Commit Graph

11053 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
dbbbf1c421 Add symlinks for winprod/winstaging/wintest branding assets
winprod  → prod assets (favicon.ico, site-logo.svg)
winstaging → staging assets (favicon-staging.ico, site-logo-staging.svg)
wintest  → dev assets (favicon-dev.ico, site-logo-dev.svg)
gh-18611
2026-07-14 15:00:01 +00:00
Matt Godbolt
3d64c50198 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
gh-18608
2026-07-14 15:57:07 +01:00
copilot-swe-agent[bot]
2766b7a8c6 Merge main into config-driven-env-branding, resolving conflicts in rendering.ts gh-18606 2026-07-14 14:54:33 +00:00
Matt Godbolt
c425932877 Mask temp paths by the CE marker, not the live os.tmpdir() (#8920)
maskRootdir() built its strip-regex from this process's os.tmpdir(), so
it only masked paths whose root matched the current tmpdir. That is
fragile in two real cases:

- The path being masked is recorded when the compile runs and need not
share the masking process's tmpdir. Snapshots/fixtures that freeze
/tmp/... paths only mask on hosts where os.tmpdir() is /tmp (they fail
where it is e.g. /usr/tmp).
- On macOS os.tmpdir() returns /var/folders/... while real temp paths
often resolve via /private/var/folders/..., so masking silently missed.
- A configured temp root (temp dirs created outside os.tmpdir()) was
never matched at all.

Key the regex off the distinctive ce_temp_prefix marker instead,
matching whatever path segments precede it. This is tmpdir-independent
and unifies the Windows and non-Windows branches into one rule (also
masking embedded temp paths like `-I/tmp/.../include` on Windows, which
the old anchored branch missed).

Adds unit tests for maskRootdir (previously untested) covering /tmp,
/usr/tmp, macOS /private/var, Windows, the -I include case, and non-temp
paths left untouched.

<!-- THIS COMMENT IS INVISIBLE IN THE FINAL PR, BUT FEEL FREE TO REMOVE
IT
Thanks for taking the time to improve CE. We really appreciate it.
Before opening the PR, please make sure that the tests & linter pass
their checks,
  by running `make check`.
In the best case scenario, you are also adding tests to back up your
changes,
  but don't sweat it if you don't. We can discuss them at a later date.
Feel free to append your name to the CONTRIBUTORS.md file
Thanks again, we really appreciate this!
-->

---------

Co-authored-by: Matt Godbolt <mattgodbolt@hudson-trading.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
gh-18605
2026-07-14 15:30:54 +01:00
Sirui Mu
7a6af91bc9 Enable AST output for Python (#8858)
This patch adds support for viewing the abstract syntax tree (AST) of
Python source code in Compiler Explorer, matching the existing AST
viewer feature for C/C++ (Clang AST).

- This patch adds a helper script `ast_dump.py` that parses and dumps
the AST for a Python source code file. `python -m ast` should also work,
but it's not available in old versions of Python.
- This patch adds an AST parser for Python which mimics the structure of
the C/C++ AST parser. It also updates the Python compiler to enable AST
output.
- All existing and new tests pass.

Assisted-by: GitHub Copilot / DeepSeek v4 Flash
Assisted-by: GitHub Copilot / DeepSeek v4 Pro

<!-- THIS COMMENT IS INVISIBLE IN THE FINAL PR, BUT FEEL FREE TO REMOVE
IT
Thanks for taking the time to improve CE. We really appreciate it.
Before opening the PR, please make sure that the tests & linter pass
their checks,
  by running `make check`.
In the best case scenario, you are also adding tests to back up your
changes,
  but don't sweat it if you don't. We can discuss them at a later date.
Feel free to append your name to the CONTRIBUTORS.md file
Thanks again, we really appreciate this!
-->

Co-authored-by: Matt Godbolt <matt@godbolt.org>
gh-18591
2026-07-14 08:46:10 +01:00
dependabot[bot]
2cc60cee5f Bump soupsieve from 2.8.3 to 2.8.4 in /etc/scripts/docenizers (#8913)
Bumps [soupsieve](https://github.com/facelessuser/soupsieve) from 2.8.3
to 2.8.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facelessuser/soupsieve/releases">soupsieve's
releases</a>.</em></p>
<blockquote>
<h2>2.8.4</h2>
<ul>
<li><strong>FIX</strong>: Fix another inefficient attribute pattern (<a
href="https://github.com/mauriceng98"><code>@​mauriceng98</code></a>).</li>
<li><strong>FIX</strong>: Limit total number of selectors processed in a
pattern to prevent massive selector requests (<a
href="https://github.com/mauriceng98"><code>@​mauriceng98</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="28108ab805"><code>28108ab</code></a>
Limit excessive selectors</li>
<li><a
href="ef188721d6"><code>ef18872</code></a>
Fix test for Windows</li>
<li><a
href="eb43976187"><code>eb43976</code></a>
Merge commit from fork</li>
<li><a
href="3a661b23b2"><code>3a661b2</code></a>
Fix typo in pseudo-classes.md (<a
href="https://redirect.github.com/facelessuser/soupsieve/issues/294">#294</a>)</li>
<li><a
href="0cb533d83b"><code>0cb533d</code></a>
Update hatchling version requirement in pyproject.toml (<a
href="https://redirect.github.com/facelessuser/soupsieve/issues/290">#290</a>)</li>
<li>See full diff in <a
href="https://github.com/facelessuser/soupsieve/compare/2.8.3...2.8.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=soupsieve&package-manager=uv&previous-version=2.8.3&new-version=2.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/compiler-explorer/compiler-explorer/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
gh-18590
2026-07-14 08:45:38 +01:00
Hayden Gray
e1962cbc41 [odin] added dev-2026-07 (#8899)
adds odin dev-2026-07. depends on
https://github.com/compiler-explorer/infra/pull/2213
gh-18584
2026-07-13 22:55:27 +01:00
Connor Simms
d5e13076cc Fix Mojo syntax highlighting (#8916)
Resolves #8901
### Problem
`static/modes/mojo-mode.ts` was a copy of `static/modes/asm-mode.ts`,
likely as a placeholder. Mojo source code was highlighted as if it were
assembly.

### Solution
This PR replaces the assembly placeholder with proper highlighting rules
for Mojo.

### Details
* Supports standard Python lexical rules
* Includes legacy/deprecated keywords (`let`, `inout`, `borrowed`,
`owned`, `alias`, `fn`, ...) for backward compatibility with older Mojo
compilers on Compiler Explorer
* Prevents keyword mis-highlighting during attribute access
(`file.read()` doesn't highlight `read` as a keyword)

### Screenshots
Before:
<img width="174" height="116" alt="image"
src="https://github.com/user-attachments/assets/ad561ff2-eae4-423e-8319-e2095da7838d"
/>
After:
<img width="174" height="116" alt="image"
src="https://github.com/user-attachments/assets/b52d9e25-2c9c-4162-a105-106ad868b31d"
/>
Before:
<img width="327" height="113" alt="image"
src="https://github.com/user-attachments/assets/257e3b94-b4c8-443a-93ae-71bbdd023b05"
/>
After:
<img width="327" height="113" alt="image"
src="https://github.com/user-attachments/assets/247e1e73-c1da-4df2-9781-cf2da3476c78"
/>

### Testing
* Verified visually in the local Compiler Explorer `make dev`
environment.
gh-18583
2026-07-13 22:51:44 +01:00
Darius Neațu
098357fc7b Add missing Beman libraries for trunk (#8909)
## Summary

- Add trunk entries for 10 missing Beman libraries in
`etc/config/c++.amazon.properties`.

## Libraries (trunk)

- beman.at_most
- beman.bounds_test
- beman.closed_view
- beman.cycle
- beman.elide
- beman.gates
- beman.indirect
- beman.integer_division
- beman.range_searcher
- beman.str_split

## Tracking

- Compiler Explorer issue:
https://github.com/compiler-explorer/compiler-explorer/issues/8908
- infra PR (merge first):
https://github.com/compiler-explorer/infra/pull/2219

## Test plan

- [x] Merge infra PR first and wait for deployment
- [ ] Verify libraries appear in Godbolt library picker
- [ ] Smoke-compile a sample include for each library

Co-authored-by: Darius Neațu <neautdarius@gmail.com>
gh-18580
2026-07-12 22:22:04 +01:00
Matt Godbolt (bot acct)
41f5cf881f Add new versions: Crystal 1.20.3, Nim 2.2.10, Pony 0.52–0.67, TinyGo 0.41.1, Rakudo 2026.06, Wasmtime 46, Sway 0.71.2, Sail 0.20.2 (#8918)
*(I'm Molty, an AI assistant acting on behalf of @mattgodbolt)*

Adds CE properties entries so the new compiler versions installed in
compiler-explorer/infra#2230 appear in the UI. Companion to
**compiler-explorer/infra#2230**.

Follows existing patterns exactly — no existing entries removed, no
existing IDs changed. `defaultCompiler` for each affected group is
bumped to the newest added version.

## Versions added

| Language | File | New versions | IDs |
|---|---|---|---|
| Crystal | `crystal.amazon.properties` | 1.20.3 | `crystal1203` |
| Nim | `nim.amazon.properties` | 2.0.16, 2.2.10 | `nim20016`, `nim2210`
|
| Pony | `pony.amazon.properties` | 0.52.5 → 0.67.0 (16 releases) |
`p0525`…`p0670` |
| TinyGo | `go.amazon.properties` | 0.41.1 | `tinygo0411` |
| Rakudo | `raku.amazon.properties` | 2025.06.1, 2025.08, 2025.10–12,
2026.01–06 | `rakudo-moar-2026-06-01` etc. |
| Wasmtime | `wasm.amazon.properties` | 46.0.1 | `wasmtime4601` |
| Sway | `sway.amazon.properties` | 0.69.6, 0.70.3, 0.71.2 |
`swayv0696`, `swayv0703`, `swayv0712` |
| Sail | `sail.amazon.properties` | 0.19.1, 0.20.2 | `sail_0_19_1`,
`sail_0_20_2` |

Note: the Rakudo 2025.06 release is the `2025.06.1-01` point release,
added as `rakudo-moar-2025-06-1-01` (name *Rakudo 2025.06.1 MoarVM*) to
mirror infra, following the existing `2021-02-1-01` special-case
pattern.

## Not included: Kotlin/Native

infra#2230 also installs Kotlin/Native 2.3.0–2.4.0, but there is
currently **no `kotlin-native` language or properties file in CE** (only
`kotlin` (JVM) and `android-kotlin`). Surfacing Kotlin/Native would
require a new language definition + compiler backend, which is out of
scope for a properties update — so it's left out of this PR and can be
handled separately.

## Testing

Ran local discovery for each affected language (`node app.ts --language
<lang>`) with stub binaries at the expected install paths, and confirmed
CE resolves and creates each new compiler ID (config parses, exe path
resolves, version gathered). The pre-commit `test:props` validation
suite passes (90/90).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18579
2026-07-12 22:18:49 +01:00
LJ
e232223f27 Add resolc Solidity compiler v1.4.0 (#8915)
Adds resolc v1.4.0.

Infra PR:
[compiler-explorer/infra/pull/2227](https://github.com/compiler-explorer/infra/pull/2227)
gh-18578
2026-07-12 21:25:47 +01:00
Matt Godbolt
d9b8c59f4e Lint GitHub Actions workflows with actionlint (#8912)
Part of the actionlint rollout across CE repos
(compiler-explorer/compiler-workflows#68, compiler-explorer/infra#2226).
[actionlint](https://github.com/rhysd/actionlint) statically checks
workflow files: schema/typos, expression type-checking against real
contexts (undefined inputs/outputs/needs are errors), unknown runner
labels, and shellcheck over embedded `run:` scripts.

This repo has no pre-commit framework, so it's wired as a small CI
workflow that runs on any push/PR touching `.github/workflows/**`, using
the pinned official docker image. `.github/actionlint.yaml` declares the
self-hosted `admin` label so `runs-on: [admin]` (deploy workflows)
checks correctly.

The existing ten workflows already pass with no findings.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
gh-18576
2026-07-12 20:21:49 +01:00
Matt Godbolt (bot acct)
930d3fe462 Add SDCC 4.6.0 (#8917)
*(I'm Molty, an AI assistant acting on behalf of @mattgodbolt)*

Adds SDCC 4.6.0 to the C compiler list. Requested because 4.6.0 is the
first C compiler release to support the `_Optional` type qualifier.

Follows the existing SDCC group convention exactly: appends `sdcc460` to
`group.sdcc.compilers` and adds the `exe`/`semver` entries. No existing
IDs changed.

Depends on the infra install PR landing first:
compiler-explorer/infra#2228

Verified the 4.6.0 tarball installs via `ce_install`, `bin/sdcc
--version` reports `4.6.0`, and a `_Optional int *p;` program compiles
cleanly. The properties validation suite passes (`npm run test:props`,
90 tests).

🤖 Generated by LLM (Claude, via OpenClaw)

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
gh-18575
2026-07-12 14:17:15 +01:00
Miguel Ojeda
bef854b317 Rust 1.97.0 (#8907)
Infra: https://github.com/compiler-explorer/infra/pull/2217.

Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
gh-18562
2026-07-10 08:19:39 +02:00
Matt Godbolt (bot acct)
19de5e516d fix: use baseOptions for clangx86trunk gcc-toolchain (#8906)
*(I'm Molty, an AI assistant acting on behalf of @mattgodbolt)*

## Problem

Compilers in the `clangx86trunk` group that set their own `options`
property silently **override** the group-level
`options=--gcc-toolchain=/opt/compiler-explorer/gcc-snapshot`. The
per-compiler value is checked first; if found, the group fallback is
never reached.

