Releases: brafdlog/caspion
Releases · brafdlog/caspion
v2.18.2
Deps: Upgrade israeli-bank-scrapers to 6.7.4 (#756) ## Dependency Update: israeli-bank-scrapers-core ### Version Information - **Current version:** `6.7.3` - **New version:** `6.7.4` ### Changes - [View diff between versions](https://github.com/eshaham/israeli-bank-scrapers/compare/v6.7.3...v6.7.4) This PR was automatically created by the dependency update workflow. Co-authored-by: baruchiro <17686879+baruchiro@users.noreply.github.com>
v2.18.1
Fix: one failing exporter should not abort the others (#754) ## Problem When one exporter's `exportTransactions` throws, the entire export pipeline aborts: 1. Per-exporter catch block re-throws the error 2. `Promise.all(exportPromises)` rejects fail-fast 3. Other still-running exporters are orphaned 4. `log.summary()` never runs 5. `EXPORT_PROCESS_END` event never fires 6. `yarn scrape` exits non-zero A single exporter hitting a runtime error prevents all other exporters from completing, even though their work is independent. ## Fix 1. **Remove the `throw e`** in the per-exporter catch block. The outcome is already recorded via `successCount`/`failedCount` counters and the `EXPORTER_ERROR` event — re-throwing adds nothing but the fail-fast behavior. 2. **Switch `Promise.all` → `Promise.allSettled`** so an error outside the try/catch still cannot abort other exporters or skip the summary. Added unit tests covering both invariants: - one exporter throwing does not prevent the others from running - the function resolves (does not reject) with a partial result ## Verification - `yarn test:main` → 45 passed - `yarn typecheck:main` → clean - `yarn lint` → clean
v2.18.0
Upgrade: Bump lodash from 4.17.23 to 4.18.1 (#748) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v2.17.1
Deps: Upgrade israeli-bank-scrapers to 6.7.3 (#747) ## Dependency Update: israeli-bank-scrapers-core ### Version Information - **Current version:** `6.7.1` - **New version:** `6.7.3` ### Changes - [View diff between versions](https://github.com/eshaham/israeli-bank-scrapers/compare/v6.7.1...v6.7.3) This PR was automatically created by the dependency update workflow. Co-authored-by: baruchiro <17686879+baruchiro@users.noreply.github.com>
v2.17.0
Upgrade: Bump follow-redirects from 1.15.6 to 1.16.0 (#751) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.6 to 1.16.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a> Release version 1.16.0 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a> Add sensitiveHeaders option.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a> ci: add Node.js 24.x to the CI matrix</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a> ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a> Sanitizing input.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb"><code>21ef28a</code></a> Release version 1.15.11 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480"><code>7c88135</code></a> Roll back tree shaking.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb"><code>6e389ba</code></a> Release version 1.15.10 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262"><code>5bc496e</code></a> Shake me up before you go-go.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b"><code>694d6b4</code></a> Bump minimist from 1.2.5 to 1.2.8</li> <li>Additional commits viewable in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/brafdlog/caspion/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v2.16.2
Deps: Upgrade israeli-bank-scrapers to 6.7.1 (#726) ## Dependency Update: israeli-bank-scrapers-core ### Version Information - **Current version:** `6.7.0` - **New version:** `6.7.1` ### Changes - [View diff between versions](https://github.com/eshaham/israeli-bank-scrapers/compare/v6.7.0...v6.7.1) This PR was automatically created by the dependency update workflow. Co-authored-by: baruchiro <17686879+baruchiro@users.noreply.github.com>
v2.16.1
Fix: Use Documents folder for default CSV/JSON export paths (#722)
## Fix default CSV/JSON export location to prevent EROFS errors
### Plan
- [x] Explore repository structure and understand the issue
- [x] Identify the problem: default paths are relative
('transaction.csv', 'transaction.json') causing EROFS errors on macOS
- [x] Update defaultConfig.ts to use Electron app.getPath() for
Documents folder
- [x] Create utility function to generate default file paths
- [x] Add error handling with fallback to userData path
- [x] Address code review feedback (refactor to use function, remove
comments)
- [x] Run type checking and linting (both pass)
- [x] Run existing tests (all pass)
- [x] Build the application to verify integration (successful)
### Summary
Successfully fixed the EROFS error by changing the default CSV/JSON
export paths from relative paths to the user's Documents folder.
