pi-lens 3.8.36 → 3.8.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/commands/booboo.ts +3 -3
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@ All notable changes to pi-lens will be documented in this file.
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [3.8.37] - 2026-05-02
8
+
9
+ ### Fixed
10
+
11
+ - **ReDoS: 3 compiler output parsers in `/lens-booboo`** — `csRe` trailing optional group `(?:\s+\[[^\]]+\])?` dropped (message capture already stops at `[`); `gleamRe` narrowed `[^:]+` → `[^:\n]+` to prevent cross-line backtracking; `zigRe` replaced `(.+)$` with `([^\n]+)` and dropped the redundant end anchor. All three flagged by SonarCloud S5852.
12
+
7
13
  ## [3.8.36] - 2026-05-02
8
14
 
9
15
  ### Changed
package/commands/booboo.ts CHANGED
@@ -1331,7 +1331,7 @@ export async function handleBooboo(
1331
1331
  );
1332
1332
  const output = (result.stdout || "") + (result.stderr || "");
1333
1333
  const csRe =
1334
- /^([^\s(]+\.cs)\((\d+),(\d+)\):\s+(error|warning)\s+([A-Z]+\d+):\s+([^[]+)(?:\s+\[[^\]]+\])?/gm;
1334
+ /^([^\s(]+\.cs)\((\d+),(\d+)\):\s+(error|warning)\s+([A-Z]+\d+):\s+([^\[]+)/gm;
1335
1335
  for (const m of output.matchAll(csRe)) {
1336
1336
  const [, file, line, col, sev, code, msg] = m;
1337
1337
  const absFile = path.isAbsolute(file)
@@ -1395,7 +1395,7 @@ export async function handleBooboo(
1395
1395
  });
1396
1396
  const output = (result.stdout || "") + (result.stderr || "");
1397
1397
  const gleamRe =
1398
- /^([^:]+):(\d+):(\d+)\s*(?:error|warning)[^\n]*\n([^\n]+)/gm;
1398
+ /^([^:\n]+):(\d+):(\d+)\s*(?:error|warning)[^\n]*\n([^\n]+)/gm;
1399
1399
  for (const m of output.matchAll(gleamRe)) {
1400
1400
  const [, file, line, col, msg] = m;
1401
1401
  const absFile = path.isAbsolute(file)
@@ -1426,7 +1426,7 @@ export async function handleBooboo(
1426
1426
  timeout: 120_000,
1427
1427
  });
1428
1428
  const output = (result.stdout || "") + (result.stderr || "");
1429
- const zigRe = /^([^:]+):(\d+):(\d+):\s*(error|warning|note):\s*(.+)$/gm;
1429
+ const zigRe = /^([^:\n]+):(\d+):(\d+):\s*(error|warning|note):\s*([^\n]+)/gm;
1430
1430
  for (const m of output.matchAll(zigRe)) {
1431
1431
  const [, file, line, col, sev, msg] = m;
1432
1432
  const absFile = path.isAbsolute(file)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pi-lens",
3
- "version": "3.8.36",
3
+ "version": "3.8.37",
4
4
  "type": "module",
5
5
  "description": "Real-time code feedback for pi \u2014 LSP, linters, formatters, type-checking, structural analysis & booboo",
6
6
  "repository": {