This means ~18 compilers (all those with a per-compiler `options` line —
e.g. `clang_hana`, `clang_bb_p2996`, `clang_p2998`, `clang_patmat`,
`clang_resugar`, `clang_barry`, `clang_concepts`, etc.) fall back to the
system GCC 13 instead of `gcc-snapshot`. System GCC 13's libstdc++ lacks
headers like `bits/version.h`, so any user who switches these compilers
to `-stdlib=libstdc++` gets:

```
fatal error: 'bits/version.h' file not found
```

Reported via: https://compiler-explorer.com/z/WcPd19b5o (hana-clang, but
confirmed broken on all affected compilers).

## Fix

Move the toolchain flag from `group.clangx86trunk.options` to
`group.clangx86trunk.baseOptions`. The `baseOptions` and `options`
values are **concatenated** rather than one replacing the other, so
per-compiler `options` no longer silently discard the toolchain.

`clang_p1144` and `clang_lifetime` intentionally use different GCC
toolchains, so they get their own `baseOptions` override with the
correct path. The toolchain flag is removed from their `options` entries
(which now only contain the non-toolchain flags).

## Testing

Verified via CE compile API with `-v` that:
- Affected compilers (e.g. `clang_hana`) currently select
`/usr/lib/gcc/x86_64-linux-gnu/13` instead of `gcc-snapshot`
- `clang_trunk` (no per-compiler options) correctly gets `gcc-snapshot`
today
- Explicitly passing
`--gcc-toolchain=/opt/compiler-explorer/gcc-snapshot` as a user flag
fixes the affected compilers, confirming the root cause

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
gh-18557
2026-07-09 13:48:21 +01:00
Cycle1337
ed127f3933 Fix compiler tool ID slimming for cached arrays (#8893) gh-18552 2026-07-08 09:42:37 +02:00
Mateusz Pusz
1d5e3b94f9 Add more include paths for mp-units library (#8895)
The latest mp-units commis added a few new include paths to improve
project organization.
gh-18550
2026-07-07 17:13:45 +01:00
Matt Godbolt (bot acct)
132f308ea4 Don't rewrite the URL in embedded mode; fixes embeds regressing to the front page (#8897)
Fixes #8896.

### What was happening

`SharingBase.ensureUrlIsNotOutdated()` replaces the page URL with
`httpRoot` (`/`) once the layout state diverges from the state recorded
after load. That rewrite exists for the main site, so an outdated
shortlink path (`/z/...`) doesn't linger in the address bar after you
edit the code.

Since #8166 started running the shared state-tracking (`SharingBase`) in
embedded mode too — to keep the "Edit on Compiler Explorer" link in sync
— the rewrite also fires inside `/e` iframes. There, `location.pathname`
(`/e`) never equals `httpRoot` (`/`), so the first state change after
load (an edit, or just layout churn) silently rewrites the iframe's URL
to `/` — dropping both the `/e` path **and** the state hash. Reproduced
with a `history.replaceState` spy: after two edits in an embed, the
iframe's location is `/` with an empty hash.

The visible symptoms are then browser-dependent, which is why it looked
intermittent: Firefox restores an iframe's *session-history* URL when
the parent page reloads, so the iframe comes back as `godbolt.org/` —
the full site, showing the default language example, and (because
cookies are unreadable in a cross-site iframe, per the `privacy_status`
SameSite console error in the report) the privacy-policy popup. Chrome
reloads iframes from their `src` attribute, so it never showed the
problem.

### The fix

Skip the rewrite entirely in embedded mode — the iframe's URL *is* the
embedded state and must never be touched. The `a.link` "Edit on Compiler
Explorer" state tracking from #8166 is unaffected.

### Tests

New `cypress/e2e/embed.cy.ts`:
- the embedded state's code loads (not the default example),
- the `/e#state` URL survives state changes (fails before this fix:
pathname becomes `/`, hash emptied),
- the "Edit on Compiler Explorer" link still picks up edits (locks in
#8166's behaviour).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
gh-18545
2026-07-06 17:17:10 -05:00
Patrick Quist
17d7ff668f Revert min support (#8892) gh-18536 2026-07-04 18:28:28 +02:00
mert-kurttutan
9d0200acfa redeploy sfpi (#8890)
This is to undo revert regarding sfpi deployment since a fix is applied
for the building of sfpi compiler
gh-18528
2026-07-03 10:48:23 +01:00
Mingxin Wang
1f0d1d5ba4 Add C++ library proxy 4.1.0 (#8861)
See [the PR from Infra
side](https://github.com/compiler-explorer/infra/pull/2196).
gh-18526
2026-07-03 10:39:39 +01:00
mert-kurttutan
a0fb0d8c40 lower engines.node version for more precise value (#8889)
It lowers to the exact value as limited by lint-staged package. For some
reason, the value is chosen to be the current LTS value at the time of
this
[PR](https://github.com/compiler-explorer/compiler-explorer/pull/8885)
even though the value is dictated by lint-staged package.
gh-18525
2026-07-03 10:38:30 +01:00
moletteremi
ff39c06176 Downgrade Scale's CUDA to the latest supported version (13.1) (#8888)
Follow up of
https://github.com/compiler-explorer/compiler-explorer/pull/8849

Thanks a lot for the review and merge !

I did not realize that scale/1.7.1 does not support cuda>13.1 as I was
testing locally with cuda/12.8.0, see

https://godbolt.org/z/cjdvYqGbd

> nvcc: warning: CUDA version is newer than the latest supported version
13.1 [-Wunknown-cuda-version]

The fix is straightforward and included in this PR. AMD backend seems
good. Sorry for the noise :)

Regards
gh-18523
2026-07-03 10:14:04 +01:00
dependabot[bot]
043a99bf30 Bump cryptography from 46.0.7 to 48.0.1 in /etc/scripts/docenizers (#8837)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7
to 48.0.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>48.0.1 - 2026-06-09</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
4.0.1.
<p>.. _v48-0-0:</p>
<p>48.0.0 - 2026-05-04<br />
</code></pre></p>
<ul>
<li>
<p><strong>BACKWARDS INCOMPATIBLE:</strong> Support for Python 3.8 has
been removed.
<code>cryptography</code> now requires Python 3.9 or later.</p>
</li>
<li>
<p><strong>BACKWARDS INCOMPATIBLE:</strong> Loading an X.509 CRL whose
inner
<code>TBSCertList.signature</code> algorithm does not match the outer
<code>signatureAlgorithm</code> now raises <code>ValueError</code>.
Previously, such CRLs
were parsed successfully and only rejected during signature
validation.</p>
</li>
<li>
<p>Added support for
:doc:<code>/hazmat/primitives/asymmetric/mlkem</code> and
:doc:<code>/hazmat/primitives/asymmetric/mldsa</code> when using OpenSSL
3.5.0 or
later, in addition to the existing AWS-LC and BoringSSL support. This
means
post-quantum algorithms are now available to users of our wheels.</p>
<ul>
<li><strong>Note:</strong> Going forward, we do not guarantee that all
functionality
in <code>cryptography</code> will be available when building against
OpenSSL. See :doc:<code>/statements/state-of-openssl</code> for more
information.</li>
</ul>
</li>
</ul>
<p>.. _v47-0-0:</p>
<p>47.0.0 - 2026-04-24</p>
<pre><code>
* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been
removed.
OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL &lt; 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms
or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects

:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de987ce48c"><code>de987ce</code></a>
48.0.1 version bump and changelog (<a
href="https://redirect.github.com/pyca/cryptography/issues/14996">#14996</a>)</li>
<li><a
href="8e03e30e3a"><code>8e03e30</code></a>
bump for 48.0.0 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14796">#14796</a>)</li>
<li><a
href="295e0d254e"><code>295e0d2</code></a>
Add AGENTS.md with CLAUDE.md symlink (<a
href="https://redirect.github.com/pyca/cryptography/issues/14794">#14794</a>)</li>
<li><a
href="104a2de19e"><code>104a2de</code></a>
Bump BoringSSL, OpenSSL, AWS-LC in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14793">#14793</a>)</li>
<li><a
href="67ec1e5198"><code>67ec1e5</code></a>
call check_length early on AesSiv::encrypt (<a
href="https://redirect.github.com/pyca/cryptography/issues/14792">#14792</a>)</li>
<li><a
href="b2da57a0d9"><code>b2da57a</code></a>
changelog for mldsa/mlkem for openssl (<a
href="https://redirect.github.com/pyca/cryptography/issues/14791">#14791</a>)</li>
<li><a
href="3cf44adee2"><code>3cf44ad</code></a>
ML-KEM OpenSSL support (<a
href="https://redirect.github.com/pyca/cryptography/issues/14781">#14781</a>)</li>
<li><a
href="2e31639666"><code>2e31639</code></a>
ML-DSA OpenSSL support (<a
href="https://redirect.github.com/pyca/cryptography/issues/14773">#14773</a>)</li>
<li><a
href="5affe5a286"><code>5affe5a</code></a>
fix rust nightly clippy (<a
href="https://redirect.github.com/pyca/cryptography/issues/14790">#14790</a>)</li>
<li><a
href="2e73ca448e"><code>2e73ca4</code></a>
bump rust-openssl dep and update EcPoint::mul_generator to
mul_generator2 (<a
href="https://redirect.github.com/pyca/cryptography/issues/1">#1</a>...</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/46.0.7...48.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.7&new-version=48.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/compiler-explorer/compiler-explorer/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
gh-18519
2026-07-02 22:21:37 +01:00
dependabot[bot]
eab6b6815b Bump form-data (#8838)
Bumps and [form-data](https://github.com/form-data/form-data). These
dependencies needed to be updated together.
Updates `form-data` from 2.5.5 to 2.5.6
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.5...v2.5.6">v2.5.6</a>
- 2026-06-12</h2>
<h3>Commits</h3>
<ul>
<li>[Fix] escape CR, LF, and <code>&quot;</code> in field names and
filenames <a
href="b62031603c"><code>b620316</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, <code>tape</code> <a
href="12be578e93"><code>12be578</code></a></li>
<li>[Dev Deps] update <code>js-randomness-predictor</code> <a
href="46cfd23bd4"><code>46cfd23</code></a></li>
<li>[Tests] use <code>safe-buffer</code> so the header-injection test
runs on node &lt; 4 <a
href="633044a57a"><code>633044a</code></a></li>
<li>[Deps] update <code>hasown</code> <a
href="e3b96eef16"><code>e3b96ee</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7133499c2"><code>c713349</code></a>
v2.5.6</li>
<li><a
href="46cfd23bd4"><code>46cfd23</code></a>
[Dev Deps] update <code>js-randomness-predictor</code></li>
<li><a
href="633044a57a"><code>633044a</code></a>
[Tests] use <code>safe-buffer</code> so the header-injection test runs
on node &lt; 4</li>
<li><a
href="e3b96eef16"><code>e3b96ee</code></a>
[Deps] update <code>hasown</code></li>
<li><a
href="12be578e93"><code>12be578</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, <code>tape</code></li>
<li><a
href="b62031603c"><code>b620316</code></a>
[Fix] escape CR, LF, and <code>&quot;</code> in field names and
filenames</li>
<li>See full diff in <a
href="https://github.com/form-data/form-data/compare/v2.5.5...v2.5.6">compare
view</a></li>
</ul>
</details>
<br />

