Skip to content

chore(deps-dev): bump jscpd from 4.2.5 to 5.0.12#30

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jscpd-5.0.12
Open

chore(deps-dev): bump jscpd from 4.2.5 to 5.0.12#30
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jscpd-5.0.12

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown

Bumps jscpd from 4.2.5 to 5.0.12.

Release notes

Sourced from jscpd's releases.

Release v5.0.12

Highlights

Bug Fixes

  • Rename cpd binary and npm packages to jscpd — the CLI binary was named cpd (cpd.exe on Windows), which collided with an executable name flagged by some antivirus software (McAfee, Trend Micro), causing false-positive blocking. The binary and platform npm packages are now named jscpd / jscpd-*. Closes #826 (#854)
  • Recognize ; line comments for Lisp/Clojure/Scheme/Racket — these languages fell through to C-style comment handling, so ; comments were tokenized as code and --mode weak / --skip-comments couldn't drop them. Closes #849 (#850, thanks @​laurynas-biveinis)
  • Use HTTPS for SARIF schema URI — avoids "untrusted URI" errors in SARIF-consuming tools (#844, thanks @​chrisc-onaorg)

Chores

  • Use public repository URLs for @jscpd/core, @jscpd/finder, @jscpd/tokenizer, @jscpd/html-reporter, @jscpd/badge-reporter, @jscpd/leveldb-store, and @jscpd/redis-store package metadata (#831#837, thanks @​9904099)
  • Add cargo ecosystem to Dependabot config

Dependencies

  • Bump askama to 0.16.0 in /rust
  • Bump log to 0.4.33 in /rust
  • Bump env_logger to 0.11.11 in /rust
  • Bump rustc-hash to 2.1.3 in /rust

Thanks

Big thanks to @​laurynas-biveinis, @​chrisc-onaorg, and @​9904099 for their contributions to this release! 🙌

Published Packages

  • cpd-core@0.1.6 on crates.io
  • cpd-finder@0.1.8 on crates.io
  • cpd-reporter@0.1.7 on crates.io
  • cpd-tokenizer@0.1.7 on crates.io
  • jscpd@5.0.12 on crates.io
  • cpd@5.0.12 on npm
  • jscpd@5.0.12 on npm
  • jscpd-darwin-arm64@5.0.12 on npm
  • jscpd-darwin-x64@5.0.12 on npm
  • jscpd-linux-x64-gnu@5.0.12 on npm
  • jscpd-linux-arm64-gnu@5.0.12 on npm
  • jscpd-linux-x64-musl@5.0.12 on npm
  • jscpd-windows-x64-msvc@5.0.12 on npm

Release v5.0.10

cpd (Rust) v5.0.10

Bug Fixes

  • Emit scan-root-relative paths in all reporters when absolute: false (or the default). Previously, jscpd /abs/path from a different CWD left absolute paths in SARIF/JSON/XML/HTML/CSV/Markdown/console output, and Windows/macOS path canonicalization could leave \\?\ or ./ prefixes. Paths are now normalized against the canonicalized scan root (with CWD fallback) and stripped of any leading ./ or .\\ component. Fixes #827
  • Fix --skip-local to match jscpd v4 TypeScript semantics: it now filters clones where both fragments are under the same scan root, instead of only skipping clones in the same parent directory

Refactoring

... (truncated)

Changelog

Sourced from jscpd's changelog.

Changelog

All notable changes to jscpd are documented here. Releases follow Semantic Versioning.


5.0.11

New Features

  • Razor (.razor) support — new tokenizer for Razor files in the Rust backend (thanks to @​chrisc-onaorg in #829)

Dependencies

  • cpd-core bumped to 0.1.6, cpd-tokenizer bumped to 0.1.7

5.0.10

Bug Fixes

  • Emit scan-root-relative paths in all reporters when absolute: false. Fixes #827
  • Fix --skip-local to match jscpd v4 TypeScript semantics

Refactoring

  • DRY duplication in reporters: extract shared helpers into cpd-reporter/src/shared.rs
  • Move blame enrichment from gitoxide to git blame --porcelain

5.0.9

New Features

  • GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5

Bug Fixes

  • Resolve platform binary resolution when cpd is installed as a nested dependency (e.g. in a project's node_modules via a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816

5.0.8

Bug Fixes

  • Prevent mmap exhaustion crashes when scanning repositories with more files than vm.max_map_count (default 131 072 on Linux). The walker previously held a live Mmap per discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813
  • Fix --pattern not matching relative paths when the scan root is absolute (e.g. CWD). Patterns like src/**/*.ts now match correctly by comparing against both the relative path and the full absolute path, and bare patterns like *.ts gain a **/ prefix to match at any depth. Fixes #811

... (truncated)

Commits
  • 64258a9 release: cpd-v5.0.12
  • ff1ae36 fix(rust): rename cpd binary and npm platform packages to jscpd
  • f768035 docs(readme): fix jscpd@5 bin claim and refresh npm README
  • 115f7fb release: cpd-v5.0.11
  • c4cf41a release: cpd-v5.0.10
  • 9f6b8f5 docs: add Nix and Homebrew install instructions (#818)
  • 527bb08 chore: remove defunct Universal Analytics tracking pixels from all READMEs
  • dbe90b0 docs: update project URLs to jscpd.dev, add curl install, clean up badges
  • dcef743 release: cpd-v5.0.9
  • d330dda fix(#816): resolve platform package in nested node_modules
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jscpd](https://github.com/kucherenko/jscpd/tree/HEAD/rust/jscpd) from 4.2.5 to 5.0.12.
- [Release notes](https://github.com/kucherenko/jscpd/releases)
- [Changelog](https://github.com/kucherenko/jscpd/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucherenko/jscpd/commits/v5.0.12/rust/jscpd)

---
updated-dependencies:
- dependency-name: jscpd
  dependency-version: 5.0.12
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants