circle-ir-ai 2.13.2 → 2.13.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +37 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,43 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.13.4] - 2026-06-21
|
|
9
|
+
|
|
10
|
+
### Changed — bump circle-ir 3.85.1 → 3.86.0
|
|
11
|
+
|
|
12
|
+
Picks up circle-ir@3.86.0. No source changes in circle-ir-ai for this
|
|
13
|
+
bump — the engine API surface circle-ir-ai consumes is unchanged.
|
|
14
|
+
|
|
15
|
+
Restores the uniform-pinning invariant from CLAUDE.md ("circle-ir
|
|
16
|
+
pinned uniformly across circle-ir-ai / cognium-ai / circle-pack /
|
|
17
|
+
mcp-server"). cognium-ai 2.15.0 had to short-circuit this with an
|
|
18
|
+
`overrides` field to ship cognium-ai#113 + #114 against 3.86.0; the
|
|
19
|
+
follow-up cognium-ai 2.15.1 will pick up `^2.13.4` and drop the
|
|
20
|
+
override.
|
|
21
|
+
|
|
22
|
+
Verification:
|
|
23
|
+
- `npm run typecheck` clean
|
|
24
|
+
- `npm test` — **848 / 848 passed (3 skipped)** on circle-ir 3.86.0
|
|
25
|
+
|
|
26
|
+
## [2.13.3] - 2026-06-21
|
|
27
|
+
|
|
28
|
+
### Changed — bump circle-ir 3.85.0 → 3.85.1
|
|
29
|
+
|
|
30
|
+
Hotfix pickup. Resolves the 4-gate hardcoded-credential-entropy perf
|
|
31
|
+
regression filed in cogniumhq/cognium-dev#126 — top-20 Java OSS harness
|
|
32
|
+
hit 2.7×–14.5× scan-time slowdowns + 30-min timeouts on string-constant-heavy
|
|
33
|
+
files (gson, Hystrix, openapi-generator, hutool) on 3.85.0, while
|
|
34
|
+
zxing was unaffected. Heterogeneity localised the bottleneck to Gate 3's
|
|
35
|
+
string-array constant-table span walker. 3.85.1 ships the engine-side
|
|
36
|
+
fix; entropy FP elimination from 3.85.0 is preserved.
|
|
37
|
+
|
|
38
|
+
Verification:
|
|
39
|
+
- `npm run typecheck` clean
|
|
40
|
+
- `npm test` — no regressions
|
|
41
|
+
|
|
42
|
+
No source changes in this package; effect is fully delivered by the
|
|
43
|
+
upstream walker fix in circle-ir.
|
|
44
|
+
|
|
8
45
|
## [2.13.2] - 2026-06-20
|
|
9
46
|
|
|
10
47
|
### Changed — bump circle-ir 3.84.0 → 3.85.0
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir-ai",
|
|
3
|
-
"version": "2.13.
|
|
3
|
+
"version": "2.13.4",
|
|
4
4
|
"description": "LLM-enhanced SAST analysis built on circle-ir",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|
|
@@ -95,7 +95,7 @@
|
|
|
95
95
|
"dependencies": {
|
|
96
96
|
"@ax-llm/ax": "^20.0.0",
|
|
97
97
|
"@mastra/core": "^1.18.0",
|
|
98
|
-
"circle-ir": "3.
|
|
98
|
+
"circle-ir": "3.86.0",
|
|
99
99
|
"minimatch": "^10.2.5",
|
|
100
100
|
"p-queue": "^9.1.0"
|
|
101
101
|
},
|