Updates `form-data` from 4.0.5 to 4.0.6
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.5...v2.5.6">v2.5.6</a>
- 2026-06-12</h2>
<h3>Commits</h3>
<ul>
<li>[Fix] escape CR, LF, and <code>&quot;</code> in field names and
filenames <a
href="b62031603c"><code>b620316</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, <code>tape</code> <a
href="12be578e93"><code>12be578</code></a></li>
<li>[Dev Deps] update <code>js-randomness-predictor</code> <a
href="46cfd23bd4"><code>46cfd23</code></a></li>
<li>[Tests] use <code>safe-buffer</code> so the header-injection test
runs on node &lt; 4 <a
href="633044a57a"><code>633044a</code></a></li>
<li>[Deps] update <code>hasown</code> <a
href="e3b96eef16"><code>e3b96ee</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7133499c2"><code>c713349</code></a>
v2.5.6</li>
<li><a
href="46cfd23bd4"><code>46cfd23</code></a>
[Dev Deps] update <code>js-randomness-predictor</code></li>
<li><a
href="633044a57a"><code>633044a</code></a>
[Tests] use <code>safe-buffer</code> so the header-injection test runs
on node &lt; 4</li>
<li><a
href="e3b96eef16"><code>e3b96ee</code></a>
[Deps] update <code>hasown</code></li>
<li><a
href="12be578e93"><code>12be578</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, <code>tape</code></li>
<li><a
href="b62031603c"><code>b620316</code></a>
[Fix] escape CR, LF, and <code>&quot;</code> in field names and
filenames</li>
<li>See full diff in <a
href="https://github.com/form-data/form-data/compare/v2.5.5...v2.5.6">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/compiler-explorer/compiler-explorer/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
gh-18518
2026-07-02 22:21:11 +01:00
dependabot[bot]
8c8ac70bf6 Bump undici from 7.27.0 to 7.28.0 (#8843)
Bumps [undici](https://github.com/nodejs/undici) from 7.27.0 to 7.28.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v7.28.0</h2>
<h1>⚠️ Security Release</h1>
<p>This release line addresses <strong>7 security advisories</strong>,
all shipped in <strong>v7.28.0</strong>.</p>
<blockquote>
<p><strong>Action required:</strong> Upgrade to <strong>undici
7.28.0</strong> or later.</p>
<pre lang="sh"><code>npm install undici@^7.28.0
</code></pre>
</blockquote>
<p>The v7 line is <strong>not</strong> affected by GHSA-38rv-x7px-6hhq
(CVE-2026-9675), which is
an 8.x-only regression.</p>
<blockquote>
<p><strong>Note on GHSA-hm92-r4w5-c3mj:</strong> this fix shipped in
<strong>v7.28.0</strong>, not the
earlier 7.2x line — the vulnerable single-pool code was still present
through
<code>v7.27.2</code>. The per-origin pool fix is
<a
href="https://github.com/nodejs/undici/commit/3805b8f8"><code>3805b8f8</code></a>
(<a
href="https://redirect.github.com/nodejs/undici/pull/5041">#5041</a>).</p>
</blockquote>
<h2>Summary</h2>
<table>
<thead>
<tr>
<th>Advisory</th>
<th>CVE</th>
<th>Severity (CVSS)</th>
<th>Fixed in</th>
<th>Fix commit</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q">GHSA-vxpw-j846-p89q</a></td>
<td>CVE-2026-12151</td>
<td>High (7.5)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/8cb10f98"><code>8cb10f98</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g">GHSA-vmh5-mc38-953g</a></td>
<td>CVE-2026-9697</td>
<td>High (7.4)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/04201f89"><code>04201f89</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj">GHSA-hm92-r4w5-c3mj</a></td>
<td>CVE-2026-6734</td>
<td>High (7.5)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/3805b8f8"><code>3805b8f8</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6">GHSA-pr7r-676h-xcf6</a></td>
<td>CVE-2026-9678</td>
<td>Moderate (5.9)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/85a24055"><code>85a24055</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-p88m-4jfj-68fv">GHSA-p88m-4jfj-68fv</a></td>
<td>CVE-2026-9679</td>
<td>Moderate (5.9)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/d0574cc4"><code>d0574cc4</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m">GHSA-g8m3-5g58-fq7m</a></td>
<td>CVE-2026-11525</td>
<td>Low (3.7)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/d0574cc4"><code>d0574cc4</code></a></td>
</tr>
<tr>
<td><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52">GHSA-35p6-xmwp-9g52</a></td>
<td>CVE-2026-6733</td>
<td>Low (3.7)</td>
<td>7.28.0</td>
<td><a
href="https://github.com/nodejs/undici/commit/ea8930cf"><code>ea8930cf</code></a></td>
</tr>
</tbody>
</table>
<hr />
<h2>High severity</h2>
<h3>WebSocket DoS via fragment count bypass — CVE-2026-12151</h3>
<p><strong><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q">GHSA-vxpw-j846-p89q</a></strong>
· CWE-400, CWE-770
<strong>Fix:</strong> <a
href="https://github.com/nodejs/undici/commit/8cb10f98"><code>8cb10f98</code></a>
<em>websocket: limit the number of fragments in a message</em> (part of
backport <a
href="https://github.com/nodejs/undici/commit/a027a4a0"><code>a027a4a0</code></a>
<em>Backport WebSocket maxPayloadSize fixes to v7.x</em>, <a
href="https://redirect.github.com/nodejs/undici/pull/5423">#5423</a>)</p>
<p>A malicious WebSocket server can stream a large number of small or
empty
continuation frames. Undici enforced a limit on cumulative payload size
but did
not limit the <em>number</em> of fragments per message, leading to
unbounded memory
growth and denial of service.</p>
<ul>
<li><strong>Affected:</strong> applications using <code>new
WebSocket(...)</code> or <code>WebSocketStream</code>
against untrusted endpoints.</li>
<li><strong>Workaround:</strong> none — upgrade is required.</li>
</ul>
<h3>TLS certificate validation bypass in SOCKS5 ProxyAgent —
CVE-2026-9697</h3>
<p><strong><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g">GHSA-vmh5-mc38-953g</a></strong>
· CWE-295</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f9eba0ad91"><code>f9eba0a</code></a>
Bumped v7.28.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5430">#5430</a>)</li>
<li><a
href="a027a4a04c"><code>a027a4a</code></a>
Backport WebSocket maxPayloadSize fixes to v7.x (<a
href="https://redirect.github.com/nodejs/undici/issues/5423">#5423</a>)</li>
<li><a
href="8cb10f983e"><code>8cb10f9</code></a>
websocket: limit the number of fragments in a message</li>
<li><a
href="04201f8947"><code>04201f8</code></a>
fix: honor requestTls when proxy is SOCKS5</li>
<li><a
href="fcd642ff61"><code>fcd642f</code></a>
fix(socks5): preserve dispatch backpressure return value (<a
href="https://redirect.github.com/nodejs/undici/issues/5166">#5166</a>)</li>
<li><a
href="bc98c97906"><code>bc98c97</code></a>
fix(socks5): use configured connector in Socks5ProxyAgent (<a
href="https://redirect.github.com/nodejs/undici/issues/5168">#5168</a>)</li>
<li><a
href="9e1c74372a"><code>9e1c743</code></a>
fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly (<a
href="https://redirect.github.com/nodejs/undici/issues/5099">#5099</a>)</li>
<li><a
href="376c8be27c"><code>376c8be</code></a>
fix(socks5): enforce authenticated state before CONNECT (<a
href="https://redirect.github.com/nodejs/undici/issues/5097">#5097</a>)</li>
<li><a
href="3805b8f851"><code>3805b8f</code></a>
fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin
routing...</li>
<li><a
href="85a240551c"><code>85a2405</code></a>
fix(cache): trim qualified field names</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v7.27.0...v7.28.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=undici&package-manager=npm_and_yarn&previous-version=7.27.0&new-version=7.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/compiler-explorer/compiler-explorer/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
gh-18517
2026-07-02 22:20:45 +01:00
Marc Auberer
4d4e9a85f4 [Spice] Prune non-latest patch versions per minor release (#8886)
Keep only the newest patch build for each minor series (0.19-0.27).
Removed compiler IDs are preserved as aliases on the surviving
latest-patch compiler so existing shortlinks keep resolving.

Infra PR: https://github.com/compiler-explorer/infra/pull/2210

Co-authored-by: Claude <noreply@anthropic.com>
gh-18516
2026-07-02 22:18:09 +01:00
moletteremi
ef9a1ce7c3 [CUDA] add scale's nvcc compiler (nvidia & amd backends) (#8849)
Hi !

This PR adds the [scale nvcc
compiler](https://docs.scale-lang.com/stable/) to the CE live site for
both AMD and Nvidia backends

It works locally and shows host asm, device LLVMIR and:

 - PTX ans SASS for Nvidia backend,
 - AMDGPU code for AMD backend.
 
