build(deps): bump csvs_convert from 0.8.9 to 0.8.10#1808
Merged
jqnatividad merged 1 commit intomasterfrom May 10, 2024
Merged
Conversation
Bumps [csvs_convert](https://github.com/kindly/csvs_convert) from 0.8.9 to 0.8.10. - [Changelog](https://github.com/kindly/csvs_convert/blob/main/changelog.md) - [Commits](https://github.com/kindly/csvs_convert/commits) --- updated-dependencies: - dependency-name: csvs_convert dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
jqnatividad
added a commit
that referenced
this pull request
Apr 29, 2026
- stdout/--output mode now warns and passes input through unchanged when the row is out of range (exit 0); --in-place still errors so the .bak rename is skipped - Refuse to overwrite a pre-existing .bak file in --in-place mode - Use checked_add on row+1 to avoid usize::MAX overflow - Document new --in-place .bak collision behavior and stdout warn-vs-error semantics in USAGE - Add tests for unknown column name, --in-place out-of-range row, stdout out-of-range row pass-through, and pre-existing .bak collision Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jqnatividad
added a commit
that referenced
this pull request
Apr 29, 2026
…o-ops (#3786) * edit: review-driven fixes for --in-place, bounds checks, and silent no-ops - Remove vestigial extension() guard so --in-place works on extensionless files - Reject --in-place with stdin or missing input instead of mis-renaming "-" - checked_sub on headers.len() avoids underflow when column == "_" on empty headers - Numeric column index out of range now errors instead of silently no-op'ing - Track row match; emit "Row N not found." instead of silently rewriting unchanged - Only allocate NamedTempFile when --in-place is set - Build target row via single ByteRecord instead of per-field write loop - Add tests for extensionless in-place, stdin rejection, and out-of-range row/column Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: address roborev #1808 review findings - stdout/--output mode now warns and passes input through unchanged when the row is out of range (exit 0); --in-place still errors so the .bak rename is skipped - Refuse to overwrite a pre-existing .bak file in --in-place mode - Use checked_add on row+1 to avoid usize::MAX overflow - Document new --in-place .bak collision behavior and stdout warn-vs-error semantics in USAGE - Add tests for unknown column name, --in-place out-of-range row, stdout out-of-range row pass-through, and pre-existing .bak collision Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: address roborev #1810 review findings - Replace TOCTOU exists-check with hard_link reservation so a concurrent process can't clobber an existing .bak between the check and the rename - Reword stdout warning to "input passed through unchanged" since --output does write a file (just unmodified relative to input) - Test stdout pass-through now also asserts the stderr warning is emitted Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: address roborev #1811 portability and atomicity findings - Replace hard_link reservation with create_new on the .bak path: works on FAT32/exFAT/SMB filesystems where hard_link is unsupported, while still closing the TOCTOU window - Reject symlinks for --in-place up front rather than silently resolving through them and leaving a hard-linked backup pointing at the target - Place the tempfile in the input's parent directory and persist it via rename so input_path is never missing during the swap (no gap window) - Add unix-only test that --in-place rejects symlinks and leaves both the symlink target and any .bak paths untouched - Document symlink rejection in USAGE Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: address roborev #1812 follow-up findings - Roll back the .bak rename if tempfile.persist fails so the user isn't left with a missing input_path; surface backup location in the error - Correct the comment to acknowledge a small window (two renames) rather than claim "no gap" - Narrow USAGE wording from "Symlinks" to "Symbolic links" and note that other Windows reparse points (junction points) are not detected Coverage for the new create_new path is already exercised end-to-end by edit_in_place + edit_in_place_existing_bak_errors (both AlreadyExists and success branches). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: address roborev #1813 polish on rollback path - Branch the persist-failure error message on the actual rollback result ("original restored from <bak>" vs "rollback also failed ...; original remains at <bak>") so the user gets a deterministic statement about where their data is, instead of an ambiguous parenthetical - Add an inline rationale for accepting the small two-rename window (copy-then-persist would double disk I/O on every successful edit) so future readers don't try to "fix" it again - Note inline that the persist-failure rollback branch is not directly covered by automated tests because reliably forcing the failure requires platform-specific filesystem manipulation Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * edit: document Windows rename-replaces-destination behavior Inline citation of std::fs::rename's documented cross-platform replace behavior so future reviewers don't flag the create_new placeholder + rename pattern as broken on Windows. The only refused case is directory-on-directory, which doesn't apply to our regular-file placeholder. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps csvs_convert from 0.8.9 to 0.8.10.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)