710) CI: Pass explicit string to make_latest
• (PR#6714) CI: Remove unused vite dependency from multiple packages
• (PR#6780) CI: Silent zizmor issues (as they used to be)
• (PR#6786) CI: Configure release workflow settings for announcements
• (PR#6787) CI: Add force-build-status-execution label trigger to CI workflow
• (PR#6818) CI: Push tag after creating draft release
• (PR#6827) CI: Update CSP for our playgrounds backed by stackblitz
• (PR#6832) CI: Add format/lint/typecheck hooks for Claude Code
• (PR#6834) CI: Fix Claude's session start hook
• (PR#6852) CI: Skip website prebuild remote fetches on cloud Claude Code
• (PR#6869) CI: Add workflow to clean up GitHub Actions caches
• (PR#6789) Clean: Remove unused code identified by knip
• (PR#6711) Doc: Release note for version 4.6.0
• (PR#6756) Doc: Fix typo in the documentation
• (PR#6758) Doc: Add rugk as doc contributor
• (PR#6764) Doc: Document gitmoji PR naming
• (PR#6776) Doc: Add nielk as code contributor
• (PR#6753) Doc: Migrate playgrounds in documentation to StackBlitz
• (PR#6830) Doc: Switch to ?raw imports for advents
• (PR#6836) Doc: Add Vitest documentation guide for setting up property-based testing
• (PR#6833) Doc: Remove dead doc hub pages
• (PR#6855) Doc: Integrate API reference natively into our doc
• (PR#6867) Doc: Simplify examples
• (PR#6835) Script: Migrate from ESLint to oxlint
• (PR#6872) Script: Rework hooks for Claude Code
• (PR#6754) Test: Migrate race condition tests to Vitest
• (PR#6859) Test: Stabilize flaky timeout tests on Windows

---

v4.6.0

Compare Source

Better stringMatching with maxLength
[Code][Diff]

Features

• (PR#6599) Add basic maxLength support to stringMatching
• (PR#6600) Better clamp on regexes when maxLength on stringMatching
• (PR#6687) Deprecate Random::next(n) and Random::nextInt()