There is a bug in scale 1.7.1 that prevents the compilation with both
`-S, -o` flags. As a result I had to make some temp workarounds.

For Nvidia backend, PTX is written in the device `.s` file. I run it
through `ptax` and `nvidasm` to get the SASS. To get the LLVMIR, I
decode the device `.bc` file with `llvm-dis`.

For AMD backend, the `.s` file is the AMDGPU code, and the LLVMIR is
obtained the same way.

I plan to make the `.ts` script closer to say `nvcc.ts` once the flag
bugs are fixed in scale.

Let me know if there is anything I missed for the live site integration.

infra PR: https://github.com/compiler-explorer/infra/pull/2191
Issue:
https://github.com/compiler-explorer/compiler-explorer/issues/8865

I acknowledge the use of generative AI to help drafting the code of this
PR.

---------

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18515
2026-07-02 22:14:19 +01:00
Matt Godbolt (bot acct)
40f82039a6 Rollup of dependency updates + move node floor to 22 LTS (#8885)
## What

Fresh rollup of minor/patch dependency updates via `npm update -S`, plus
a
`biome.json` tweak, plus a **node floor move to the latest 22 LTS**.
Redo of #8844
on top of current `main`.

Notable dep bumps: `@aws-sdk/*` 3.1057→3.1079, `@sentry/*` 10.55→10.63,
`webpack` 5.107→5.108, `@biomejs/biome` 2.4.16→2.5.2, `cypress`, `sass`,
`lint-staged`, and others.

## biome `!**/*.svg`

biome 2.5 now parses `.svg` files as HTML and errors on them (94 errors
across
`static/**`/`public/**`). Added `!**/*.svg` to the biome ignore list.

## Node floor → 22.23.1 (latest 22 LTS)

The update pulled `lint-staged@17.0.8`, which requires node `>=22.22.1`
— above our
previous declared minimum of `22.12.0`. Per the #8845 `find-node`
contract,
`.node-version` is the single source of truth whose satisfaction must
also satisfy
`engines.node` and every dependency. To keep that true, this bumps:

- `.node-version` → `22.23.1`
- `engines.node` → `>=22.23.1`

22.23.1 is the current latest 22 LTS and is also what CI's `setup-node`
(`22.x` +
`check-latest`) already resolves to. **Production node should move to
match.**

Lockfile regenerated cleanly under node 22.23.1 / npm 10.9.8 (CI's
toolchain).

## No `webpackJsHack` bump

The original #8844 also bumped `webpackJsHack` to dodge a source-map CDN
hash
collision; #8848 removed that escape hatch entirely (infra#2188 exempted
source
maps). So this touches no `webpack.config.esm.ts`.

## Note on the earlier biome CI failure

An earlier push failed `test` with `Cannot find module
'@biomejs/cli-linux-x64/biome'`.
Investigated: the lockfile is complete (all 8 platform optional deps
present, biome
2.5.2's package metadata is byte-identical to 2.4.16 which passes on
`main`), it
installs fine under npm 10.9/11.8 locally, and node 22.23.1 satisfies
all engines.
This is the known nondeterministic npm optional-dependency install flake
(npm/cli#4828) under node-22's bundled npm 10.9 — not a lockfile/code
defect. It
resolves on re-run; the systemic fix (make CI install with the repo's
declared
`npm@11.2.0` via corepack) is out of scope here.

Supersedes #8844.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18513
2026-07-02 14:57:06 -05:00
Matt Godbolt
3a211aaf0f Remove the manual webpackJsHack static-asset version (#8848)
> [!IMPORTANT]
> **Draft / do not merge yet.** Depends on
[infra#2188](https://github.com/compiler-explorer/infra/pull/2188) being
merged **and deployed** first. Until then, this `webpackJsHack` constant
is still the only escape hatch for the source-map hash collisions, so it
must stay. There's no deadline on this PR — it's pure cleanup that can
wait indefinitely.

## What

Removes the `webpackJsHack` `.vNN.` infix from the static asset
filenames (`[name].vNN.[contenthash].js` → `[name].[contenthash].js`,
and likewise for `.css` and worker files), along with its now-misleading
"Hack alert" comment.

## Why

This constant was a **manual escape hatch**. The CDN serves static files
with a one-year immutable cache and verifies (in CI, `ce ... builds
check_hashes`) that a given filename never changes content. Source maps
are named after their *asset's* content hash (`<asset>.map`), so a
toolchain bump that regenerated a map for byte-identical JS/CSS reused
the same `.map` filename with different bytes → the check failed, and we
manually bumped this constant to rename every asset and dodge the
collision.

[infra#2188](https://github.com/compiler-explorer/infra/pull/2188) fixes
the root cause: source maps are debug-only metadata, not code, so
they're now exempt from the immutable-hash check, overwritten on deploy,
and served `no-cache` (so debugging always gets the current map). With
that deployed, this constant can never need bumping again.

## The comment was true once — on webpack 4 — but has been obsolete
since the webpack 5 upgrade

The "Hack alert" comment claims the bumps are needed for *"webpack
changes that affect how minification is done, even though that's
supposed not to matter."* That was accurate when it was written, but
stopped being true years ago:

| When | webpack | What | Minification claim valid? |
|------|---------|------|---------------------------|
| 2020-04-18 (`67575197f`, *"Add a hacky fix for the cannot upload over
identical file"*) | **4.42.1** | Comment + manual version introduced;
template changed `[chunkhash]` → `v2.[contenthash]` | **Yes** |
| 2021-12-21 (`7c20613c5`, *"Move to using webpack5 (#3197)"*) |
**5.65.0** | Upgrade to webpack 5 | **No — obsolete from here on** |

- **On webpack 4** there was no `realContentHash`; JS hashes were
computed from the chunk's module content *before* Terser ran. So a
webpack/minifier change that altered the *minified* output left the hash
unchanged → same filename, different bytes → "cannot upload over
identical file". The manual version was a genuine fix, and the comment
correctly described pre-minification hashing.
- **Since webpack 5** (`realContentHash: true`, default-on in
production, landed in 5.8) every `[contenthash]` is recomputed from the
**final, post-minification** bytes. A minifier change now produces a
*new filename* on its own — it can no longer collide. So the
minification rationale has been dead for ~3.5 years.

That means essentially every version bump from the webpack-5 era onward
(the `v2 → … → v69` march) was a **source-map** collision misattributed
to minification — the source map being the one asset whose name still
isn't a hash of its own post-processed content. That is exactly what
infra#2188 addresses.

### Net

- A real code change or a minifier change → different post-minification
bytes → different `[contenthash]` → new filename. Handled correctly by
content-addressing; no hack needed.
- The only same-name-different-bytes case was source maps → fixed by
infra#2188.
- So removing `webpackJsHack` (and its misleading comment) is safe once
infra#2188 is deployed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
gh-18505
2026-07-02 14:08:23 -05:00
Matt Godbolt (bot acct)
eee2e8bfd9 Improve node discovery: version-manager aware, single source of truth (#8845)
## What

Reworks the bespoke `etc/scripts/find-node` and its `Makefile`
interaction so node discovery works out of the box on Linux and macOS,
is optionally friendly to version managers, and stays sympathetic to
people who just use system node.

