chore(deps): bump ora from 8.2.0 to 9.3.0#6
Closed
dependabot[bot] wants to merge 711 commits intomainfrom
Closed
Conversation
The cache DB lives at ~/.deepl-cli/cache.db globally (ignores DEEPL_CONFIG_DIR), so comparing exact entry counts before/after is unreliable when other test suites clear the cache in parallel. Replace strict equality assertion with structural checks that verify the cache remains functional after dry-run. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DESIGN.md (1,384 lines) duplicated content already in CLAUDE.md, API.md, and README.md. It served no unique audience and had become a maintenance burden that chased implementation rather than leading it. CLAUDE.md reduced from 1,091 to 252 lines (77%) by removing duplicate testing requirements (stated 4 times), completed phase history, dependency lists (duplicates package.json), verbose PR/example templates, and overlapping checklists. Every actual instruction is preserved. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The tests were failing in CI because no API key was set, causing the CLI to reject commands at the auth check before reaching structured file logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The checkAndEnd mock fired onEndOfStream as soon as any chunk arrived on ws2, making total chunk count non-deterministic based on event loop scheduling. CI's slower scheduling resulted in only 6 of 10 expected chunks. Now waits for all chunks across both WebSockets before ending. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Foundation for the TypeScript rewrite of i18n skill scripts. Fixes the dots-in-keys ambiguity (KeyPath arrays instead of dot-joined strings), non-string scalar bug, array handling, and adds YAML/ARB support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add config.ts with functions for loading, saving, validating, and creating default i18n project configuration. The config file (.deepl-i18n.json) supports sourceLocale, targetLocales, framework, formality, glossary, localePaths, excludePaths, and monorepo fields. Includes 19 unit tests covering all config operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add validate-locale.ts CLI script with 5 validation checks: - Key structure match (missing keys = error, extra keys = warning) - Placeholder residue detection (__INTL_* patterns) - Variable preservation per framework (i18next, rails, vue-i18n, etc.) - Untranslated value detection (warning) Supports JSON and text output formats, framework-specific variable patterns, and exit codes (0=pass, 1=fail, 2=error). Includes 21 unit tests covering all checks and framework patterns. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds framework auto-detection (package.json, Gemfile, pubspec.yaml, plus Android/iOS heuristics) and deep-merge for incremental translation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add untracked SKILL.md, reference docs, and bash scripts to version control before rewriting them in TypeScript. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
# Conflicts: # .claude/skills/i18n-translate/references/interpolation-patterns.md
# Conflicts: # .claude/skills/i18n-translate/references/framework-detection.md
Replaces bash helper scripts with TypeScript equivalents. Adds 4-mode workflow (Quick/Audit/Full/Manual), project config, dry-run support, and Android/iOS framework detection. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace require.main === module with process.argv[1] check for ESM compatibility since the project uses "type": "module". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move i18n-translate Claude Code skill (SKILL.md, scripts/, references/) and its 151 tests to https://git.deepl.dev/hack-projects/deepl-i18n-skill. Remove the .gitignore exception for skill lib/ directories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update semver-compatible dependencies: - @commitlint/cli 20.1.0 → 20.4.1 - @commitlint/config-conventional 20.0.0 → 20.4.1 - @types/node 20.19.19 → 20.19.33 - inquirer 12.9.6 → 12.11.1 - memfs 4.49.0 → 4.56.10 - prettier 3.6.2 → 3.8.1 - ts-jest 29.4.4 → 29.4.6 All 2971 tests pass, 0 vulnerabilities. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…itive matching Language codes like pt-BR and DE were rejected because the registry stores codes in lowercase. Normalize options.to and options.from to lowercase at the entry points of translate() and translateText(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The DeepL API expects split_sentences values of "1", "0", or "nonewlines", but the CLI was sending "on" and "off" directly, causing a 400 Bad Request error. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The DeepL API requires source_lang when a glossary is used. The CLI now validates this upfront with a clear error message instead of letting the API return an opaque 400 Bad Request. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…real API calls Only 1 of 105 test files called nock.disableNetConnect(). Tests could accidentally hit real DeepL API endpoints if a nock interceptor was misconfigured. Now enforced globally via Jest setupFilesAfterEnv. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
config set auth.apiKey echoed the full plaintext key in the success message. config get with no arguments returned the full unmasked config including the API key, while config list properly masked it. Both paths now mask the key consistently (first 4 + ... + last 4 chars). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- fix(config): mask API key in config set and config get output - fix(test): add global nock.disableNetConnect() to prevent accidental real API calls
…-rules, detect, languages Create service classes following the established GlossaryService pattern (client in constructor, methods forward to client). AdminService also handles the sttLimit path that previously required inline AdminClient construction in register-admin.ts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update admin, usage, style-rules, detect, and languages commands to accept service objects instead of DeepLClient directly. Update factory functions to compose client → service → command. Remove inline AdminClient construction from register-admin.ts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CacheService.get() now accepts an optional type guard function via a generic overload: get<T>(key, guard). When the guard rejects cached data (schema mismatch, corruption), the entry is logged, evicted, and null is returned. Consumers in TranslationService and WriteService pass guards instead of bare `as` casts, catching stale/corrupted cache at runtime. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
preserveCodeBlocks(), preserveVariables(), and new restorePlaceholders() are now public static on TranslationService, enabling reuse from BatchTranslationService for plain-text file batching. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
BatchTranslationService.translateFiles() now partitions files: plain text (.txt, .md) files are grouped into TranslationService.translateBatch() calls respecting the 50-text and 128KB limits, reducing HTTP round-trips from N to ceil(N/50). Structured files (.json, .yaml, .yml) continue through the existing per-file FileTranslationService path. Falls back to per-file translation when translationService is not provided, preserving full backward compatibility. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix 17 documentation issues across README.md, API.md, and package.json: - Add formal/informal formality aliases to all formality lists - Fix Hint→Suggestion error format (already correct, verified) - Correct auth output messages (saved and validated, XXXX...XXXX mask, removed) - Document FORCE_COLOR and TERM=dumb env vars in new Environment Variables section - Fix Style Rules ToC grouping (moved from Resources to Configuration) - Document --from-stdin for auth set-key in Quick Start - Document all 4 git hook types (pre-commit, pre-push, commit-msg, post-commit) - Add image formats (jpg, jpeg, png) to document formats list - Document --no-input global option in global options table - Fix regional variants list (7 variants explicitly listed) - Document --enable-minification and --preserve-formatting translate options - Document -V short flag for --version in API.md - Fix cache clear output message to match source - Add npm version badge, stability indicator, and SECURITY.md link - List --output-format valid choice (docx) explicitly in API.md - Fix detect JSON output casing to lowercase (es not ES) - Replace internal git.deepl.dev URLs with github.com/DeepLcom/deepl-cli Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix and expand example scripts: - Update GitHub Actions to v4 (18-cicd-integration.sh) - Fix debounce default to 500ms (16-watch-mode.sh) - Fix error message to match CLI validation output (06-document-format-conversion.sh) - Fix --quiet flag placement as global option before subcommand (20-custom-config-files.sh) - Complete formality options list with all 7 values (14-voice.sh) - Standardize error emoji to ❌ across all scripts - Update config paths to XDG defaults (19-configuration.sh, 20-custom-config-files.sh) - Add init setup wizard example script (28-init.sh) - Add advanced translate options example script (29-advanced-translate.sh) - Update run-all.sh and README.md with new scripts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…test Replace non-deterministic setImmediate polling loop with a deterministic sendEndOfSource mock that triggers onEndOfStream exactly when all chunks have been sent. The polling loop raced with advanceTimersByTimeAsync and real file I/O, causing 10s timeouts on slow CI machines. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Unreleased entries for 35+ documentation fixes: - README, API.md, package.json accuracy fixes - TROUBLESHOOTING.md expansion (init, 503, CheckFailed) - SECURITY.md supported versions table - CONTRIBUTING.md PR checklist and npm commands - Example script fixes and new scripts - Repository URL migration to github.com Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure CHANGELOG.md to follow Keep a Changelog standards: - Merge duplicate Added/Changed/Fixed sections within version blocks - Replace non-standard Technical/Documentation categories - Move mislabeled bug fixes from Changed to Fixed - Condense internal details to user-facing summaries - Add version comparison links footer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…test Use chunkInterval: 0 instead of 5 to bypass paceChunks timer delays, removing the fake timer / real file I/O race that caused timeouts on slow CI machines. The 200-iteration timer advancement loop is no longer needed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… publication Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Align README badges with DeepL SDK house style (CI + license only). npm badges will be added after publish (tracked in deepl-cli-ebri). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [ora](https://github.com/sindresorhus/ora) from 8.2.0 to 9.3.0. - [Release notes](https://github.com/sindresorhus/ora/releases) - [Commits](sindresorhus/ora@v8.2.0...v9.3.0) --- updated-dependencies: - dependency-name: ora dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot bot
pushed a commit
that referenced
this pull request
Feb 17, 2026
…ndefined handling Fixed 3 code quality issues from CODE_QUALITY_REVIEW_2025.md following TDD methodology: **Issue #6 (MEDIUM-HIGH): Watch service pattern matching** - Problem: Only handled *.ext patterns, other glob patterns broken - Fix: Replaced simple string matching with minimatch for proper glob support - Tests: +4 comprehensive tests for exact filenames, prefix wildcards, complex patterns - Location: src/services/watch.ts:93-108 - Dependencies: Added minimatch@^9.0.5 **Issue #11 (MEDIUM): Silent cache error recovery** - Problem: Cache corruption silently deleted entries without logging - Fix: Added console.warn() logging with key and error message - Tests: +1 test for cache corruption detection and logging - Location: src/storage/cache.ts:138-141 - Impact: Improves observability and debugging of cache issues **Issue #10 (LOW): Fragile undefined handling** - Problem: Used magic string '__UNDEFINED__' for undefined values - Fix: Don't cache undefined values at all (cleaner approach) - Tests: Updated 1 test to expect new behavior (return null for cache miss) - Location: src/storage/cache.ts:157-162 - Impact: Eliminates code smell and simplifies caching logic **Test Results:** - Total tests: 1170 (up from 1165, +5 new tests) - Test pass rate: 100% - No regressions **Remaining Issues (require significant refactoring):** - Issue #8 (MEDIUM): Redundant file system calls - Issue #9 (MEDIUM): Cache eviction efficiency All fixes follow TDD approach: RED → GREEN → REFACTOR 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
dependabot bot
pushed a commit
that referenced
this pull request
Feb 17, 2026
) TDD Cycle: RED-GREEN-REFACTOR for symlink path validation RED Phase: - Added 5 failing tests for symlink validation - Tests verify symlink rejection for files and directories - Tests verify regular files/directories still work correctly - Tests verify clear error messages GREEN Phase: - Added lstatSync check at translate() entry point before processing - lstatSync doesn't follow symlinks, allowing detection before statSync - Throws error with clear message: "Symlinks are not supported for security reasons: <path>" - Re-throws symlink errors while catching other filesystem errors - All 1454 tests passing Security Impact: - Prevents directory traversal attacks via symlinks - Blocks access to sensitive files like /etc/passwd - Prevents reading files outside intended directory scope - Example attack: ln -s /etc/passwd ~/myfile.txt && deepl translate ~/myfile.txt Implementation: - Uses fs.lstatSync() to detect symlinks (doesn't follow them) - Applies to both file and directory translation paths - Clear, actionable error messages for users Updated 2 existing tests to mock lstatSync for new validation. CHANGELOG.md updated with security enhancement details. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps ora from 8.2.0 to 9.3.0.
Release notes
Sourced from ora's releases.
Commits
44963629.3.02ab4f76Reduce flicker in rendering8d17b13Add FAQ item4cf47fcAdd more tests fordiscardStdin9763e60Document Ctrl+C behavior for discardStdin5408a1e9.2.0020eabaUpdatestdin-discarderdependency (#251)d7e3a949.1.0d2b543aSupport external writes to stream while spinning68d50e5Replacestrip-ansiwith nativestripVTControlCharacters(#249)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)