Fixes

• (PR#6502) Bug: Bad d.ts import in BuildInversedRelationsMapping
• (PR#6578) Bug: Don't crash when stringifying detached ArrayBuffers
• (PR#6700) Bug: Fix object unmapper and depth computation for special keys
• (PR#6432) CI: Move all dependencies to dev on examples/
• (PR#6443) CI: Migrate to Docusaurus v4 configuration format
• (PR#6456) CI: Enable persist-credentials in add-contributor workflow
• (PR#6501) CI: Bump module in tsconfig to node18
• (PR#6548) CI: Fix zizmor ignore config line numbers
• (PR#6554) CI: Drop tests against Node 20
• (PR#6563) CI: Fix check_publish status to be success on no error
• (PR#6565) CI: Add create release workflow
• (PR#6610) CI: Rework pnpm configuration
• (PR#6619) CI: Add PR template enforcement workflow
• (PR#6622) CI: Skip Netlify doc publish on PRs
• (PR#6625) CI: Run PR template check without approval
• (PR#6623) CI: Skip PR template check for Renovate bot
• (PR#6638) CI: Bundle fast-check using rolldown
• (PR#6662) CI: Rework configuration of examples
• (PR#6683) CI: Add Claude Code GitHub Action workflow
• (PR#6684) CI: Add configuration for pre and post tool Claude hooks
• (PR#6690) CI: Refine GH Action triggering CLAUDE
• (PR#6693) CI: Configure another Claude model
• (PR#6703) CI: Add top-level permissions: {} to workflows missing it
• (PR#6704) CI: Refactor Claude workflow custom instructions configuration
• (PR#6705) CI: Add SessionStart hook to ensure dependencies are installed
• (PR#6597) Clean: Drop runkit file
• (PR#6640) Clean: Drop unused "tsd" in package.json
• (PR#6441) Doc: Release note for 4.5.0
• (PR#6442) Doc: Replace generic blog tags with feature-specific taxonomy
• (PR#6458) Doc: Add adamni21 as doc contributor
• (PR#6496) Doc: Refine npm keywords
• (PR#6514) Doc: Skill for JavaScript testing expert
• (PR#6516) Doc: Add note to avoid overusing filter and fc.pre
• (PR#6517) Doc: Update testing skill to recommend mimicking existing test structure
• (PR#6523) Doc: Add PR template requirement to Copilot instructions
• (PR#6522) Doc: Add note on complementary testing approaches
• (PR#6524) Doc: Add snapshot vs screenshot guidance
• (PR#6527) Doc: Push to install missing tooling
• (PR#6530) Doc: Clearer guidelines for constraints of arbs in skill
• (PR#6526) Doc: Add AI-powered testing documentation
• (PR#6529) Doc: Add testing-library and browser testing part in skill
• (PR#6528) Doc: Add bigint type preference for integer computations in skill
• (PR#6531) Doc: Add TDD fashion thinking in skill
• (PR#6553) Doc: Add josephjunker as doc contributor
• (PR#6561) Doc: Add page on "What is property-based testing" and modify "Why property-based testing"
• (PR#6605) Doc: Drop Snyk link on Readme
• (PR#6603) Doc: Update CONTRIBUTING.md for AI
• (PR#6572) Doc: Rework issue templates
• (PR#6613) Doc: Update PR template
• (PR#6634) Doc: Rework bug-report template
• (PR#6635) Doc: Rework regression-report template
• (PR#6652) Doc: Update Readme to point to npmx
• (PR#6659) Doc: Update home to link to npmx
• (PR#6696) Doc: Add rushelex as code contributor
• (PR#6448) Performance: Optimize RunDetailsFormatter array allocations
• (PR#5718) Performance: Import less from pure-rand
• (PR#6679) Performance: Bump pure-rand to v8
• (PR#6446) Performance: Replace loose equality by strict one
• (PR#6444) Performance: Slightly faster code for RunExecution
• (PR#6437) Refactor: Replace fileURLToPath patterns with import.meta.*
• (PR#6567) Refactor: Remove ErrorWithCause, use Error directly
• (PR#6621) Refactor: Replace glob package with native Node.js fs.glob
• (PR#6675) Refactor: Drop @​rollup/plugin-replace for rolldown builtin
• (PR#6550) Security: Fix zizmor template-injection findings
• (PR#6472) Test: Provide cause when doc generation fails
• (PR#6381) Test: Migrate test-types to vitest
• (PR#6507) Test: Filter ESM-only packages from CommonJS mode checks
• (PR#6453) Typo: Fix typo for dictionary arbitrary constraint maxKeys
• (PR#6552) Typo: Replace flatMap with chain in error message

---

v4.5.3

Compare Source

Proper attestation file naming
[Code][Diff]

Fixes

• (PR#6421) CI: Rename attestation bundles to *.sigstore.json

v4.5.2

Compare Source

Attach tarballs to GitHub releases
[Code][Diff]

Fixes

• (PR#6416) CI: Extract package version from tarball
• (PR#6417) CI: Update GitHub releases at publish time

v4.5.1

Compare Source

Rename tarballs before publishing
[Code][Diff]

Fixes

• (PR#6413) CI: Rename tarballs before publishing

v4.5.0

Compare Source

Add an arbitrary based on a schema definition
[Code][Diff]

Features

• (PR#6333) Add entityGraph for schema-based structures
• (PR#6336) Take into account the depth in entityGraph
• (PR#6340) Add initial pool constraints to entityGraph
• (PR#6341) Add strategies to entityGraph
• (PR#6342) Allow recursions on many rels for entityGraph
• (PR#6343) Tweak unicity of entities produced by entityGraph
• (PR#6400) Support inverse relations in entityGraph

