Bump the npm_and_yarn group across 3 directories with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the /code directory:

Package	From	To
vite	4.5.3	5.0.13
ws	8.16.0	8.17.1
webpack	5.90.3	5.93.0
next	14.1.0	14.1.1
webpack-dev-middleware	6.1.3	7.1.0
@adobe/css-tools	4.3.3	4.4.0
follow-redirects	1.15.5	1.15.6
pug	3.0.2	3.0.3
tar	6.2.0	6.2.1

Bumps the npm_and_yarn group with 1 update in the /code/builders/builder-webpack5 directory: webpack-dev-middleware.
Bumps the npm_and_yarn group with 4 updates in the /scripts directory: vite, @adobe/css-tools, tar and undici.

Updates vite from 4.5.3 to 5.0.13

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.0.13 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (d2db33f), closes #16250

5.0.12 (2024-01-19)

• fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605
• fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

• fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361
• fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483
• fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422
• fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435
• chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475
• chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

• fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355
• fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

• fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301
• fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337
• fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286
• fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347
• fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321
• feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339
• chore: temporary typo (#15329) (7b71854), closes #15329
• perf: avoid computing paths on each request (#15318) (0506812), closes #15318
• perf: temporary hack to avoid fs checks for /@​react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

• perf: cached fs utils (#15279) (c9b61c4), closes #15279
• fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303
• fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317

... (truncated)

Commits

• 80b1b07 release: v5.0.13
• d2db33f fix: fs.deny with globs with directories (#16250)
• ee81e19 release: v5.0.12
• 91641c4 fix: fs deny for case insensitive systems (#15653)
• ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
• b44c493 release: v5.0.11
• d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
• 2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
• 5ea9edb fix(html): handle offset magic-string slice error (#15435)
• 49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates webpack from 5.90.3 to 5.93.0

Release notes

Sourced from webpack's releases.

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic
• Fixed failed to resolve promise when eager import a dynamic cjs
• Avoid generation extra code for external modules when remapping is not required
• The css/global type now handles the exports name
• Avoid hashing for @keyframe and @property at-rules in css/global type
• Fixed mangle with destructuring for JSON modules
• The stats.hasWarnings() method now respects the ignoreWarnings option
• Fixed ArrayQueue iterator
• Correct behavior of __webpack_exports_info__.a.b.canMangle
• Changed to the correct plugin name for the CommonJsChunkFormatPlugin plugin
• Set the chunkLoading option to the import when environment is unknown and output is module
• Fixed when runtimeChunk has no exports when module chunkFormat used
• [CSS] Fixed parsing minimized CSS import
• [CSS] URLs in CSS files now have correct public path
• [CSS] The css module type should not allow parser to switch mode
• [Types] Improved context module types

New Features

• Added platform target properties to compiler
• Improved multi compiler cache location and validating it
• Support import attributes spec (with keyword)
• Support node: prefix for Node.js core modules in runtime code
• Support prefetch/preload for module chunk format

... (truncated)

Commits

• 277460b chore(release): 5.93.0
• 76ab754 fix: relative path to runtime chunks
• 40b1a77 test: added
• 080e54f fix: relative path to runtime chunks
• 7764e38 chore(deps-dev): bump eslint from 9.5.0 to 9.6.0
• 22738f3 chore(deps-dev): bump eslint from 9.5.0 to 9.6.0
• 1a27b9e fix: contenthash for css generator options
• e716d44 chore(deps-dev): bump @​eslint/js from 9.5.0 to 9.6.0
• 7a34330 chore(deps-dev): bump typescript from 5.5.2 to 5.5.3
• 974752f chore(deps-dev): bump globals from 15.6.0 to 15.8.0
• Additional commits viewable in compare view

Updates next from 14.1.0 to 14.1.1

Commits

• 5f59ee5 v14.1.1
• f48b90b even more
• 7f789f4 more timeout
• ab71c4c update timeout
• 75f60d9 update trigger release workflow
• 74b3f0f Server Action tests (#62655)
• a6946b6 Backport metadata fixes (#62663)
• 4002f4b Fix draft mode invariant (#62121)
• 7dbf6f8 fix: babel usage with next/image (#61835)
• 3efc842 Fix next/server apit push alias for ESM pkg (#61721)
• Additional commits viewable in compare view

Updates webpack-dev-middleware from 6.1.3 to 7.1.0

Release notes

Sourced from webpack-dev-middleware's releases.

v7.1.0

7.1.0 (2024-03-19)

Features

• prefer to use fs.createReadStream over fs.readFileSync to read files (ab533de)

Bug Fixes

• cleaup stream and handle errors (#1769) (1258fdd)
• security: do not allow to read files above (#1771) (e10008c)

v7.0.0

7.0.0 (2023-12-26)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#1694)
• updated memfs@4 (#1693)

Changelog

Sourced from webpack-dev-middleware's changelog.

