Skip to content

Complement #1625: refactoring with safe conditions #1648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 9, 2025
Merged

Complement #1625: refactoring with safe conditions #1648

merged 2 commits into from
Aug 9, 2025

Conversation

samchon
Copy link
Owner

@samchon samchon commented Aug 9, 2025

This pull request introduces a patch update to the typia package, focusing on improving how unused imports are removed and updating generated output to use internal helpers directly. The most significant changes are a refactor of the removeUnusedTypiaImports function for better clarity and maintainability, and updates to generated test files to avoid default imports and use explicit internal helpers.

Import transformer improvements

  • Refactored the removeUnusedTypiaImports function in ImportTransformer.ts to use clearer variable names, a dedicated ImportMetadata interface, and more concise logic for collecting and updating imports. This should make the code easier to follow and maintain.
  • Improved the logic for detecting transformable calls and property chains, and made minor formatting and style adjustments for consistency. [1] [2] [3]

Generated output updates

  • Updated test/generate/output/generate_http.ts to remove the default typia import and instead import only the required named exports and internal helpers. The generated functions now use these helpers directly for parsing, validation, and assertion, resulting in more explicit and modular code.
  • Updated test/generate/output/generate_use.ts to remove the default typia import, import only the necessary named export, and use the internal _isFormatUuid helper directly.

Version bump

  • Bumped the package version from 9.7.0 to 9.7.1 in package.json to reflect these improvements and fixes.

@samchon samchon requested a review from Copilot August 9, 2025 15:50
@samchon samchon self-assigned this Aug 9, 2025
@samchon samchon added the enhancement New feature or request label Aug 9, 2025
Copilot
Copilot AI reviewed Aug 9, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a patch update focused on improving the import transformer functionality and updating generated test outputs to use internal helpers directly instead of default typia imports. The changes enhance code maintainability by making import handling more explicit and reducing reliance on the default typia import.

Key Changes

  • Refactored the removeUnusedTypiaImports function in ImportTransformer.ts for better clarity and maintainability
  • Updated generated test files to use explicit internal helper imports instead of default typia imports
  • Version bump from 9.7.0 to 9.7.1

Reviewed Changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated no comments.

File Description
test/generate/output/generate_use.ts Replaced default typia import with explicit internal helper import for UUID format validation
test/generate/output/generate_protobuf.ts Removed default typia import and added multiple internal helper imports for protobuf operations
test/generate/output/generate_plain.ts Comprehensive replacement of default typia import with 15+ internal helper imports for various validation and generation functions
test/generate/output/generate_notations.ts Similar pattern - removed default typia import and added internal helper imports for format validation and assertion functions

@socket-security Socket Security
Copy link

socket-security bot commented Aug 9, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​body-parser@​1.19.6 ⏵ 1.19.51001006877100
Updated@​types/​express@​4.17.23 ⏵ 4.17.211001006981100
Updated@​typescript-eslint/​parser@​8.39.0 ⏵ 8.30.11001006997100
Updated@​types/​autocannon@​7.12.7 ⏵ 7.12.61001007278100
Updated@​types/​inquirer@​8.2.12 ⏵ 8.2.101001007588100
Updated@​typescript-eslint/​eslint-plugin@​8.39.0 ⏵ 8.30.1991007897100
Updated@​types/​node@​22.17.0 ⏵ 18.19.86100 +11007996 +1100
Updated@​types/​node@​22.17.0 ⏵ 20.17.30100 +11007996100
Updated@​types/​node@​22.17.0 ⏵ 22.14.1100 +11008096100
Updatedclass-validator@​0.14.2 ⏵ 0.14.110010010080100
Updatedrollup-plugin-node-externals@​8.0.1 ⏵ 8.0.010010010081100
Updatedtinyglobby@​0.2.14 ⏵ 0.2.13100 +11009183100
Updatedfastify@​4.29.1 ⏵ 4.29.09985 -1510090100
Updatedprettier@​3.6.2 ⏵ 3.5.39810010093100
Updatedzod@​3.25.76 ⏵ 3.24.310010010096100
Updatedrollup@​4.46.2 ⏵ 4.40.097 +110010098100
Updatedopenai@​4.104.0 ⏵ 4.95.199100100100 +1100

View full report

@socket-security Socket Security
Copy link

socket-security bot commented Aug 9, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
form-data@4.0.2 has a Critical CVE.

CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL)

Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4

Patched version: 4.0.4

From: pnpm-lock.yamlnpm/jsdom@21.1.2npm/autocannon@7.15.0npm/openai@4.95.1npm/form-data@4.0.2

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@4.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Aug 9, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/typia@1648

commit: edc820d

@samchon samchon merged commit 49bcfb2 into master Aug 9, 2025
10 checks passed
@samchon samchon deleted the feat/import branch August 9, 2025 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@samchon samchon

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@samchon