build(deps): bump actions/checkout from 4 to 6#3
Open
dependabot[bot] wants to merge 161 commits into
Open
Conversation
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 4 to 7. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v4...v7) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…sh/setup-uv-7 Bump astral-sh/setup-uv from 4 to 7
…/checkout-6 Bump actions/checkout from 4 to 6
- Add `dirplot termsize` to report terminal size in chars and pixels - Rename the treemap command to `map` (dirplot map <root>) - Refactor terminal.py: extract get_terminal_size() returning cols/rows/px - Update README usage examples and add drag-out tip for inline images - Update tests to use new subcommand names; add test_cli_termsize
- New `src/dirplot/ssh.py` with `build_tree_ssh()`, `connect()`, `load_ssh_config()`, and URI parsing helpers - CLI accepts `ssh://user@host/path` and `user@host:/path` as root - New options: `--ssh-key`, `--ssh-password`, `--depth` - Reads `~/.ssh/config` for host aliases, ports, and identity files - paramiko kept as an optional dependency (`pip install dirplot[ssh]`) - 17 unit tests (mock-based) + 3 localhost integration tests (auto-skip) - SSH_DESIGN.md documents the approach and API mapping - README: new Remote Access section and feature list entry
- New src/dirplot/s3.py with build_tree_s3(), make_s3_client(), is_s3_path(), parse_s3_path(); uses list_objects_v2 with Delimiter for directory-level pagination via boto3 - --no-sign flag for anonymous access to public buckets - --aws-profile flag (also reads AWS_PROFILE env var) - boto3 kept as optional dependency (pip install dirplot[s3]) - 18 unit tests covering flat listing, recursion, pagination, depth limit, excludes, dir marker skipping, zero-size handling - REMOTE-ACCESS.md: full SSH and S3 docs with auth, options, Python API, public buckets table, and depth warning - README: Remote Access section condensed to a short summary linking to REMOTE-ACCESS.md
build_tree() now accepts a depth parameter with the same semantics as the remote backends: None means unlimited, depth=1 lists direct children without recursing into subdirectories.
- New src/dirplot/github.py using the Git trees API (recursive=1) fetches the full tree with file sizes in a single request - Accepts github:owner/repo[@Branch] and https://github.com/... URLs - Auth via --github-token / GITHUB_TOKEN env var; public repos work without a token (60 unauthenticated req/h limit) - Truncation warning when repo exceeds GitHub's tree API limit - No new dependency — uses urllib from stdlib - 16 unit tests with mocked HTTP responses - REMOTE-ACCESS.md: GitHub section with usage, auth, options, rate-limit note, and Python API example - README: feature bullet and Remote Access snippet updated
- New src/dirplot/archives.py with readers for zip/tar/7z/rar and
ZIP-based synonyms (jar, war, ear, whl, apk, epub, xpi)
- Detection via is_archive_path(); hooked into main.py between SSH and
local-dir branches, with existence/is-file guards and help-text updates
- Intermediate directories synthesised when archives omit them; dotfiles
skipped; depth and exclude supported
- Fix: _read_tar used lstrip("./") which corrupted dotfile member names
- Fix: rar a requires -r to recurse into subdirectories
- Add scripts/make_fixtures.py to regenerate tests/fixtures/sample.*
- Add session-scoped sample_archives fixture in tests/conftest.py
- Commit tests/fixtures/ sample archives (17 formats) for reproducibility
- ARCHIVES.md documents formats, dependencies, macOS Gatekeeper fix,
password-protected archives (unsupported), and --exclude behaviour
- pyproject.toml: add py7zr, rarfile deps; update description; mypy overrides
Add SVG output via --format svg or --output *.svg (auto-detected). The generated file is fully self-contained: - CSS hover highlight: .tile/:hover brightens with drop-shadow, .dir-tile/:hover brightens directory headers - JS floating tooltip: semi-transparent panel tracks the cursor and shows name, human-readable size, and file type / item count; all logic embedded in the SVG, no external dependencies - Van Wijk cushion shading approximated by a single diagonal linearGradient (gradientUnits="objectBoundingBox"), defined once and shared across all tiles; matches the x1.20/x0.80 range of the PNG renderer; disabled with --no-cushion Also adds create_treemap_svg() to the public Python API, drawsvg>=2.4 as a core dependency, and 41 new tests.
apply_log_sizes now saves each node's real byte count in Node.original_size before overwriting node.size with the log value. The SVG renderer reads original_size (when non-zero) for data-size attributes, so tooltips always display the actual file size regardless of whether --log was used for layout. The field is also available to the PNG renderer for any future use (e.g. showing real sizes in tile labels).
_api_get now distinguishes the three common failure modes: - 401: token invalid or expired - 403: rate-limit exceeded (60 req/h unauthenticated, 5,000 with token) vs. private-repo permissions failure — detected by reading the response body - 404: resource not found, now also hints that private repos need a token (GitHub returns 404, not 403, for unauthenticated private-repo access) build_tree_github errors are caught in main.py and printed as a single "Error: …" line to stderr with exit code 1 instead of a raw traceback. Also documents --github-token and GITHUB_TOKEN in the README, including a link to GitHub's guide on creating personal access tokens.
