fallow 3.4.2#292918
Merged
Merged
Conversation
botantony
approved these changes
Jul 13, 2026
Contributor
|
🤖 An automated task has requested bottles to be published to this PR. Caution Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Created by
brew bumpCreated with
brew bump-formula-pr.Details
release notes
fallow suppressions: a read-only inventory of every active suppression marker, grouped per file with line, kind, level, and reason, plus project totals and a stale count cross-referenced from this run's findings. Teams governing tech debt (and agents that should distrust a "clean" verdict) no longer grep forfallow-ignoreby hand. Ships with--format json(newsuppression-inventoryenvelope) and full workspace/changed/file scoping; always exits 0.list_suppressionsexposes the same inventory to agents on the MCP surface, returning the JSON envelope verbatim.Native GitHub workflow output
--format github-annotationsand--format github-summary: inline PR annotations (::error/::warning/::noticeworkflow commands) and job-summary markdown straight from the CLI, no bundled action required. Both are log-based, so they render on fork PRs without a write token.fallow report --from <results.json>: analyze once withfallow --format json -o results.json, then render annotations and the job summary from the saved envelope, byte-identical to the direct run.Monorepo CI paths
--rootis a subdirectory. GitLab's Code Quality widget matched nothing and inline review discussions were rejected when the analyzed project lived in a package subdirectory, becausecodeclimate,review-github, andreview-gitlabaddressed files relative to--root. All CI formats now share one namespace, detected via the git toplevel; pass--report-path-prefix ''to restore the old output. Single-package repositories are unaffected. See docs/backwards-compatibility.md for the classification rationale.--annotations-path-prefixis now--report-path-prefixand governs every CI-facing format; the old name keeps working as an alias.--diff-fileresolves the diff's path namespace from the diff itself, so changed-file filtering works in monorepo packages for bothgit diffconventions; a diff that parses but touches no analyzable files filters to zero findings, and an unplaceable diff warns and reports at full scope instead of producing a plausible-looking empty report. Renamed files keep theirold_pathinreview-gitlab. Thanks @Jerc92 for the diagnosis and the patch in #1808.unused-class-members accuracy
Four extraction gaps produced false positives on dependency-injection-style code, reported across three issues by adopters running the rule on real codebases:
this.#dep.method()receivers through#-private class fields now credit the target class cross-module, and same-named fields on sibling classes in one module no longer collide on a shared binding key (previously last-write-wins: only the class declared last credited its dependency's members). Thanks @martijnwalraven for the report with its isolation matrix (#1821).f().member,const { member } = f()), and opaque destructures now credit correctly. Thanks @Jerc92 for the fixes in #1811.mergeTests(...)-wrapping helper are credited, including imported<base>.extend(...)wrappers. Thanks @committedpazz for the follow-up report (#1795).items: Item[]) andPromise.all(arr.map(cb))results now types the iteration variable, sofor...ofand.mapmember accesses credit the class. Thanks @vethman for the report (#1793).Fixes and improvements
fallow audit's base-snapshot cache no longer appears ingit worktree listor IDE repo views; snapshots are unregistered immediately after materialization, and entries from earlier versions deregister automatically on the next audit with warm caches preserved. Thanks @AlonMiz for the report (#1815).$schemaat the localnode_modules/fallow/schema.jsonwhen present: offline, no VS Code trust prompt, always version-aligned. Non-npm installs keep the remote fallback. Thanks @vethman for the report (#1794).fallownpm launcher and Node bindings now require Node.js 22 or later.Full Changelog: fallow-rs/fallow@v3.3.0...v3.4.2
View the full release notes at https://github.com/fallow-rs/fallow/releases/tag/v3.4.2.