2025 wrap-up updates

[VatsalSy]

Summary

• Updated research papers with new publications
• Updated News and History sections
• Fixed js-yaml security vulnerability (CVE-2025-64718)

Changes Made

• Added new papers to the research index
• Updated news items in News.md and history.md
• Updated js-yaml dependency to fix security vulnerability

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Updated research listings: added 2026 January and Dec 2025 items, new topic tag ("Contact line") and media/GitHub/Blog badges for multiple entries.
  • Enhanced local tooling: richer command-line options for build and deploy (clean/skip flags, port/livereload control, drafts/incremental, open-browser).

• Documentation

  • Revised News/History guidance and add-news workflow; preserved Durham relocation announcement; updated contact/location display.

• Chores

  • Added package override for js-yaml and expanded ignore patterns.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds and reorganizes news/research entries (Dec 2025, Jan 2026); updates News/history guidance and email/location display; extends package.json overrides; and introduces CLI flags, port discovery, and conditional steps in scripts/build.sh and scripts/deploy.sh.

Changes

Cohort / File(s)	Change Summary
News & History News.md, history.md	Added Jan 2026 and Dec 2025 items; removed several 2025 month sections; kept Durham relocation announcement.
Research index & entries _research/index.md	Added "Contact line" tag; added/reshuffled 2025–2026 research entries; added arXiv/GitHub/Blog/YouTube badges and media blocks.
Site content & Add-news guidance aboutCoMPhy.md, .claude/commands/add-news.md, .opencode/commands/add-news.md, CLAUDE.md	Updated location to “Durham University”; replaced mailto badge with richer email UI; expanded add-news guidance and month-ordering rules (reverse chronological) and special-announcement handling.
Build script scripts/build.sh	Added CLI parsing and show_help(); flags: --clean, --skip-seo, --skip-research, --skip-deps; conditional clean, deps install, SEO generation, and research generation; added user messages and validation.
Deploy script scripts/deploy.sh	Added CLI parsing and show_help(); port utilities (is_port_available, find_available_port, find_available_livereload_port); livereload/discovery logic; flags for port/host/livereload/drafts/incremental/open; dynamic Jekyll command assembly and enhanced user feedback.
Package manifest package.json	Added override: js-yaml: ">=4.1.1" alongside existing form-data override.
Misc / Repo .gitignore	Added .claude to ignore patterns.

Sequence Diagram(s)

sequenceDiagram
  participant User as rgba(30,144,255,0.5) User
  participant CLI as rgba(34,139,34,0.5) scripts/build.sh
  participant Deps as rgba(255,140,0,0.5) DependencyMgr
  participant SEO as rgba(148,0,211,0.5) SEO_Generator
  participant ResearchGen as rgba(220,20,60,0.5) Research_Generator
  participant Jekyll as rgba(70,130,180,0.5) Jekyll

  User->>CLI: invoke build.sh [flags]
  CLI->>CLI: parse args & validate
  alt --clean
    CLI->>CLI: remove _site & .jekyll-cache
  end
  alt not --skip-deps
    CLI->>Deps: install dependencies
    Deps-->>CLI: result
  else
    CLI-->>User: warn deps skipped
  end
  alt search_db.json exists and not --skip-seo
    CLI->>SEO: generate metadata
    SEO-->>CLI: done
  else
    CLI-->>User: warn SEO skipped/missing DB
  end
  alt not --skip-research
    CLI->>ResearchGen: generate research pages
    ResearchGen-->>CLI: done
  else
    CLI-->>User: note research generation skipped
  end
  CLI->>Jekyll: run build/serve
  Jekyll-->>User: site built/served

Loading

sequenceDiagram
  participant User as rgba(30,144,255,0.5) User
  participant DeployCLI as rgba(34,139,34,0.5) scripts/deploy.sh
  participant PortFinder as rgba(255,140,0,0.5) PortChecker
  participant Jekyll as rgba(70,130,180,0.5) Jekyll
  participant Browser as rgba(148,0,211,0.5) Browser

  User->>DeployCLI: invoke deploy.sh [--port, --livereload, --drafts, --open,...]
  DeployCLI->>DeployCLI: parse args & validate
  DeployCLI->>PortFinder: find available port(s)
  PortFinder-->>DeployCLI: port(s) chosen or error
  DeployCLI->>Jekyll: assemble JEKYLL_CMD with options
  DeployCLI->>Jekyll: start server
  alt --open
    DeployCLI->>Browser: open site URL
  end
  Jekyll-->>User: server running

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Update documentation and add recent lab news #56 — Overlaps on .claude/commands/add-news.md and news/history updates (strong file-level overlap).
• October 2025 website updates - Team, research, teaching additions #60 — Related changes to scripts/deploy.sh and port/CLI enhancements.
• vs-branch-4 #32 — Related edits to _research/index.md metadata/tags.

