Skip to content

v0.8.43

Choose a tag to compare

View all tags
@safishamsi safishamsi released this 19 Jun 09:41
· 5 commits to v8 since this release
v0.8.43
435da06

pip install -U graphifyy / uv tool upgrade graphifyy.

Two new capabilities plus a security update and four fixes.

Features

  • Package-manifest dependency graph. apm.yml, pyproject.toml, go.mod, and pom.xml are now parsed deterministically into one canonical package node per package (keyed by name) plus depends_on edges, routed to the AST path so the LLM never sees them. Previously apm.yml was an LLM-handled document, so a package got a different file-anchored id from its own manifest than from each dependent's reference and split into duplicate nodes — now a package referenced from many manifests is a single hub. (#1377)
  • Markdown links become edges. Inline [text](./other.md) links, reference-style links, and [[wikilinks]] in markdown are now resolved (relative to the source file; external URLs / anchors / images skipped) and emitted as references edges between docs, so hub docs like index.md / table-of-contents.md actually become hubs. (#1376)

Security

  • Bumped vulnerable dependencies to patched versions: pypdf 6.11.0→6.13.3 (CVE-2026-48155/48156), yt-dlp 2026.3.17→2026.6.9, pyjwt 2.12.1→2.13.0, cryptography 48.0.0→49.0.0, python-multipart 0.0.28→0.0.32, with lower-bound floors for the direct deps so installs get the patched versions. (#1375 — thanks @hypnwtykvmpr)

Fixes

  • The semantic extract entry points (extract_corpus_parallel, extract_files_direct) crashed on str paths instead of pathlib.Path; both now coerce at entry. (#1386)
  • Community labeling now recovers from a malformed-JSON batch by splitting and retrying each half (mirroring the extract path) instead of silently dropping ~100 names per failed batch on large graphs. (#1280, #1278 — thanks @CJdev232)
  • graphify hook install no longer creates a backslash-named junk directory and reports false success when core.hooksPath is a Windows-style path under WSL — such paths are now rejected with a clear error. (#1385)

Internal

  • Node-ID normalization unified into a single graphify.ids module; the four hand-synced copies (extract, build, mcp_ingest, symbol_resolution) — root of the recurring ghost-node bug class — now share one guarded implementation. (#1378 — thanks @danielnguyenfinhub)

Full changelog: https://github.com/safishamsi/graphify/blob/v8/CHANGELOG.md

Contributors

hypnwtykvmpr, CJdev232, and danielnguyenfinhub
Assets 3
Loading