### Before
- Only ever looked at `PATH`, plus a vestigial
`/opt/compiler-explorer/node` hardcode (an affordance for one dev's
local setup, unused by the live site).
- Duplicated the required node version in three places (`find-node` had
`22` twice; `.node-version`; `package.json` `engines`).
- Silently fell back *past* an unusable `NODE_DIR` to whatever else it
found.
- nvm users got whatever default was active, not the version this repo
pins.
- Nagged on any version that wasn't exactly `22.x`, even newer ones.

### After — clear, permissive resolution order
1. **`$NODE_DIR/bin/node`** — explicit override, now authoritative. If
it's set but missing/too old you get a clear error instead of a silent
fallback.
2. **`node`/`nodejs` on `PATH`** — covers system node *and* any version
manager with shell integration (fnm, asdf, nodenv, volta, an active
nvm). Zero extra steps on a well-configured machine.
3. **Manager rescue** — only when PATH node is absent or below the
minimum: source `nvm` and ask for the pinned version (the one manager
that's a shell function rather than a PATH binary), then try
`fnm`/`nodenv`/`asdf`. Each branch is inert unless that tool is
installed, so nobody is pushed onto a manager.

Other changes:
- **Single source of truth**: the minimum major now comes solely from
`.node-version` (the same file the managers read). Newer majors are
always fine — the "only tested against v22.x" warning is dropped.
- **`Makefile`**: `.node-bin` now also depends on `.node-version`, so
bumping the pin re-resolves node instead of serving a stale cache. The
lazy-dotfile pattern (so failures abort `make` and `make help` pays
nothing) is kept.
- **`README`**: documents the PATH-first + manager-rescue behaviour.

## Testing
- `shellcheck` clean.
- Verified: PATH discovery, valid/bogus `NODE_DIR`, nvm rescue (shadowed
`node`+`nodejs` with v18 shims → skipped them and resolved v22.22 via
nvm), too-old fallthrough, no-node/no-manager failure message, and `make
info` end-to-end.
- `fnm` branch is logically straightforward but was not exercised (no
fnm on the test box) — worth a smoke test if you have one.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Matt Godbolt <matt@godbolt.org>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
gh-18502
2026-07-02 19:50:58 +01:00
Michael Dunn-OConnor
ca8f03cafa Add Mojo 1.0.0b2 (#8841)
Add Mojo **1.0.0b2**, published to PyPI on 2026-06-18.

- Appends `mojo_1_0_0b2` to the `group.mojo.compilers` list (before
`mojo_nightly`).
- Adds the `exe` and `semver` properties for
`/opt/compiler-explorer/mojo-1.0.0b2/bin/mojo`.

Existing `mojo_0_25_6_0`, `mojo_0_25_7_0`, `mojo_0_26_1_0`,
`mojo_0_26_2_0`, and `mojo_1_0_0b1`
entries are deliberately kept per [docs/AddingACompiler.md § "Don't
remove or rename compilers on
the public
site"](https://github.com/compiler-explorer/compiler-explorer/blob/main/docs/AddingACompiler.md#dont-remove-or-rename-compilers-on-the-public-site).

**Companion infra PR required:** a matching change in
`compiler-explorer/infra`
(`bin/yaml/mojo.yaml`, `type: pip`, `mojo==1.0.0b2`) is needed to
install the binary on the public
site. That is in a separate repository and not included here.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18501
2026-07-02 19:48:36 +01:00
Matt Godbolt (bot acct)
3d5a62fe6b Re-add CI check enforcing license header banners (#8883)
## What & why

We used to enforce the BSD-2-Clause license banner on every source file
via `eslint-plugin-header`. That check was lost when we migrated from
ESLint to Biome (#7033), which has no equivalent rule. This PR
reinstates it as a standalone node script, modelled on the existing
`etc/scripts/check-frontend-imports.js`.

### Why a script rather than a Biome rule
Biome 2.x has no built-in license/header rule and no plugin equivalent
to `eslint-plugin-header`; its experimental GritQL plugins aren't suited
to whole-file-prefix matching. A script needs zero new dependencies and
gives full control over scope and exemptions.

## The check (`etc/scripts/check-license-headers.js`)

A file "has an appropriate banner" if, ignoring an optional shebang, it
opens with a `// Copyright (c) …` line **and** contains the BSD-2-Clause
disclaimer body. The year and copyright holder are intentionally **not**
constrained — the tree legitimately has many holders (Compiler Explorer
Authors, Arm, Microsoft, HRT, individuals). The `(c)`/`(C)` marker is
matched case-insensitively.

**Scope:** `.ts/.js/.mjs/.cjs` under `lib/ static/ shared/ types/ test/
cypress/`.

**Exempt:** generated files (`lib/asm-docs/generated`), vendored
(`docenizer/vendor`), `.d.ts`, and three third-party ports that carry
their own upstream license — `static/ansi-to-html.ts` (MIT),
`lib/node-graceful.ts` (MIT), `shared/rison.ts` (Nanonid/rison port).

**Wired into:** CI (`test-and-deploy.yml`), `npm run check`, the `make
pre-commit` target, the husky pre-commit hook, and `lint-staged` (per
staged file).

Usage:
```
node ./etc/scripts/check-license-headers.js            # scan the tracked tree
node ./etc/scripts/check-license-headers.js <files...> # scan specific files (lint-staged)
```

## Backfill

The check surfaced **42 CE-authored files** missing the banner. This PR
backfills them all with the standard `Copyright (c) <year>, Compiler
Explorer Authors` banner, using each file's **git creation year**
(added-at-this-path, so no `--follow` rename artifacts).

## Verification

- `check-license-headers` → clean (was 42 failures)
- `biome check` on all source → no fixes needed (banner format matches
existing convention)
- `tsc` backend + frontend + tests → clean
- pre-commit gauntlet (lint, ts-check, related tests: 528 passed) ran on
commit

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18499
2026-07-02 19:13:21 +01:00
jmuddnv
16e22e01c5 Changes for HPC SDK 26.5 (#8863)
Add nvc 26.5 to etc/config/c.amazon.properties
Add nvc++ 26.5 to etc/config/c++.amazon.properties
Add nvfortran 26.5 to etc/config/fortran.amazon.properties

---------

Co-authored-by: Compiler Explorer Bot <mattgodbolt@users.noreply.github.com>
gh-18496
2026-07-02 19:05:32 +01:00
xermicus
a70e12f6b4 Add resolc Solidity compiler v1.2.0 and v1.3.0 (#8856)
Adds resolc v1.2.0 and v1.30.