### Changes Made
1. **app-globals.ts**:
- Created `getDocumentsPath()` function with try-catch error handling
- Removed comments and redundant `documentsPath` export
- Export `defaultCsvPath` and `defaultJsonPath` using the function
2. **defaultConfig.ts**: Updated CSV and JSON file paths to use the new
default paths
### Testing & Validation
- ✅ TypeScript type checking passes
- ✅ ESLint passes
- ✅ All existing unit tests pass (43 tests)
- ✅ Main package builds successfully
- ✅ Code review feedback addressed
<!-- START COPILOT ORIGINAL PROMPT -->
<details>
<summary>Original prompt</summary>
>
> ----
>
> *This section details on the original issue you should resolve*
>
> <issue_title>Issue with scrapping transactions from
Discount</issue_title>
> <issue_description>## Details
>
> I got the error: EROFS: read-only file system, open 'transaction.csv'
> ## Log
> ```
> [2022-07-19 17:48:07.721] [info] LOGGING_IN
> [2022-07-19 17:48:09.606] [info] LOGIN_SUCCESS
> [2022-07-19 17:48:10.666] [info] TERMINATING
> [2022-07-19 17:48:10.740] [info] END_SCRAPING
> [2022-07-19 17:48:10.746] [info] Importer end
> [2022-07-19 17:48:10.758] [info] EXPORT_PROCESS_START
> [2022-07-19 17:48:10.763] [info] Starting
> [2022-07-19 17:48:10.799] [error] EROFS: read-only file system, open
'transaction.csv'
> [2022-07-19 17:48:10.805] [error] EROFS: read-only file system, open
'transaction.csv'
>
> ```
> ## System Info
>
> - Source Version: `5994cb2d871fae918e9e010943c537d7a67ece61`
> - OS: `darwinx64`
> - OS Version: `22.0.0`
> </issue_description>
>
> <agent_instructions>For both CSV and JSON, we probably need to change
the default location to less secured and more shared place
(Desktop/Downloads/Documets)</agent_instructions>
>
> ## Comments on the Issue (you are @copilot in this section)
>
> <comments>
> <comment_new><author>@baruchiro</author><body>
> Hi, thank you for reporting!
>
> It is not the first time I see this error on Mac, I think you should
change the CSV file location, just click on the CSV file textbox and
choose your desktop, for example.
>
> You're welcome to join [our Discord
channel](https://discord.gg/XWWg7xvJyS) to find people that already
solved this.</body></comment_new>
> <comment_new><author>@brafdlog</author><body>
> CSV export works for me, if this is still an issue please
reopen</body></comment_new>
> </comments>
>
</details>
<!-- START COPILOT CODING AGENT SUFFIX -->
- Fixes brafdlog/caspion#362
<!-- START COPILOT CODING AGENT TIPS -->
---
✨ Let Copilot coding agent [set things up for
you](https://github.com/brafdlog/caspion/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.
v2.16.0
Upgrade: dependabot (#721) - **Upgrade: Bump node-forge from 1.3.1 to 1.3.3** - **Upgrade: Bump playwright from 1.44.1 to 1.55.1** - **Upgrade: Bump qs from 6.12.1 to 6.14.1** - **Upgrade: Bump lodash-es from 4.17.21 to 4.17.23** - **Upgrade: Bump lodash from 4.17.21 to 4.17.23** --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v2.15.1
Deps: Upgrade israeli-bank-scrapers to 6.7.0 (#720) Upgrade israeli-bank-scrapers-core library to 6.7.0 Changes: - [Diff Link](https://github.com/eshaham/israeli-bank-scrapers/compare/v6.6.1...v6.7.0) --------- Co-authored-by: baruchiro <17686879+baruchiro@users.noreply.github.com> Co-authored-by: Baruch Odem <baruchiro@gmail.com>
v2.15.0
New: improve logging and data sanitization (#715)