Fixes

• (PR#6375) Bug: Fix workflow authentication by enabling credential persistence
• (PR#6369) CI: Fix vulnerabilities in our GitHub workflows
• (PR#6370) CI: Add workflow security audit with zizmor
• (PR#6374) CI: Fix vulnerabilities in build-status workflow
• (PR#6397) CI: Ignore trusted publishing for pkg-pr-new
• (PR#6410) CI: Fix generate-changelog script
• (PR#6365) Doc: Release note for version 4.4.0
• (PR#6379) Doc: Fix dead links in the documentation
• (PR#6378) Doc: Connect AskAI in docsearch from Algolia
• (PR#6380) Doc: Update Content-Security-Policy for AskAI
• (PR#6367) Doc: Rework JSDoc for entityGraph and related types
• (PR#6383) Doc: Enhance entityGraph documentation
• (PR#6337) Refactor: Allocate unlinked versions earlier in entityGraph
• (PR#6339) Refactor: Split code of entityGraph into sub-helpers
• (PR#6345) Refactor: Import all files with an extension
• (PR#6398) Script: Ask AIs to be concise when naming PRs
• (PR#6389) Test: Replace @​ts-ignore with @​ts-expect-error

---

v4.4.0

Compare Source

Expose hidden arbitraries and widen capabilities of existing ones from a typing point of view
[Code][Diff]

Features

• (PR#6232) Support full PropertyKey in fc.dictionary(...)
• (PR#6267) Add fc.map arbitrary
• (PR#6040) Add circular option to fc.letrec
• (PR#6270) Add fc.set arbitrary
• (PR#6334) REVERT-6040: Self-referencing capabilities from letrec

Fixes

• (PR#6138) CI: Force OTP at publication time
• (PR#6170) CI: Stop running tests against Windows
• (PR#6178) CI: Add GH Action to reformat code in PRs or branches
• (PR#6205) CI: Add GH Action to add contributors to the project
• (PR#6246) CI: Fix PR mode in format-pr workflow
• (PR#6184) CI: Add provenance attestation to npm package publishing
• (PR#6248) CI: Add workflow to resolve pnpm lock file merge conflicts on PRs
• (PR#6251) CI: Restrict Format workflow to PRs
• (PR#6253) CI: Fix PR number type in workflows
• (PR#6254) CI: Fix PR workflows
• (PR#6255) CI: Fix PNPM conflicts workflow
• (PR#6256) CI: Scope permissions of PR Format to job
• (PR#6257) CI: Scope permissions of PR PNPM to job
• (PR#6258) CI: Job level permissions for add contributor
• (PR#6269) CI: Add GitHub Action to validate PR titles
• (PR#6281) CI: Add back Windows runners for tests
• (PR#6280) CI: Add back latest node for tests
• (PR#6282) CI: Bump test matrix to Node 24
• (PR#6283) CI: Shard tests producing coverage
• (PR#6301) CI: Downgrade node in tests
• (PR#6300) CI: Enforce trust-policy for pnpm
• (PR#6307) CI: Add back latest Node in test matrix
• (PR#6136) Doc: Release note for version 4.3.0
• (PR#6169) Doc: Preserve links on Sponsors for the website
• (PR#6172) Doc: Update CSP to properly display sponsors.svg
• (PR#6173) Doc: Update CSP to properly display sponsors.svg
• (PR#6174) Doc: Better support of mobile display for sponsors
• (PR#6175) Doc: Better accessibility on website
• (PR#6192) Doc: Add @traversable/zod-test to ecosystem
• (PR#6204) Doc: Add ahrjarrett as doc contributor
• (PR#6238) Doc: Add jamesbvaughan as code contributor
• (PR#6250) Doc: Add GitHub Copilot instructions for gitmoji PR naming convention
• (PR#6180) Doc: Generate llms.txt and related for AI crawlers
• (PR#6279) Doc: Add emilianbold as code contributor
• (PR#6287) Doc: Fix example in quick start guide
• (PR#6288) Doc: Add russbiggs as doc contributor
• (PR#6278) Performance: Use Math.imul and shifts in perf-critical paths
• (PR#6275) Refactor: Remove unnecessary npm install steps from publish workflows
• (PR#6311) Refactor: Factorize letrec implementations
• (PR#6318) Refactor: Extract logic building lazy arbs
• (PR#6320) Refactor: Iterate on own props array in letrec
• (PR#6321) Refactor: Explicit null check in LazyArbitrary
• (PR#6277) Script: Fix script updating the documentation for fast-check