7.1.0 (2024-03-19)

Features

• prefer to use fs.createReadStream over fs.readFileSync to read files (ab533de)

Bug Fixes

• cleaup stream and handle errors (#1769) (1258fdd)
• security: do not allow to read files above (#1771) (e10008c)

7.0.0 (2023-12-26)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#1694)
• updated memfs@4 (#1693)

Features

• updated memfs@4 (#1693) (244d9f8)

• minimum supported Node.js version is 18.12.0 (#1694) (e273d61)

6.1.1 (2023-05-16)

Bug Fixes

• types: methods should be string array (#1550) (41b2f77)

6.1.0 (2023-05-03)

Features

• added mimeTypeDefault option (#1527) (503d290)
• added modifyResponseData option (#1529) (35dac70)

Bug Fixes

• don't use memory-fs when writeToDisk is true (#1537) (852245e)
• faster startup time (f5f033b)

6.0.2 (2023-03-19)

... (truncated)

Commits

• 3d94e45 chore(release): 7.1.0
• e10008c fix(security): do not allow to read files above (#1771)
• ab533de feat: prefer to use fs.createReadStream over fs.readFileSync to read files
• 1258fdd fix: cleaup stream and handle errors (#1769)
• 22ec9ad chore(deps-dev): bump @​commitlint/cli from 19.2.0 to 19.2.1 (#1768)
• 1a104bd chore(deps-dev): bump @​types/node from 20.11.28 to 20.11.29 (#1767)
• 60ef106 chore(deps-dev): bump @​types/node from 20.11.27 to 20.11.28 (#1766)
• e42571c chore(deps-dev): bump @​commitlint/cli from 19.1.0 to 19.2.0 (#1765)
• 1fa9029 chore(deps-dev): bump @​types/node from 20.11.26 to 20.11.27 (#1764)
• 10df4ad chore(deps-dev): bump @​commitlint/config-conventional (#1763)
• Additional commits viewable in compare view

Updates @adobe/css-tools from 4.3.3 to 4.4.0

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.0 / 2024-06-05

• add support for @​starting-style #319

Commits

• See full diff in compare view

Updates follow-redirects from 1.15.5 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• See full diff in compare view

Updates pug from 3.0.2 to 3.0.3

Release notes

Sourced from pug's releases.

[email protected]

Bug Fixes

• Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options (#3438)

[email protected]

Bug Fixes

• Update pug-code-gen with the following fix: (#3438)

  Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

Commits

• 32acfe8 fix: ensure template names are valid identifiers (#3438)
• 4767caf refactor: convert pug-error to TypeScript (#3355)
• a724446 chore: update character-parser (#3354)
• 6cca8f7 docs: fix GitHub format in README (#3335)
• See full diff in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates webpack-dev-middleware from 6.1.3 to 7.2.1

Release notes

Sourced from webpack-dev-middleware's releases.

v7.1.0

7.1.0 (2024-03-19)

Features

• prefer to use fs.createReadStream over fs.readFileSync to read files (ab533de)

Bug Fixes

• cleaup stream and handle errors (#1769) (1258fdd)
• security: do not allow to read files above (#1771) (e10008c)

v7.0.0

7.0.0 (2023-12-26)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#1694)
• updated memfs@4 (#1693)

Changelog

Sourced from webpack-dev-middleware's changelog.

7.1.0 (2024-03-19)

Features

• prefer to use fs.createReadStream over fs.readFileSync to read files (ab533de)

Bug Fixes

• cleaup stream and handle errors (#1769) (1258fdd)
• security: do not allow to read files above (#1771) (e10008c)

7.0.0 (2023-12-26)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#1694)
• updated memfs@4 (#1693)

Features

• updated memfs@4 (#1693) (244d9f8)

• minimum supported Node.js version is 18.12.0 (#1694) (e273d61)

6.1.1 (2023-05-16)

Bug Fixes

• types: methods should be string array (#1550) (41b2f77)

6.1.0 (2023-05-03)

