[pull] main from yamadashy:main#317
Merged
pull[bot] merged 24 commits intoakadop:mainfrom Feb 24, 2026
Merged
Conversation
…tion The previous ZIP-based archive download used fflate's in-memory extraction, which failed on large repositories (e.g. facebook/react) due to memory constraints and ZIP64 limitations. Switch to tar.gz format with Node.js built-in zlib + tar package, enabling a full streaming pipeline (HTTP response -> gunzip -> tar extract -> disk) with no temporary files and constant memory usage regardless of repo size. Key changes: - Replace fflate with tar package for archive extraction - Change archive URLs from .zip to .tar.gz - Use streaming pipeline instead of download-then-extract - Leverage tar's built-in strip and path traversal protection - Explicitly destroy streams after pipeline for Bun compatibility - Use child_process runtime under Bun to avoid worker_threads hang
The workaround that forced child_process runtime under Bun was added to prevent hangs caused by fileCollect worker threads. Since fileCollect has been migrated to a promise pool on the main thread, the hang no longer occurs and this workaround is unnecessary.
The streaming tar.gz extraction no longer uses temporary files, making this filename generation function unnecessary.
The pipeline catch block was wrapping all errors with 'Failed to extract' prefix, causing the retry logic to treat transient network errors (ECONNRESET, ETIMEDOUT) as non-retryable extraction errors. Remove the catch wrapper so errors propagate as-is, allowing the retry loop to handle network failures correctly.
Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.17.1 to 8.18.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
With the streaming pipeline, errors propagate as native Error objects rather than RepomixError, so the isExtractionError check was always false. Retrying extraction errors is acceptable since the retry loop is bounded to 3 attempts.
…-gz-streaming perf(core): Replace ZIP archive with streaming tar.gz extraction
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.4 to 5.3.6. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.6) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.3.6 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.4 to 5.3.6. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.6) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.3.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ability chore(deps): update dependency minimatch to v10.2.1 [security]
chore(deps): update dependency hono to v4.11.10 [security]
…pendencies chore(deps): update dependency @types/node to ^24.10.13
…pendencies chore(deps): update browser non-major dependencies
…vulnerability chore(deps): update dependency fast-xml-parser to v5.3.6 [security]
…de-action-1.x chore(deps): update anthropics/claude-code-action action to v1.0.52
…xml-parser-5.3.6 chore(deps): bump fast-xml-parser from 5.3.4 to 5.3.6
…te/server/fast-xml-parser-5.3.6 chore(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 in /website/server
…te/server/ajv-8.18.0 chore(deps): bump ajv from 8.17.1 to 8.18.0 in /website/server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )