build(deps): bump toml from 0.8.23 to 1.1.2+spec-1.1.0#1
Open
dependabot[bot] wants to merge 1 commit into
Open
build(deps): bump toml from 0.8.23 to 1.1.2+spec-1.1.0#1dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/cargo/toml-1.1.2spec-1.1.0
branch
3 times, most recently
from
70c6ae7 to
ca35584
Compare
TAJD
added a commit
that referenced
this pull request
May 5, 2026
cofferdam check now loads plugins declared in cofferdam.toml's
`plugins = [...]` array, runs them via a Node subprocess, and merges
the resulting findings into the engine's output. Closes the
keystone gap that gated the BrandCasing e2e fixture and unblocks the
NoHttpClient + TenantIsolation siblings.
Architecture:
- ProjectConfig grows a `plugins: Vec<PathBuf>` field, populated
from the top-level `plugins = [...]` array in cofferdam.toml. Paths
resolve relative to the config file's directory.
- cofferdam-cli embeds a self-contained `plugin-host.mjs` runner via
include_str!, materialises it to the OS temp dir on first call,
and spawns `node` with the script + a JSON manifest piped over
stdin. The manifest carries (path, text, lineViews) per file plus
the resolved plugin paths and per-check option overrides.
- Per-file LineViews are built Rust-side via cofferdam-ts::build_lines
so the host script doesn't have to reproduce the comment/string
classification logic in pure JS.
- The host imports each plugin's default export, runs `check.run`
against every file, and emits {reports, errors} as JSON on stdout.
Plugin scope filtering (cd-81a.5 extensions) is honoured.
- Reports come back with checkId/category; the CLI prefixes bare
plugin IDs with their declared category (`Warning.BrandCasing`)
so the formatter's category derivation works.
- Suppression directives (`// cofferdam-ignore: BrandCasing`) apply
to plugin findings too — the CLI re-runs the engine's suppression
parser against plugin issues, matching both the prefixed and bare
forms of the check ID.
Failure modes (all soft — built-in findings still ship):
- Node not installed or spawn fails → Warning.PluginRuntimeUnavailable.
- Plugin module fails to load → Warning.PluginLoadFailed.
- Plugin's run() throws on a file → Warning.PluginCrashed.
- Host exits non-zero or emits malformed JSON → Warning.PluginHostFailed.
Brand-casing fixture changes (cd-7e4 acceptance):
- examples-plugins/brand-casing/cofferdam.toml — config pointing at
the local plugin via `plugins = ["./"]` plus the allowedAliases
override.
- Plugin's run() loop fixed: the `isComment` short-circuit was
skipping lines with both a string literal AND a trailing `// note`
(which is every fixture line by design). Now gates on
string/jsx presence first. Adds a quote-counting helper that skips
identifier-position matches (e.g. `import { Rovikore }`).
- expected.json regenerated: 2 findings (FLAG #1 line 13 string
literal, FLAG #2 line 17 template literal). Spans round-trip to
the literal `Rovikore` bytes.
Tooling:
- scripts/regen-plugin-fixtures.mjs + scripts/check-plugin-fixtures.mjs
auto-detect a per-fixture cofferdam.toml and pass --config; the
engine's walk-up discovery starts from CWD and would otherwise
miss configs nested in fixture directories.
- .github/workflows/plugin-sdk-e2e.yml runs the full e2e:
cargo build → SDK build → bundle into plugin's node_modules →
plugin tsc → cofferdam check → JSON diff → span round-trip →
negative-fixture tsc.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/toml-1.1.2spec-1.1.0
branch
from
ca35584 to
b079469
Compare
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/cargo/toml-1.1.2spec-1.1.0
branch
3 times, most recently
from
6bf898f to
d0ed804
Compare
Bumps [toml](https://github.com/toml-rs/toml) from 0.8.23 to 1.1.2+spec-1.1.0. - [Commits](toml-rs/toml@toml-v0.8.23...toml-v1.1.2) --- updated-dependencies: - dependency-name: toml dependency-version: 1.1.2+spec-1.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/toml-1.1.2spec-1.1.0
branch
from
d0ed804 to
51ce085
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps toml from 0.8.23 to 1.1.2+spec-1.1.0.
Commits
a3d0047chore: Releasecc37615docs: Update changelog7f5e9e1fix(parser): Consolidate invalid unquoted key into one error (#1138)52feb90fix(parser): Consolidate invalid unquoted key into one erroraad85d4chore(deps): Update j178/prek-action action to v2 (#1136)8b1ac44chore(deps): Update compatible (dev) (#1135)9effd79chore(deps): Update j178/prek-action action to v29db8aadchore: Releasee55a663docs: Update changelogc11d7d7Optimisations (#1133)