Upgrade Python deps via uv sync --upgrade (werkzeug, filelock for py>=3.10,
and others). Run npm audit fix across JS test fixtures to patch minimatch
and rollup vulnerabilities.
Remaining unfixable:
- filelock <3.20.3 for py<3.10 (patched version requires py>=3.10)
- serialize-javascript in mocha ^10 (fix requires mocha 11 breaking change)
bubble_sort_method.py was accidentally committed with a @codeflash_capture
decorator and hardcoded temp path from a local test run, breaking tests
in other environments.
Resolve 12 Dependabot security alerts by constraining vulnerable packages
to Python 3.10+ where patches are available:
Python dependencies:
- filelock: Pin <3.20.3 for Python 3.9, >=3.20.3 for Python 3.10+
(fixes TOCTOU symlink vulnerabilities CVE-2024-XXXXX)
- tensorflow: Only install on Python 3.10+ (brings keras >=3.12.1, pillow >=12.1.1)
(fixes 8 high-severity keras vulnerabilities including arbitrary code execution,
directory traversal, and 1 high-severity pillow out-of-bounds write)
JavaScript dependencies:
- vitest: Update to latest (4.0.18) in test fixture directory
(fixes moderate-severity esbuild SSRF vulnerability GHSA-67mh-4wv8-2f99)
Python 3.9 notes:
- filelock 3.19.1 has known TOCTOU vulnerabilities (medium severity)
- tensorflow/keras/pillow excluded from Python 3.9 test dependencies
- Python 3.9 reached EOL in October 2025, vulnerabilities are expected
All high-severity vulnerabilities are resolved for Python 3.10+.
Python 3.9 users should upgrade to 3.10+ for full security patches.
Loop index now represents how many times all test files ran (batch count)
instead of per-invocation index. Also fixes Date.now() usage when random
seed is active and removes JS-specific workaround in number_of_loops.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When optimizing TypeScript class methods that call other methods from the
same class, the helper methods were being appended OUTSIDE the class
definition. This caused syntax errors because class-specific keywords like
`private` are only valid inside a class body.
Changes:
- Add _find_same_class_helpers() method to identify helper methods belonging
to the same class as the target method
- Modify extract_code_context() to include same-class helpers inside the
class wrapper and filter them from the helpers list
- Fix all JavaScript/TypeScript tests by adding export keywords to test code
so functions can be discovered by discover_functions()
- Add comprehensive tests for same-class helper extraction
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Some instrumented test files have numeric suffixes like _2, _3:
- FibonacciSeriesTest__perfinstrumented_2.java
- KnapsackTest__perfonlyinstrumented_3.java
Updated regex to match optional numeric suffix: (?:_\d+)?
Updated test to verify files with suffixes are detected.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Resolve merge conflict in code_replacer.py with Java-specific handling
- Update all Java modules to use FunctionToOptimize instead of FunctionInfo
- Add Language.JAVA to language_enum.py
- Update attribute names: name→function_name, start_line→starting_line, etc.
- Update all Java tests to use correct attribute names
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive e2e tests for the Java optimization pipeline:
- Function discovery (BubbleSort, Calculator)
- Code context extraction
- Code replacement
- Test discovery (JUnit 5)
- Project detection (Maven)
- Compilation and test execution
Also add:
- GitHub Actions workflow for Java e2e tests (java-e2e-tests.yml)
- Maven pom.xml for the Java sample project
- .gitignore exception for pom.xml
The e2e tests verify the full Java pipeline works correctly,
from function discovery through code replacement.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
