1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
## Post-1.2.0 (bundled-dep feature followups)
- [x] **v1.2.1/1.2.2 (bug): reconcile change-detection is version-aware.** 1.2.1 switched `reconcile_bundle_deps` to detect change via `_url_version` (parsed version, not raw URL string) but mis-parsed several real URL shapes; 1.2.2 completes it. `_url_version` strips the URL's own github repo name from the basename (handles digit/dash dep names like `lua-compat-5.3`, bare-tag package-rev suffixes like `1.52.1-0`, sha pins), and `_url_repo` is lowercased (fixes the `JuliaStrings/utf8proc` vs `juliastrings/utf8proc` case mismatch that had utf8proc reporting no-match + in the FYI). Report shows `name old-ver -> new-ver`. Verified against all 13 live neovim 0.12.4 deps: all match + current, no false change, real bump still detected. Tests T-BM17/22/23. Compares version strings only, not `NAME_SHA256`; add sha compare if a same-version-different-content case ever appears.
- [ ] add a `--special` flag to add a package to the bundled list, asking for a link to it's upstream deps list file
- [~] split `mkhint` into multiple files — **deferred (2026-07-08).** 1568 lines / 46 functions with clear section markers is under the threshold where a split pays off, and bash has no module system: "split" means `source lib/*.sh`, which complicates the single-binary VM deploy (`scp mkhint` → copy a dir + fixed libdir, or a concatenate build step) and means auditing shared globals (`REPO_DIR`, `VERSION`, `FORCE`, config-source order) crossing file boundaries. Revisit trigger: file grows toward ~2500+ lines, OR a change to one area starts breaking an unrelated one, OR you can't find where something lives. When that happens, extract ONLY the self-contained bundled-dep block (`# ── bundled-dep manifest handling ──` … `# ── end`, already has begin/end markers and its own T-BM tests) as a single `lib/bundle.sh` — do not do a full teardown.
- [ ] add a noDL column to `--list` similar to what we do with DelReq
- [x] **v1.2.4:** suppress `prompt_continuation_urls` for manifest-listed packages (Phase 2 already corrects those lines; avoids the double-touch during the primary bump)
- [x] **v1.2.5: expand nvchecker source autodetection.** `_detect_nvchecker_source` maps github/gitlab/bitbucket/gitea/codeberg/pagure (owner/repo) plus pypi/npm/gems/cratesio/cpan/hackage/packagist/cran registries in `add_nvchecker_section` (single global emitter, used by `--new` and `--check` populate). github → `use_latest_release` + commented `use_max_tag`/`prefix` fallbacks; other forges → `use_max_tag` + commented `# prefix = "v"`; registries → name from URL via `_registry_name_from_url`, fall back to PRGNAM. Unrecognised → `# TODO` stub.
- [x] **v1.2.5:** `--new`/`-n` echoes the managed nvchecker stanza fenced on stdout (added or already-present, via `_extract_nvchecker_section`).
- [x] **v1.2.5:** `--info`/`-i program`: green `category/program` header then the README, paged with sticky header (`less --header=1`) only when taller than the terminal; missing pkg exit 2, missing README `(no README)`. Handler `show_info`.
- [ ] `--check --dry-run`: report what would change across all listed packages without prompting or writing (audit before acting)
- [ ] cache the manifest per run: `reconcile_bundle_deps` currently fetches it twice (report + apply); fetch once and reuse
- [ ] verify md5 against the manifest `SHA256`: cross-check the downloaded file's sha256 against the manifest entry before writing MD5SUM (integrity check)
- [ ] config validation command (e.g. `--check-config`): sanity-check nvchecker.toml sections, bundle-manifests URLs, phantom-deps file, and that configured paths exist
- [ ] batch `--check` summary report at the end: counts of updated / bundled-deps bumped / skipped, instead of only per-package interleaved output
- [ ] check if package ships an nvchecker stanza and use that instead in case our functions would simply print the stub when adding the .hint file.
- [ ] **backslash-continuation in bundle-manifests loader.** `load_bundle_manifests` reads one physical line per entry, so a long sha-mode line (openvino: 8 `name=path` deps) can't be split across lines for readability: a trailing `\` silently breaks parsing (only the first physical line is read, `rest` becomes `\` → submodule path `%5C` → GitHub contents API 404). Fix: join `\<newline><whitespace>` → single space before parsing (shell-style continuation). Test: a continued sha-mode line parses identically to the one-line form (mode, dep count, each `name=path`). Workaround in place: openvino entry one-lined by hand on the VM.
|