mirror of https://github.com/astral-sh/ruff.git synced 2025-10-28 18:53:25 +00:00

History

renovate[bot] d61902c89f Some checks are pending CI / Determine changes (push) Waiting to run Details CI / cargo fmt (push) Waiting to run Details CI / cargo clippy (push) Blocked by required conditions Details CI / cargo test (linux) (push) Blocked by required conditions Details CI / cargo test (linux, release) (push) Blocked by required conditions Details CI / cargo test (${{ github.repository == 'astral-sh/ruff' && 'depot-windows-2022-16' \|\| 'windows-latest' }}) (push) Blocked by required conditions Details CI / cargo test (macos-latest) (push) Blocked by required conditions Details CI / benchmarks walltime (small\|large) (push) Blocked by required conditions Details CI / cargo test (wasm) (push) Blocked by required conditions Details CI / cargo build (msrv) (push) Blocked by required conditions Details CI / cargo fuzz build (push) Blocked by required conditions Details CI / fuzz parser (push) Blocked by required conditions Details CI / test scripts (push) Blocked by required conditions Details CI / ecosystem (push) Blocked by required conditions Details CI / Fuzz for new ty panics (push) Blocked by required conditions Details CI / cargo shear (push) Blocked by required conditions Details CI / ty completion evaluation (push) Blocked by required conditions Details CI / python package (push) Waiting to run Details CI / pre-commit (push) Waiting to run Details CI / mkdocs (push) Waiting to run Details CI / formatter instabilities and black similarity (push) Blocked by required conditions Details CI / test ruff-lsp (push) Blocked by required conditions Details CI / check playground (push) Blocked by required conditions Details CI / benchmarks instrumented (ruff) (push) Blocked by required conditions Details CI / benchmarks instrumented (ty) (push) Blocked by required conditions Details CI / benchmarks walltime (medium\|multithreaded) (push) Blocked by required conditions Details [ty Playground] Release / publish (push) Waiting to run Details Update dependency vite to v7.0.8 (#21007 ) This PR contains the following updates: \| Package \| Change \| Age \| Confidence \| \|---\|---\|---\|---\| \| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) \| [`7.0.7` -> `7.0.8`](https://renovatebot.com/diffs/npm/vite/7.0.7/7.0.8) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/7.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/7.0.7/7.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2025-62522](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7) ### Summary Files denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\` when the dev server is running on Windows. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - running the dev server on Windows ### Details `server.fs.deny` can contain patterns matching against files (by default it includes `.env`, `.env.`, `.{crt,pem}` as such patterns). These patterns were able to bypass by using a back slash(`\`). The root cause is that `fs.readFile('/foo.png/')` loads `/foo.png`. ### PoC ```shell npm create vite@latest cd vite-project/ cat "secret" > .env npm install npm run dev curl --request-target /.env\ http://localhost:5173 ``` <img width="1593" height="616" alt="image" src="https://github.com/user-attachments/assets/36212f4e-1d3c-4686-b16f-16b35ca9e175" /> --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v7.0.8`](https://redirect.github.com/vitejs/vite/releases/tag/v7.0.8) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.7...v7.0.8) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCIsInNlY3VyaXR5Il19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>		2025-10-20 16:22:20 -07:00
..
api	Update dependency uuid to v13 (#20714 )	2025-10-06 08:25:48 +02:00
ruff	[ty] Fix playground crash for very large files (#20934 )	2025-10-17 09:15:33 +02:00
shared	[ty] Fix `None`, `True` and `False` highlighting in playground (#20994 )	2025-10-20 19:25:08 +02:00
ty	[ty] Fix playground crash for very large files (#20934 )	2025-10-17 09:15:33 +02:00
.gitignore	Remove all `useEffect` usages (#12659 )	2024-08-08 13:16:38 +02:00
.prettierignore	Rename Red Knot (#17820 )	2025-05-03 19:49:15 +02:00
eslint.config.mjs	Red Knot Playground (#12681 )	2025-03-18 17:17:11 +01:00
package-lock.json	Update dependency vite to v7.0.8 (#21007 )	2025-10-20 16:22:20 -07:00
package.json	Revert "Update NPM Development dependencies" (#19730 )	2025-08-04 07:33:58 +00:00
README.md	[`docs`] Typo fix for playground (#18929 )	2025-06-24 21:01:48 -04:00
tsconfig.json	Rename Red Knot (#17820 )	2025-05-03 19:49:15 +02:00
tsconfig.node.json	Rename Red Knot (#17820 )	2025-05-03 19:49:15 +02:00

README.md

playground

In-browser playground for Ruff. Available https://play.ruff.rs/.

Getting started

Install the NPM dependencies with npm install, and run the development server with npm start --workspace ruff-playground or npm start --workspace ty-playground. You may need to restart the server after making changes to Ruff or ty to re-build the WASM module.

To run the datastore, which is based on Workers KV, install the Wrangler CLI, then run npx wrangler dev --local from the ./playground/api directory. Note that the datastore is only required to generate shareable URLs for code snippets. The development datastore does not require Cloudflare authentication or login, but in turn only persists data locally.

Architecture

The playground is implemented as a single-page React application powered by Vite, with the editor experience itself powered by Monaco.

The playground stores state in localStorage, but supports persisting code snippets to a persistent datastore based on Workers KV and exposed via a Cloudflare Worker.

The playground design is originally based on Tailwind Play, with additional inspiration from the Biome Playground.

Known issues

Stack overflows

If you see stack overflows in the playground, build the WASM module in release mode: npm run --workspace ty-playground build:wasm.