---

v4.3.0

Compare Source

Add memory flag on infiniteStream
[Code][Diff]

Features

• (PR#6107) Add 'history' parameter to infiniteStream

Fixes

• (PR#6118) Bug: Fix fc.option nil frequency
• (PR#6046) CI: Skip expensive CI checks on Windows runner
• (PR#6120) CI: Avoid specs to run against Node >=24.6.0
• (PR#6128) CI: Toggle ON experimental-cli on Prettier
• (PR#6127) CI: Move to trusted publishing to NPM
• (PR#6129) CI: Toggle ON concurrency on ESLint
• (PR#6060) CI: Rework configuration of Vitest
• (PR#6058) Doc: Release note for version 4.2.0
• (PR#6131) Doc: Add new contributor dmurvihill
• (PR#6038) Script: Update ignoredBuiltDependencies
• (PR#6059) Test: Drop unneeded retries for Node 23
• (PR#6119) Typings: Add union type overloads for nat() and bigInt()

---

v4.2.0

Compare Source

New primitives for race condition detection
[Code][Diff]

Features

• (PR#5953) Do not silent errors popping in act
• (PR#5890) Introduce new awaiter on our scheduler
• (PR#6016) Introduce waitIdle, a revamped waitAll for scheduler
• (PR#6026) Deprecate waitOne and waitAll

Fixes

• (PR#5903) CI: Only run coverage for ubuntu on node 22
• (PR#5904) CI: Shard Vitest execution on Windows runners
• (PR#5907) CI: Always publish on pkg-pr-new
• (PR#5935) CI: Get rid of LFS storage
• (PR#5936) CI: Safer and faster static assets with hash checks
• (PR#5943) CI: Stop stale from closing validated ideas
• (PR#5954) CI: Make poisoning test compatible with Node 24
• (PR#5969) CI: Measure coverage on Mac OS
• (PR#5971) CI: Better exclusion list for Vitest
• (PR#5989) CI: Attempt to stabilize tests
• (PR#5937) Doc: Reference social media links on blog authors
• (PR#5938) Doc: Fix social images on /docs and /blog
• (PR#5965) Doc: update stringMatching docs
• (PR#5966) Doc: Fix typo in model-based-testing.md
• (PR#6015) Doc: Add new contributor matthyk
• (PR#5973) Test: Drop unused checks in tests
• (PR#6019) Test: Stop testing against Node 18

---

v4.1.1

Compare Source

Avoid overlapping tasks
[Code][Diff]

Fixes

• (PR#5900) Bug: Avoid overlapping tasks during scheduler execution
• (PR#5894) Doc: Release note for 4.1.0
• (PR#5901) Performance: Slightly faster scheduler with explicit undefined check

v4.1.0

Compare Source

More effective waitFor on fc.scheduler
[Code][Diff]

Features

• (PR#5889) Wait longer before scheduling anything with waitFor
• (PR#5892) Better capture scheduled tasks before running scheduling

Fixes

• (PR#5868) Doc: Adapt article on Vitest following feedback
• (PR#5891) Performance: Move back to better tick management of waitFor
• (PR#5888) Test: Closely test waitFor on interactions with micro-tasks

---

v4.0.1

Compare Source

Change location of the logo on the README for LFS quotas reasons
[Code][Diff]

Fixes

• (PR#5862) CI: Cache LFS files cross builds
• (PR#5864) CI: Do not pull logo of README from LFS
• (PR#5849) Doc: Drop link to rescript-fast-check
• (PR#5865) Doc: Document our new Vitest proposal
• (PR#5735) Test: Run tests in workspace mode

v4.0.0

Compare Source

Reducing the API surface to ease ramp-up on fast-check
[Code][Diff]

The simplest migration guide to v4 is probably here.

