release: v0.5.8 — custom math evaluator, strict mode, dependency cleanup#85
Conversation
- Replace expr-eval with custom arithmetic evaluator (fixes high-severity vulnerability) - Enable TypeScript strict mode - Remove unused dependencies (plugin-fs, plugin-shell, @emnapi) - Fix any type in onEvent helper with proper generics - Add coverage thresholds to vitest config
|
Warning Review limit reached
Next review available in: 51 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
📝 WalkthroughWalkthroughVersion 0.5.8 replaces the Changesv0.5.8: Custom Evaluator, Strict Mode, Dependency Cleanup
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…lockfile resolution
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
AUDIT_LOG.md (1)
12-12: 📐 Maintainability & Code Quality | 🔵 TrivialClarify dependency removal claim.
The statement that
@tauri-apps/plugin-fsand@tauri-apps/plugin-shellare "not in Cargo.toml" is technically true but misleading — these are npm packages, not Rust crates, so they would never appear inCargo.toml. Consider rephrasing to clarify they were removed frompackage.jsonand were unused in the JS/TS codebase.-2. **Unused Dependency Removal**: Removed `@tauri-apps/plugin-fs`, `@tauri-apps/plugin-shell` (not in Cargo.toml), and `@emnapi/core`, `@emnapi/runtime` (not imported anywhere). +2. **Unused Dependency Removal**: Removed `@tauri-apps/plugin-fs`, `@tauri-apps/plugin-shell`, and `@emnapi/core`, `@emnapi/runtime` from `package.json` (none were imported in the JS/TS codebase).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@AUDIT_LOG.md` at line 12, The dependency removal note is misleading because it references Cargo.toml for npm packages; update the “Unused Dependency Removal” entry in AUDIT_LOG.md to clearly state that `@tauri-apps/plugin-fs` and `@tauri-apps/plugin-shell` were removed from package.json and were unused in the JS/TS codebase, while keeping `@emnapi/core` and `@emnapi/runtime` described as unused imports. Use the existing “Unused Dependency Removal” bullet to locate and reword the claim without implying Rust crate metadata.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/lib/evaluator.ts`:
- Around line 37-43: The numeric token handling in parseExpression/related
evaluator logic is too permissive and allows partial parses to be treated as
valid numbers. Tighten the NUMBER parsing path so only fully valid numeric
literals are emitted or converted, and reject malformed inputs like 1..2 instead
of falling back to parseFloat behavior. Update the affected evaluator flow and
any downstream conversion points used by VariableScope and useVariables so
invalid expressions remain strings/invalid rather than being coerced into a
number.
- Around line 154-170: Update the expression parsing in evaluator.ts so
exponentiation is right-associative and binds tighter than unary signs. The
current factor() loop and unary() ordering in the parser cause 2^3^2 and -2^2 to
be parsed incorrectly; refactor the parsing flow so power is parsed recursively
(right-associative) before unary operators are applied. Use the existing
factor(), unary(), and primary() methods as the main touchpoints, and add
regression tests covering both 2^3^2 and -2^2.
---
Nitpick comments:
In `@AUDIT_LOG.md`:
- Line 12: The dependency removal note is misleading because it references
Cargo.toml for npm packages; update the “Unused Dependency Removal” entry in
AUDIT_LOG.md to clearly state that `@tauri-apps/plugin-fs` and
`@tauri-apps/plugin-shell` were removed from package.json and were unused in the
JS/TS codebase, while keeping `@emnapi/core` and `@emnapi/runtime` described as
unused imports. Use the existing “Unused Dependency Removal” bullet to locate
and reword the claim without implying Rust crate metadata.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 9c342086-43e4-4431-b747-b9c30610e6a6
⛔ Files ignored due to path filters (2)
package-lock.jsonis excluded by!**/package-lock.jsonsrc-tauri/Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (14)
AUDIT_LOG.mdCHANGELOG.mdnotes/New Features in v0.5.8.mdpackage.jsonsrc-tauri/Cargo.tomlsrc-tauri/tauri.conf.jsonsrc/api.tssrc/hooks/useVariables.tssrc/lib/editor/MathEvaluator.tssrc/lib/editor/VariableScope.tssrc/lib/evaluator.test.tssrc/lib/evaluator.tstsconfig.app.jsonvite.config.ts
Release v0.5.8
Features & Highlights
expr-eval(unpatched high-severity vulnerability) with a custom recursive-descent arithmetic evaluator. Zero dependencies, 2KB, supports all existing math and variable features.strict: trueacross the entire codebase — catches null/type issues at compile time with zero new errors.onEventhelper generic instead of usingany, so event payloads are properly typed end-to-end.Chores & Cleanup
@tauri-apps/plugin-fs,@tauri-apps/plugin-shell,@emnapi/core,@emnapi/runtime).Version Bumps & Docs
0.5.8across frontend and Tauri backend.notes/New Features in v0.5.8.md.CHANGELOG.mdandAUDIT_LOG.md.Summary by CodeRabbit
New Features
Bug Fixes
Chores