Introduces docker://container:/path syntax to scan the filesystem of any running Docker container via docker exec + find, without copying files out of the container. - Works with GNU find (Debian/Ubuntu/RHEL) and BusyBox find (Alpine) - Skips virtual filesystems (/proc, /sys, /dev) via -xdev - Supports --exclude, --depth, --log and all other standard options - Adds Dockerfile and .dockerignore so the project itself is a scan target - Full unit and integration test suite in tests/test_docker.py
…verhaul - Add Kubernetes pod scanning via pod://pod-name[@namespace]/path using kubectl exec + find. Supports --k8s-namespace and --k8s-container flags. Omits -xdev so mounted volumes (emptyDir, PVC) are traversed. Falls back to a portable sh + stat loop on BusyBox/Alpine pods automatically. - Switch GitHub scanning to github://owner/repo scheme; remove the old github: shorthand. https://github.com/... URLs continue to work. - Add 1-px dark outline on file tiles so same-coloured tiles (e.g. a directory of extension-less files) are always visually distinct. - Rename docs/REMOTE-ACCESS.md to docs/EXAMPLES.md; add Docker and Kubernetes pod sections with roundtrip examples, options tables, Python API snippets, and captioned output images. - Add docs/{fastapi,flask,python,pypy,s3,docker,k8s}.png example images and scripts/make_docs_images.sh to reproduce them.
- Add libarchive-c backend for .iso, .cpio, .xar, .pkg, .dmg, .img, .rpm, .cab, .lha/.lzh, .a/.ar, .tar.zst/.tzst formats - Add ZIP-based aliases: .nupkg, .vsix, .ipa, .aab - Add PasswordRequired exception; thread password parameter through all archive readers (_read_zip, _read_rar, _read_7z, _read_libarchive) - Add --password CLI option with interactive prompt fallback when an encrypted archive is opened without a password - Add encrypted archive fixtures and tests documenting per-format encryption behaviour (7z, zip, rar) - Add ARCHIVES.md with full format table and install notes - Add API stability warning to README and EXAMPLES docs - Update CHANGELOG
… placement - Legend now shows file counts (not total sizes), single-column layout with right-aligned counts, +N overflow row, and correct corner placement - _best_corner used for both PNG and SVG legend placement - legend parameter changed from bool to int|None (max entries) - --legend bare flag defaults to 20 via _inject_legend_default in __main__.py - GitHub: parse_github_path returns 4-tuple with subpath; build_tree_github and _items_to_tree accept subpath to root the tree at a subdirectory - Add test_version_flag; update parse_github_path tests for new signature - SECURITY.md: bump supported version to 0.3.x
The top-level directory label now reads: myproject — 124 files, 18 dirs, 4.0 MB (4,231,680 bytes) - Add count_nodes() to scanner.py returning (n_files, n_dirs) - Add _human_bytes() helper (B/KB/MB/GB/TB, no new dependency) - draw_node() and _draw_node_svg() accept root_label kwarg that overrides the header text for the root tile only - create_treemap() and create_treemap_svg() compute and inject the label
- Pin base image to python:3.12.13-slim (reproducible builds) - Pin uv to 0.11.3 (matches dev environment) - Remove dev and docker extras from install (no test tools; docker needs no Python dep) - Add non-root user (useradd app, USER app) - Replace sleep infinity with python time.sleep (portable across images) - Extend .dockerignore: *.mp4, *.apng, *.mov, misc/, scripts/, docs/, examples/
- mkdocs.yml with Material theme, nav, search - docs/index.md (README copy with fixed relative links) - .github/workflows/pages.yml deploys on push to main via uvx - Remove docs/README.md (superseded by index.md)
- Remove --animate; --range or --period now triggers animation mode - Rename --max-commits to --first; add --last N (newest N commits) - Rename --last PERIOD to --period - --period without --range: animates commits within period of now - --period with --range: filters relative to range-end timestamp - --first/--last slice post-fetch in Python (not via git log -n) - --first no longer controls clone depth when --range is given - --inline supported in single-frame mode (no --range/--period) - @ref syntax accepted on HTTPS GitHub URLs (owner/repo@v1.0) - APNG output uses .png extension (not .apng)
- Update existing tests: --range/--period instead of --animate/--last, --first instead of --max-commits, .png output instead of .apng - Add @ref HTTPS GitHub URL parsing test - Add validation error tests: --inline+--range, --first+--last, --first/--last without animation mode, missing --output - Add --last N functional test and --first vs --last ordering test - Add hg --period tests (zero coverage before) - Add hg --first/--last tests with 3-changeset fixture
…terface - Rewrite dirplot git section: single-frame vs animation modes, new flags (--period, --first, --last, --inline), URL format table - Add dirplot hg section (was missing from CLI.md) - Update EXAMPLES.md Git History Animation section to match - Explain that bare branch name animates all commits vs A..B range - Replace --range HEAD with --range main throughout - Update demo table in CLI.md - Update quick-start examples in README and docs/index.md - Add all git/hg interface changes to CHANGELOG [0.4.4] (date: 2026-05-15) - Fix duplicate ### Added/### Changed headers in [0.4.4]
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)