Breaking changes

• (PR#5589) Include invalid dates by default
• (PR#5590) Error with cause by default
• (PR#5597) Include null-prototype by default in record
• (PR#5603) Shorter stringified values for null-prototype
• (PR#5609) Include null-prototype by default in dictionary
• (PR#5610) Drop deprecated .noBias
• (PR#5611) Drop deprecated uuidV arbitrary
• (PR#5613) Drop deprecated unicodeJson* arbitraries
• (PR#5633) Extend uuid to build any know version
• (PR#5636) Drop deprecated ascii*
• (PR#5644) Drop deprecated hexa*
• (PR#5664) Drop deprecated base64
• (PR#5665) Drop deprecated stringOf
• (PR#5666) Drop deprecated char16bits and string16bits
• (PR#5667) Drop deprecated fullUnicode*
• (PR#5669) Drop deprecated unicode*
• (PR#5671) Drop deprecated char
• (PR#5674) Drop deprecated big{U|}int{N|}
• (PR#5679) Drop method nextArrayInt from Random
• (PR#5694) Drop deprecated .noShrink
• (PR#5821) Force usage of Node >=12.17.0

Features

• (PR#5577) Better typings for constantFrom
• (PR#5605) Better typings for constant
• (PR#5773) Arbitrary<XxxArray> => Arbitrary<XxxArray<ArrayBuffer>>
• (PR#5783) Simplify types for fc.record

Fixes

• (PR#5604) Bug: Better rejection handling in scheduleSequence
• (PR#5672) Bug: Resist to external poisoning for json
• (PR#5696) Bug: Stricter checks for consecutive noBias
• (PR#5608) CI: Clean unhandled rejections in tests for scheduler
• (PR#5670) CI: Move build chain to ESM
• (PR#5136) CI: Toggle on isolatedDeclarations flag on the project
• (PR#5685) CI: Stabilize e2e on bigint and duplicates
• (PR#5695) CI: Move CI jobs to Node 22
• (PR#5719) CI: Toggle ON faster documentation build
• (PR#5742) CI: Fix lock file breakeage
• (PR#5770) CI: Switch CI commands to node --run
• (PR#5578) Clean: Remove withDeletedKeys from record
• (PR#5581) Clean: Enforce run{Before/After}Each on property
• (PR#5634) Clean: Drop unneeded catch param
• (PR#5763) Clean: Abide by lint rule no-empty-object-type
• (PR#5767) Clean: Abide by lint rule no-unused-vars
• (PR#5803) Clean: Fix lint error in ConstantArbitrary class
• (PR#5522) Doc: Advent of PBT Day 14
• (PR#5531) Doc: Do not display success count
• (PR#5524) Doc: Advent of PBT Day 15
• (PR#5532) Doc: Stop trimming user inputs for the Advent of PBT
• (PR#5526) Doc: Advent of PBT Day 16
• (PR#5527) Doc: Advent of PBT Day 17
• (PR#5539) Doc: Advent of PBT, Day 18
• (PR#5542) Doc: Add missing comment sections on Advents
• (PR#5543) Doc: Add socials illustrations on some Advents
• (PR#5540) Doc: Advent of PBT, Day 19
• (PR#5547) Doc: Add comments section on Day 19
• (PR#5550) Doc: Advent of PBT, Day 20
• (PR#5551) Doc: Comments section for Day 20
• (PR#5554) Doc: Make Day 15 compliant to its own spec
• (PR#5555) Doc: Fix validation of Advent of PBT Day 20
• (PR#5549) Doc: Advent of PBT, Day 21
• (PR#5552) Doc: Advent of PBT, Day 22
• (PR#5557) Doc: Drop useless Advent's calls to counter API
• (PR#5553) Doc: Advent of PBT, Day 23
• (PR#5558) Doc: Advent of PBT, Day 24
• (PR#5564) Doc: Add typespec-fast-check to ecosystem page
• (PR#5684) Doc: Flag migration guide with WIP
• (PR#5768) Doc: Document the Unicode version
• (PR#5774) Doc: Update CONTRIBUTING.md after switch to pnpm
• (PR#5788) Doc: Add new contributor AlexErrant
• (PR#5789) Doc: Add "Answering Questions" to gruhn
• (PR#5795) Doc: Enrich minimal support section
• (PR#5806) Doc: Fix GitHub workflow badge on README
• (PR#5805) Doc: Add new contributor ahrjarrett
• (PR#5814) Doc: Drop direct link to the Advent Of PBT
• (PR#5583) Performance: Faster property::run with strict equality checks
• (PR#5584) Performance: Delay computation of Error stack when no cause
• (PR#5612) Performance: Drop unneeded BigInt check in mixedCase
• (PR#5614) Performance: Faster scheduling of scheduleSequence
• (PR#5615) Performance: Speed-up race-condition schedulers
• (PR#5617) Performance: Faster initialization of globals by dropping typeof checks
• (PR#5676) Performance: Faster read of parameters passed to runners
• (PR#5677) Performance: Faster read of constraints on object and related
• (PR#5618) Performance: Faster rewrite of double
• (PR#5678) Performance: Faster ipV6 generation with cached string builders
• (PR#5771) Performance: Mark all arbitraries as side-effect free
• (PR#5786) Performance: Mark all arbitraries as side-effect free
• (PR#5787) Performance: Target ES2020 in produced bundle
• (PR#5600) Refactor: Rewrite of scheduleSequence
• (PR#5635) Refactor: Switch to object spreading rather than Object.assign
• (PR#5710) Script: Moving from yarn to pnpm
• (PR#5815) Script: Add support for pnpm scripts in generate-changelog
• (PR#5816) Script: Take into account bumps on one part of monorepo for changelogs
• (PR#5817) Script: Fix call to changesets to generate changelog for v4
• (PR#5616) Test: Stop checking for BigInt in tests
• (PR#5673) Test: Cover even more arbitraries within Poisoning
• (PR#5734) Test: Move website tests to Vitest
• (PR#5736) Test: Do not scan useless directories for tests on website
• (PR#5743) Test: Drop useless snapshots results
• (PR#5756) Test: Fix test in double.spec
• (PR#5790) Test: Check TypeScript 5.7 to assess it never breaks