Features

• added mimeTypeDefault option (#1527) (503d290)
• added modifyResponseData option (#1529) (35dac70)

Bug Fixes

• don't use memory-fs when writeToDisk is true (#1537) (852245e)
• faster startup time (f5f033b)

6.0.2 (2023-03-19)

... (truncated)

Commits

• 3d94e45 chore(release): 7.1.0
• e10008c fix(security): do not allow to read files above (#1771)
• ab533de feat: prefer to use fs.createReadStream over fs.readFileSync to read files
• 1258fdd fix: cleaup stream and handle errors (#1769)
• 22ec9ad chore(deps-dev): bump @​commitlint/cli from 19.2.0 to 19.2.1 (#1768)
• 1a104bd chore(deps-dev): bump @​types/node from 20.11.28 to 20.11.29 (#1767)
• 60ef106 chore(deps-dev): bump @​types/node from 20.11.27 to 20.11.28 (#1766)
• e42571c chore(deps-dev): bump @​commitlint/cli from 19.1.0 to 19.2.0 (#1765)
• 1fa9029 chore(deps-dev): bump @​types/node from 20.11.26 to 20.11.27 (#1764)
• 10df4ad chore(deps-dev): bump @​commitlint/config-conventional (#1763)
• Additional commits viewable in compare view

Updates vite from 5.1.0 to 5.3.3

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.0.13 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (d2db33f), closes #16250

5.0.12 (2024-01-19)

• fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605
• fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

• fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361
• fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483
• fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422
• fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435
• chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475
• chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

• fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355
• fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

• fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301
• fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337
• fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286
• fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347
• fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321
• feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339
• chore: temporary typo (#15329) (7b71854), closes #15329
• perf: avoid computing paths on each request (#15318) (0506812), closes #15318
• perf: temporary hack to avoid fs checks for /@​react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

• perf: cached fs utils (#15279) (c9b61c4), closes #15279
• fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303
• fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317

... (truncated)

Commits

• 80b1b07 release: v5.0.13
• d2db33f fix: fs.deny with globs with directories (#16250)
• ee81e19 release: v5.0.12
• 91641c4 fix: fs deny for case insensitive systems (#15653)
• ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
• b44c493 release: v5.0.11
• d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
• 2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
• 5ea9edb fix(html): handle offset magic-string slice error (#15435)
• 49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
• Additional commits viewable in compare view

Updates postcss from 8.4.35 to 8.4.39

Release notes

Sourced from postcss's releases.

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

Changelog

Sourced from postcss's changelog.

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

Commits

• e0efb16 Release 8.4.39 version
• 48304c5 Update dependencies
• 155ac57 Merge pull request #1947 from romainmenke/fix-css-syntax-error-type--reliable...
• 1b9b466 fix CssSyntaxError type declaration
• 3f4d96e Update dependencies
• b952be7 Update CI actions
• b512b29 Typo
• f9a9868 Move to pnpm 9 and Node.js 22
• 79052c2 Merge pull request #1940 from Xvezda/patch-1
• 0eedad4 Update changed urls
• Additional commits viewable in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.0

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.0 / 2024-06-05

• add support for @​starting-style #319

Commits

• See full diff in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates undici from 5.27.2 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

• Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

• fix: remove optional chainning for compatible with Nodejs12 and below by @​bugb in nodejs/undici#2470
• fix: remove node: prefix by @​tsctx in nodejs/undici#2471
• perf: avoid Headers initialization by @​tsctx in nodejs/undici#2468
• fix: handle SharedArrayBuffer correctly by @​tsctx in nodejs/undici#2466
• fix: Add null type to signal in RequestInit by @​gebsh in nodejs/undici#2455
• fix: correctly handle data URL with hashes. by @​tsctx in nodejs/undici#2475
• fix: check response for timinginfo allow flag by @​ToshB in nodejs/undici#2477
• Make call to onBodySent conditional in RetryHandler by @​MzUgM in nodejs/undici#2478
• refactor: better integrity check by @​tsctx in nodejs/undici#2462
• fix: Added support for inline URL username:password proxy auth by @​matt-way in nodejs/undici#2473
• build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @​dependabot in nodejs/undici#2472
• build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @​dependabot in nodejs/undici#2405
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @​dependabot in nodejs/undici#2396
• build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @​dependabot in nodejs/undici#2395
• build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @​dependabot in nodejs/undici#2392
• build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @​dependabot in nodejs/undici#2389
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @​dependabot in

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[dependabot]

Superseded by #5.