Conversation
There was a problem hiding this comment.
Pull request overview
This pull request upgrades the Calcit programming language toolchain from version 0.8.0-a3 to 0.11.6, along with related build tools and dependencies. The upgrade includes systematic code changes to adapt to new Calcit APIs and syntax changes introduced in version 0.11.6.
Changes:
- Upgraded Calcit from 0.8.0-a3 to 0.11.6 with corresponding API changes (defrecord→defstruct, .method→.!method, &record:get→property access, memof-call→memof1-call)
- Upgraded Vite from 4.4.9 to 7.3.1 and migrated from Yarn v1 to v4.12.0
- Migrated configuration from package.cirru to deps.cirru format with updated Calcit library versions
Reviewed changes
Copilot reviewed 7 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated @calcit/procs to 0.11.6, vite to 7.3.1, added packageManager field for Yarn 4.12.0 |
| yarn.lock | Complete regeneration for Yarn v4 format with all dependencies updated |
| deps.cirru | New Calcit dependencies file replacing package.cirru with updated library versions |
| package.cirru | Removed legacy Calcit dependencies configuration file |
| compact.cirru | Extensive code updates for Calcit 0.11.6 API changes including syntax and function renames |
| .yarnrc.yml | Added Yarn v4 configuration specifying node-modules linker |
| .gitignore | Added Yarn v4 artifacts and .DS_Store to ignore list |
| .gitattributes | Added .pnp.* files to linguist-generated list |
| .github/workflows/compile.yaml | Updated CI to use newer actions, Node 24, Yarn 4.12.0, and simplified Calcit setup |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "version": "0.0.11", | ||
| "dependencies": { | ||
| "@calcit/procs": "^0.8.0-a3" | ||
| "@calcit/procs": "^0.11.6" |
There was a problem hiding this comment.
The PR title contains a typo: "calcit" should be "Calcit" (with capital C) to match the proper name of the programming language as used throughout the codebase and package names.
| {} (:id op-id) (:name username) (:nickname username) | ||
| :password $ md5 password | ||
| :avatar nil |
There was a problem hiding this comment.
The sign-up logic stores user passwords using the md5 hash (:password $ md5 password), which is a fast, broken hashing algorithm and can be brute‑forced or rainbow‑table attacked if the user database is leaked. An attacker who obtains the storage.cirru or backups could recover many plaintext passwords and reuse them across other services. Replace md5 here with a modern, slow password hashing scheme (e.g., bcrypt, scrypt, Argon2, or PBKDF2 with strong parameters) and include a per‑user salt, and add a migration path for existing hashes.
No description provided.