kucherenko/jscpd (jscpd)

v4.2.0

Compare Source

Breaking Changes

• Vue SFC tokenization — .vue files are no longer tokenized as markup. Each block is now dispatched to its own sub-format: <script> → javascript, <script lang="ts"> → typescript, <template> → markup, <style> → css, <style lang="scss"> → scss, <style lang="less"> → less. Clone reports for .vue files now appear under these resolved sub-format names. Any tooling or configuration that relied on .vue clones being reported under markup must be updated.
• --formatsExts users — custom mappings that pointed .vue to markup (e.g. "formatsExts": { "markup": ["vue"] }) will no longer take effect because .vue is handled by the dedicated vue format processor. Remove or update such mappings.

New Features

• Custom tokenizer backend — replaced the prismjs npm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan).
• Cross-format detection — Vue SFC (.vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A <script> block in a .vue file can match a .ts file; a fenced code block in Markdown can match a .py file.
• 223 supported formats — Apex, CFML/ColdFusion, GDScript, Svelte, Astro, and 70+ additional languages added (up from 152). See supported_formats.md.
• Shebang detection — extensionless executable scripts (e.g. /usr/bin/env python3) are auto-detected by their #! shebang line and tokenized in the correct language.
• --store-path — configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.
• --skipComments — shorthand flag for --mode weak, which strips comments before detection.
• --formats-names — map specific filenames (e.g. Makefile, Dockerfile) to a detection format.

Bug Fixes

• Entire-file duplicates silently dropped (@jscpd/core #​728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.
• ReDoS hang on Lisp/Elisp files (@jscpd/tokenizer #​737) — the Lisp string regex /"(?:[^"\\]*|\\.)*"/ could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear /"(?:[^"\\]|\\[\s\S])*"/ pattern.
• Process crash on malformed package.json (#​739) — readJSONSync threw an unhandled SyntaxError when package.json contained invalid JSON, killing the process. Now emits a warning and continues with an empty config.
• Vue SFC cross-file detection broken — the detector used the file-level format (vue) as the store namespace for all SFC blocks, preventing a <script> block in one .vue file from ever matching a <script> block in another. The namespace now reflects each block's resolved sub-format.
• Vue SFC incorrect column numbers — tokens on the first line of a block carried block-relative column 1 instead of file-absolute column numbers. Fixed in @jscpd/tokenizer.
• 50 dependency security vulnerabilities remediated across the monorepo (Dependabot batches).

Known Limitations

• Malformed SFC blocks (e.g. unclosed tags, invalid attributes) are silently skipped and do not contribute tokens.

---

vitejs/vite (vite)

v8.0.13

Compare Source

Features

• bundled-dev: add lazy bundling support (#​21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#​22357) (47071ce)
• update rolldown to 1.0.1 (#​22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#​22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #​22274) (#​22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#​22439) (8e59c97)
• make isBundled per environment (#​22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#​22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#​22430) (6ea3838)
• update changelog (#​22413) (fcdc87c)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Примечания к выпуску

• Chores
  • Обновлены dev‑зависимости (fast-check, jscpd, vite) в нескольких пакетах для поддержки актуальных версий инструментов сборки и тестирования. Эти изменения направлены на повышение стабильности и качества разработки; функциональный код и публичные API не затронуты.

Walkthrough

Обновлены devDependency-версии в трёх package.json: packages/lib (fast-check, jscpd, vite), packages/app (jscpd, vite) и packages/docker-git-session-sync (vite). Нет изменений в скриптах, экспортах или публичных API.

Изменения

Обновление зависимостей

Layer / File(s)	Summary
DevDependency bumps — несколько пакетов packages/lib/package.json, packages/app/package.json, packages/docker-git-session-sync/package.json	packages/lib: fast-check → ^4.8.0, jscpd → ^4.2.0, vite → ^8.0.13; packages/app: jscpd → ^4.2.0, vite → ^8.0.13; packages/docker-git-session-sync: vite → ^8.0.13. Никаких изменений в коде, скриптах или полях экспорта не сделано.

Оценка затрат на проверку кода

🎯 1 (Trivial) | ⏱️ ~2 minutes

Возможно связанные issues

• Dependency Dashboard context-doc#5: Описывает те же devDependency bumps (fast-check, jscpd, vite) в нескольких package.json — связан по содержанию.
• Dependency Dashboard #99: Касается тех же обновлений зависимостей в этом репозитории — релевантно.
• Dependency Dashboard component-tagger#2: Соответствует обновлениям jscpd и vite, найденным в Renovate-дашборде.

Возможно связанные PR

• ProverCoderAI/docker-git#293: Совпадает по обновлению devDependency fast-check и связанным манифестам.

Рекомендуемые рецензенты

• skulidropek

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Описание не соответствует требуемому шаблону. Отсутствуют обязательные разделы: 'Source TZ / Issues', 'Requirements Alignment' и 'Verification'. Приведена таблица Renovate вместо структурированного формата шаблона.	Добавьте разделы согласно шаблону: укажите связанные issue (#), резюме изменений, требования (реализовано/не в области видимости) и методы проверки.
Requirements Alignment	❓ Inconclusive	PR не содержит спецификации (linked issue, PR description) как требует кодирования гайдлайн. Отсутствует обоснование обновлений, особенно для мажорного fast-check v3→v4.	Добавить: 1) linked issue с обоснованием; 2) заполнить PR template; 3) документировать миграцию fast-check v4 и jscpd v4.2; 4) подтвердить тесты.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Название чётко описывает основное изменение — обновление всех зависимостей. Это отражает суть всех модификаций в PR (fast-check, jscpd, vite).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Security Regression	✅ Passed	Only devDependency updates in package.json. No code changes. GitHub Actions config safe. No security vulnerabilities detected in updated packages.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/package.json`:
- Around line 77-82: The package.json dependency updates (notably "fast-check"
-> v4 and "jscpd") lack a linked specification/issue and migration details;
create or attach an issue/PR description that explains the reason for each
dependency bump (reference "fast-check" and "jscpd" from package.json), include
a checklist of migration steps performed for fast-check v4, document test
results (including running "bun run test" across all packages), and provide a
brief risk/impact analysis of breaking changes from jscpd and fast-check; update
the PR to link this issue and confirm tests pass before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 822cae1a-ef62-4f28-806c-36490725ff83

📥 Commits

Reviewing files that changed from the base of the PR and between d92da30 and 4aec7e9.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• packages/app/package.json
• packages/docker-git-session-sync/package.json
• packages/lib/package.json

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Browser command)
• GitHub Check: Test
• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Lint
• GitHub Check: E2E (OpenCode)
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (1)

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/docker-git-session-sync/package.json
• packages/lib/package.json
• packages/app/package.json

🔇 Additional comments (5)

packages/lib/package.json (3)

82-82: Версия vite 8.0.13 существует и доступна в npm registry. Зависимость валидна.

---

80-80: Проверьте документацию breaking changes в jscpd 4.2.0 перед внедрением.

jscpd версия 4.2.0 существует, однако документированные breaking changes о Vue SFC tokenization и custom tokenizer backend не подтверждены в публичной документации. Проект активно использует jscpd через /* jscpd:ignore-* */ директивы в 150+ файлах, но не имеет явной .jscpd конфигурации. Перед тем как заявлять о breaking changes, уточните в CHANGELOG или官方 документации какие именно изменения влияют на текущую конфигурацию проекта и требуют миграции.

---

77-77: 🏗️ Heavy lift

Обновление fast-check v3→v4 корректно применено и совместимо с существующим кодом.

Хотя это мажорное обновление, используемые API (fc.assert, fc.property, fc.string, fc.constantFrom, fc.option, fc.record, fc.tuple, fc.oneof) остаются стабильными в v4. Проверка кодовой базы показала:

• Отсутствие использования deprecated API (например, withDeletedKeys)
• Единственное использование fc.record — простая структура без breaking changes
• Все тесты проходят в CI pipeline, что свидетельствует об успешной миграции

Обновление вместе с jscpd (^4.1.1 → ^4.2.0) и vite (^8.0.12 → ^8.0.13) является плановым обновлением зависимостей.

packages/app/package.json (2)

122-122: Версия vite 8.0.13 существует в npm registry и доступна для использования. Никаких проблем не выявлено.

---

119-119: Версия совместима — Vue в проекте не используется.

jscpd 4.2.0 упоминаемые breaking changes для Vue SFC токенизации не применимы к данному проекту, так как в нём нет файлов .vue. Версия 4.2.0 соответствует требованиям vibecode-linter (^4.0.5), который использует jscpd как runtime dependency для детекции дублирования кода.

			> Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Отсутствует спецификация для обновления зависимостей.

Согласно coding guidelines, необходима спецификация/issue для всех изменений: "Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход от спеки... Если спека не видна, попроси автора добавить ее в issue или PR description."

Для мажорного обновления fast-check (v3→v4) с breaking changes особенно важно иметь:

• Linked issue с обоснованием обновления
• Чек-лист выполненных миграционных шагов
• Подтверждение прохождения тестов
• Оценку рисков breaking changes

Пожалуйста, создайте или привяжите issue с описанием:

1. Причины обновления каждой зависимости
2. Выполненных миграционных шагов для fast-check v4
3. Результатов тестирования (включая bun run test во всех пакетах)
4. Анализа влияния breaking changes jscpd на проект

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/lib/package.json` around lines 77 - 82, The package.json dependency
updates (notably "fast-check" -> v4 and "jscpd") lack a linked
specification/issue and migration details; create or attach an issue/PR
description that explains the reason for each dependency bump (reference
"fast-check" and "jscpd" from package.json), include a checklist of migration
steps performed for fast-check v4, document test results (including running "bun
run test" across all packages), and provide a brief risk/impact analysis of
breaking changes from jscpd and fast-check; update the PR to link this issue and
confirm tests pass before merging.