The js-ts-class E2E test was flaky because n=100 is too small for
the O(n²)→O(n) optimization to overcome Map/Set per-operation overhead.
At n=100, the LLM correctly generates a Map-based O(n) solution but it
benchmarks as slower (-10.6%) due to constant factor dominance.
Bump to n=10,000 so the algorithmic improvement produces measurable
speedup, making the 30% E2E threshold reliably achievable.
Upgrade Python deps via uv sync --upgrade (werkzeug, filelock for py>=3.10,
and others). Run npm audit fix across JS test fixtures to patch minimatch
and rollup vulnerabilities.
Remaining unfixable:
- filelock <3.20.3 for py<3.10 (patched version requires py>=3.10)
- serialize-javascript in mocha ^10 (fix requires mocha 11 breaking change)
Resolve 12 Dependabot security alerts by constraining vulnerable packages
to Python 3.10+ where patches are available:
Python dependencies:
- filelock: Pin <3.20.3 for Python 3.9, >=3.20.3 for Python 3.10+
(fixes TOCTOU symlink vulnerabilities CVE-2024-XXXXX)
- tensorflow: Only install on Python 3.10+ (brings keras >=3.12.1, pillow >=12.1.1)
(fixes 8 high-severity keras vulnerabilities including arbitrary code execution,
directory traversal, and 1 high-severity pillow out-of-bounds write)
JavaScript dependencies:
- vitest: Update to latest (4.0.18) in test fixture directory
(fixes moderate-severity esbuild SSRF vulnerability GHSA-67mh-4wv8-2f99)
Python 3.9 notes:
- filelock 3.19.1 has known TOCTOU vulnerabilities (medium severity)
- tensorflow/keras/pillow excluded from Python 3.9 test dependencies
- Python 3.9 reached EOL in October 2025, vulnerabilities are expected
All high-severity vulnerabilities are resolved for Python 3.10+.
Python 3.9 users should upgrade to 3.10+ for full security patches.
Loop index now represents how many times all test files ran (batch count)
instead of per-invocation index. Also fixes Date.now() usage when random
seed is active and removes JS-specific workaround in number_of_loops.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When optimizing TypeScript class methods that call other methods from the
same class, the helper methods were being appended OUTSIDE the class
definition. This caused syntax errors because class-specific keywords like
`private` are only valid inside a class body.
Changes:
- Add _find_same_class_helpers() method to identify helper methods belonging
to the same class as the target method
- Modify extract_code_context() to include same-class helpers inside the
class wrapper and filter them from the helpers list
- Fix all JavaScript/TypeScript tests by adding export keywords to test code
so functions can be discovered by discover_functions()
- Add comprehensive tests for same-class helper extraction
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