Infra PR: https://github.com/compiler-explorer/infra/pull/2194

Signed-off-by: xermicus <cyrill@parity.io>
gh-18495
2026-07-02 19:04:54 +01:00
kevinjeon-g
e9e3d41d56 Update dex2oat versions (37.0, 36.1) (#8852) gh-18492 2026-07-02 19:04:22 +01:00
Lumi
f991438b25 Bump RazorForge to 0.1.0, 0.1.1, and 0.2.0 (#8850)
Bumps the RazorForge compiler from `0.0.4-alpha` to the `0.1.0` release
(initial support added in #8825).

v0.1.0 is the first stable (non-`-alpha`) tag, so the install path drops
the `-alpha` suffix:
`/opt/compiler-explorer/razorforge-0.0.4-alpha/RazorForge` →
`/opt/compiler-explorer/razorforge-0.1.0/RazorForge`.

The matching install recipe is in compiler-explorer/infra#2192 (tarball
URL verified `200`).
gh-18491
2026-07-02 18:58:50 +01:00
Joshua Berne
93b84413bb defaulting p3850 clang to libc++ (#8880)
Changing options for p3850 clang compilers instead of changing how it is
built (this replaces
https://github.com/compiler-explorer/clang-builder/pull/113).

Co-authored-by: jberne4 <jberne4@bloomberg.net>
gh-18486
2026-07-02 18:56:03 +01:00
Jamie
91c2cfa73c [swift]: add 6.3.3 compiler (#8878)
Depends on: https://github.com/compiler-explorer/infra/pull/2206
gh-18485
2026-07-02 18:55:19 +01:00
Matt Godbolt (bot acct)
5749265a56 Add gcc 14.4.0 and 15.3.0 (C and C++) (#8882)
Exposes mainline **gcc 14.4.0** and **15.3.0** (x86-64), plus their
assertions variants, in the **C** and **C++** compiler dropdowns.

### Why
This is the missing "expose in the UI" half of adding these gcc
versions. compiler-explorer/infra#2203 already *installs* them (the S3
artifacts are built), but without matching `.properties` entries they
don't appear in CE. cc @Yashinde145 — this is the companion PR to your
infra#2203; the version bump needs a change here too so the compilers
actually show up.

### What
Following the existing `g152`/`g143` pattern:
- `c++.amazon.properties`: `g144`, `g153` (+ `g144assert`, `g153assert`)
entries + added to `group.gcc86.compilers` /
`group.gcc86assert.compilers`.
- `c.amazon.properties`: the mirrored `cg144`, `cg153` (+ assertions)
entries + group lists (the shared gcc install serves both C and C++).

`test:props` passes (ran via the pre-commit hook). Only the C/C++
dropdowns are touched; other gcc-family languages (fortran/ada/d/…)
track gcc separately and could be extended in a follow-up if wanted.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: mattgodbolt-molty <mattgodbolt-molty@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gh-18484
2026-07-02 18:54:38 +01:00
Cedric
b0726beb5f Fix Triton MLIR source locations (#8718)
## Summary
- resolve nested named MLIR location aliases in the MLIR asm parser
- strip MLIR location metadata from displayed device output
- make Device Viewer source colours and hover linkage use the owning
source editor

## Testing
- npm run test -- test/asm-parser-tests.ts --reporter dot
- npm run ts-check:frontend
- npm run ts-check:backend
- npm run ts-check:tests
- npx biome check lib/parsers/asm-parser-mlir.ts
test/asm-parser-tests.ts static/panes/device-view.ts
- git diff --check -- lib/parsers/asm-parser-mlir.ts
test/asm-parser-tests.ts static/panes/device-view.ts
- pre-commit hook: npm run lint, npm run ts-check, vitest related passed

Note: a standalone npm run test-min run failed in unrelated
test/demangler-tests.ts Rust demangling expectations in this local
environment.

---------

Co-authored-by: Matt Godbolt <matt@godbolt.org>
gh-18483
2026-07-02 18:52:31 +01:00
aneshlya
ea240d2e2c Add ISPC v1.31.0 (#8864)
ISPC v1.31.0 has been released.
gh-18480
2026-07-02 18:48:30 +01:00
github-actions[bot]
a2c914c29f [bot] Update browsers list (#8877)
Automatic run of `npm run-update-browerslist` which needs to
 be done periodically to keep in-date.
See
[here](https://github.com/browserslist/browserslist#browsers-data-updating)
for more details.

Co-authored-by: Compiler Explorer Bot <mattgodbolt@users.noreply.github.com>
gh-18476
2026-07-02 18:44:22 +01:00
Cliff Burdick
77c9e2ca7b Add CCCL 3.3.4 (#8873) gh-18475 2026-07-02 18:43:43 +01:00
hkalbasi
9b47e07d14 Add co2 language (#8842)
This PR adds [CO2](https://github.com/hkalbasi/co2) which is a language
backward compatible with C, with some Rust interop features that
compiles to Rust's MIR.

I added two compiler `co2rustc` and `co2cc`, and a tool `co2miri` which
is Miri for CO2. I added `co2cc` under C compilers, to make it possible
to view diff of assembly for a C code compiled with CO2 and clang or
gcc. `co2cc` is a CO2 frontend which accepts gcc-like flags, and can (or
at least should) compile almost every ISO compatible C23 code.
`co2rustc` accepts Rust like flags, and added under a new `CO2`
language.

Tested locally and it seems to work.

I need some help in setting up artifacts (which, if I understand
correctly, needs to happen in `infra` or `compiler-workflows`). I make
an artifact `co2-multicall` in my CI, which needs to get symlinked in
`co2cc`, `co2rustc` and `co2miri`, and it needs to run a simple project
with miri to create the miri sysroot. If you show me a similar project,
I will do the job.

Disclaimer: Written partially by LLM.

---------

Co-authored-by: Matt Godbolt <matt@godbolt.org>
gh-18472
2026-07-02 18:26:35 +01:00
Odysseas Georgoudis
8e617e0956 add quill v12.0.0 (#8846)
Infra PR: https://github.com/compiler-explorer/infra/pull/2186
gh-18469
2026-07-02 18:16:17 +01:00
Marc Auberer
f0e1126faa [Spice] Add version 0.27.0 (#8870)
Infra PR: https://github.com/compiler-explorer/infra/pull/2201
gh-18465
2026-07-02 17:45:01 +01:00
Ofek
f7602b4360 Additional opt-pipeline optimization (#8876)
In an attempt to address #8583.
Also fix the opt-pipeline timing measurement.
gh-18453
2026-06-30 22:26:08 +03:00
Ofek
2d074f870b Fix #8859: fix full recompilation in conformance-view (#8875) gh-18450 2026-06-30 21:16:28 +03:00
Joshua Berne
a9c2c8b5ee Experimental clang and gcc C++29 contracts builds (#8867) gh-18442 2026-06-30 01:31:16 +02:00