Releases: atsyplenkov/formalist
Releases · atsyplenkov/formalist
v0.3.0
Warning
- Deprecate
Fix All Lintscommand. It will be removed in v0.4.0. The underlying{flir}package is no longer maintained; migrate to{jarl}: https://github.com/etiennebacher/jarl
NEW!!
- New configuration
formalist.ignoredPackagesto exclude specific R packages when making function calls explicit - New configuration
formalist.ignoredFunctionsto exclude specific R functions when making function calls explicit
Fix
- Quarto and R Markdown support: context menu now appears in
.qmdand.Rmdfiles (fix #7) - Fix
pedantinstallation flow (it was deadelse if) - Security: upgrade
serialize-javascriptto 7.0.5,flattedto 3.4.2,picomatchto 2.3.2, andbrace-expansionto 2.0.3
v0.2.4
v0.2.4 — Security Patch
No functional changes. This release upgrades transitive dependencies to address a Dependabot security alert.
Vulnerability
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
Affected packages in the dependency tree:
serialize-javascript— upgraded from 6.0.2 to 7.0.3minimatch— upgraded from 9.0.5 to 9.0.7
Both are transitive dependencies pulled in by mocha and @vscode/test-cli (devDependencies only). The vulnerability does not affect runtime extension code, but is resolved out of caution.
References
- GHSA-69xj-mcc2-95jq — serialize-javascript RCE
- CVE-2025-23208 — minimatch ReDoS
Install
Download formalist-0.2.4.vsix from the release assets and install via:
code --install-extension formalist-0.2.4.vsixv0.2.3-1
What's Changed
- fix extension marketplace compatibility for Code 1.108+ by changing
engines.vscodeto a semver range (^1.106.0) - fixes #11
Full Changelog: 0.2.3...0.2.3-1
v0.2.3
v0.2.2
v0.2.1
- Updated README
v0.2.0
[0.2.0] -- 2025-01-05
- New feature -- added
Fix Lintfunction
v0.1.0
v0.0.1
Initial release of the Formalist Positron extension.
⚠ It works only with the latest Positron version 2025.01.0