Poem

🐰 I hopped through changelogs, badges all aglow,
Moved months and papers where the newest go,
Scripts that pick ports and skip what you ask,
I nibbled old clutter — now the site wears a mask! 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title '2025 wrap-up updates' is vague and generic, using non-descriptive phrasing that doesn't clearly convey the specific changes made in the changeset.	Revise the title to be more specific, such as 'Add 2026 publications and update research index' or 'Update research papers, news, and fix js-yaml vulnerability' to better reflect the main changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is related to the changeset, covering research paper updates, news/history section changes, and the js-yaml security fix, though it lacks granular details about specific changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2025-wrapUp-updates

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@history.md`:
- Around line 31-34: The December 2025 section in history.md is out of
chronological order; reorder the monthly headings and their entries for the 2025
year so months run January → December (i.e., move the "### December" block to be
after the earlier months such that December is last), ensuring the entry
containing "Demirkır, Ç., Yang, R., Bashkatov, A., Sanjay, V., Lohse, D., &
Krug, D." remains intact under the relocated "### December" heading.

In `@scripts/deploy.sh`:
- Around line 67-73: Validate that option arguments for the -p|--port and --host
cases are present and correct: after parsing -p|--port or --host, check that
"$2" exists and does not begin with "-" (indicating another flag); if missing,
print a clear error and exit non‑zero. For CUSTOM_PORT also validate that the
value is numeric (e.g., a regex like '^[0-9]+$'); if not numeric, print an error
and exit. Update the -p|--port and --host parsing branches that set CUSTOM_PORT
and CUSTOM_HOST to perform these checks before assigning and shifting.

🧹 Nitpick comments (1)

scripts/build.sh (1)

33-34: Consider consolidating flag initialization for consistency.

SKIP_DEPS is initialized separately from the other flags (CLEAN_BUILD, SKIP_SEO, SKIP_RESEARCH) which are defined at lines 7-9. Moving this declaration to the same location would improve readability.

Suggested consolidation at lines 7-10

 # Parse command line arguments
 CLEAN_BUILD=false
 SKIP_SEO=false
 SKIP_RESEARCH=false
+SKIP_DEPS=false

 show_help() {

Then remove line 34.

[Copilot]

Pull request overview

This pull request updates the CoMPhy Lab website with end-of-year content including new research publications, news items, location updates to Durham University, and enhanced build/deployment scripts with additional command-line options. The PR also updates the js-yaml dependency for a security fix.

Changes:

• Enhanced build and deployment scripts with new command-line options (--clean, --skip-seo, --port, --host, etc.)
• Updated research index with new publications including 2026 content
• Updated News.md and history.md with recent publications and milestones
• Updated location information to Durham University
• Security update: js-yaml from 4.1.0 to 4.1.1

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
scripts/deploy.sh	Added command-line argument parsing for port, host, drafts, incremental builds, and browser auto-open options
scripts/build.sh	Added command-line flags for clean builds and skipping SEO/research generation steps
package.json	Added js-yaml override to version >=4.1.1 for security fix
package-lock.json	Updated js-yaml dependency from 4.1.0 to 4.1.1 and removed deprecated nested dependencies
history.md	Added 2026 section with January publication and December 2025 publication
aboutCoMPhy.md	Updated location badge from Physics of Fluids to Durham University and removed email badge
_research/index.md	Added new publications, reorganized papers with 2026 section, added new tags and GitHub links
News.md	Added 2026 section with recent publications and trimmed older news items
.claude/commands/add-news.md	Updated documentation to clarify year/month structure and special announcements handling

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 14 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The documentation states "Months within a year are in chronological order (January at top)" but this is incorrect. Looking at the actual News.md and history.md files, months within a year are in REVERSE chronological order (newest first), with December appearing before November, November before September, etc. This inconsistency could lead to incorrect news item placement when following this documentation.

Suggested change

	- Months within a year are in chronological order (January at top)
	- Months within a year are in reverse chronological order (newest first, e.g., December before November)

[Copilot]

The script builds a full shell command string in JEKYLL_CMD that includes user-controlled options like CUSTOM_HOST and then executes it via $JEKYLL_CMD, which allows shell metacharacters in the host value to be interpreted as additional commands. An attacker who can influence the --host argument (or any other option concatenated into JEKYLL_CMD) could inject arbitrary shell syntax such as ; rm -rf / that will run with the privileges of the script. To prevent command injection, avoid executing a constructed string and instead invoke bundle exec jekyll serve directly with properly quoted arguments (or a bash array) so that user-supplied values are passed as data, not as part of the shell command line.