init #4

FortiShield · 2025-03-08T11:58:45Z

User description

Notes for Reviewers

This PR fixes #

Signed commits

Yes, I signed my commits.

PR Type

Enhancement, Bug fix, Documentation, Tests

Description

Added decoding of full URLs in HTTPSnippet class.
Updated test fixtures to use decoded URLs across multiple languages.
Introduced CI pipeline for publishing to npm on release.
Enhanced contributing guidelines and updated project metadata.

Changes walkthrough 📝

Relevant files

Enhancement

2 files

httpsnippet.ts `Decode full URLs in HTTPSnippet class`	+3/-1
hopp-publish.yml `Add CI pipeline for npm publishing`	+28/-0

Tests

25 files

nested.js `Update test fixture with decoded URL`	+1/-1
nested.js `Update test fixture with decoded URL`	+1/-1
nested.js `Update test fixture with decoded URL`	+1/-1
nested.js `Update test fixture with decoded URL`	+1/-1
nested.php `Update test fixture with decoded URL`	+1/-1
nested.php `Update test fixture with decoded URL`	+1/-1
nested.java `Update test fixture with decoded URL`	+1/-1
nested.java `Update test fixture with decoded URL`	+1/-1
nested.java `Update test fixture with decoded URL`	+1/-1
nested.java `Update test fixture with decoded URL`	+1/-1
nested.swift `Update test fixture with decoded URL`	+1/-1
nested.cs `Update test fixture with decoded URL`	+1/-1
nested.cs `Update test fixture with decoded URL`	+2/-2
dont-deglob.sh `Update test fixture with decoded URL`	+1/-1
nested.sh `Update test fixture with decoded URL`	+1/-1
nested.sh `Update test fixture with decoded URL`	+1/-1
nested.sh `Update test fixture with decoded URL`	+1/-1
nested.rb `Update test fixture with decoded URL`	+1/-1
nested.go `Update test fixture with decoded URL`	+1/-1
nested.ps1 `Update test fixture with decoded URL`	+1/-1
nested.ps1 `Update test fixture with decoded URL`	+1/-1
nested.c `Update test fixture with decoded URL`	+1/-1
nested.ml `Update test fixture with decoded URL`	+1/-1
nested.kt `Update test fixture with decoded URL`	+1/-1
nested.m `Update test fixture with decoded URL`	+1/-1

Configuration changes

1 files

.editorconfig `Update editorconfig settings for trailing whitespace`	+2/-2

Documentation

2 files

CONTRIBUTING.MD `Expand contributing guidelines`	[link]
SECURITY.md `Remove redundant security reporting instructions`	+0/-9

Dependencies

2 files

package-lock.json `Update package metadata and dependencies`	+4/-4
package.json `Update package metadata and scripts`	+10/-8

Need help?
Type /help how to ... in the comments thread for any questions about Qodo Merge usage.
Check out the documentation for more information.

Summary by CodeRabbit

Documentation
- Revised security guidelines to improve clarity in reporting procedures.
Refactor
- Enhanced URL formatting in generated code across multiple language integrations, now displaying literal square brackets for clearer query parameter representation.
Chores
- Updated package metadata with a rebranded scoped name and adjusted version from 3.0.9 to 3.0.7, along with minor developer workflow enhancements.

sourcery-ai · 2025-03-08T11:58:49Z

Reviewer's Guide by Sourcery

This PR updates the package to Hoppscotch, fixes URL encoding issues, removes the security reporting process, and adds a GitHub Actions workflow for automated NPM publishing.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Updated package metadata, dependencies, and scripts in `package.json`.	Updated the package name to `@hoppscotch/httpsnippet`. Updated the author and homepage to Hoppscotch. Adjusted the node engine requirement. Updated the repository URL to Hoppscotch. Added `dev` and `test:watch` scripts for development. Updated version to 3.0.7	`package.json`
Removed the security reporting section from `SECURITY.md`.	Removed the 'How to Report' section, including instructions for reporting vulnerabilities via email.	`SECURITY.md`
Decoded the full URL to ensure proper handling of encoded characters.	Added `decodeURIComponent` to the `fullUrl` property.	`src/httpsnippet.ts`
Replaced encoded characters in URLs within fixture files.	Replaced `%5B` with `[` and `%5D` with `]` in the URL. This change affects multiple files across different target languages.	`src/targets/csharp/restsharp/fixtures/nested.cs` `src/targets/c/libcurl/fixtures/nested.c` `src/targets/csharp/httpclient/fixtures/nested.cs` `src/targets/go/native/fixtures/nested.go` `src/targets/java/asynchttp/fixtures/nested.java` `src/targets/java/nethttp/fixtures/nested.java` `src/targets/java/okhttp/fixtures/nested.java` `src/targets/java/unirest/fixtures/nested.java` `src/targets/javascript/fetch/fixtures/nested.js` `src/targets/javascript/jquery/fixtures/nested.js` `src/targets/javascript/xhr/fixtures/nested.js` `src/targets/kotlin/okhttp/fixtures/nested.kt` `src/targets/node/fetch/fixtures/nested.js` `src/targets/objc/nsurlsession/fixtures/nested.m` `src/targets/ocaml/cohttp/fixtures/nested.ml` `src/targets/php/curl/fixtures/nested.php` `src/targets/php/guzzle/fixtures/nested.php` `src/targets/ruby/native/fixtures/nested.rb` `src/targets/swift/nsurlsession/fixtures/nested.swift` `src/targets/powershell/restmethod/fixtures/nested.ps1` `src/targets/powershell/webrequest/fixtures/nested.ps1` `src/targets/shell/curl/fixtures/dont-deglob.sh` `src/targets/shell/curl/fixtures/nested.sh` `src/targets/shell/httpie/fixtures/nested.sh` `src/targets/shell/wget/fixtures/nested.sh`
Added a GitHub Actions workflow for publishing the package to NPM on release.	Configured a workflow that triggers on new releases. Sets up Node.js, installs dependencies, builds the package, and publishes it to NPM using a secret token.	`.github/workflows/hopp-publish.yml`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!
Generate a plan of action for an issue: Comment @sourcery-ai plan on
an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

coderabbitai · 2025-03-08T11:58:54Z

Walkthrough

The changes update various configurations and code behaviors. The global whitespace settings in .editorconfig have been modified, and a new GitHub Actions workflow has been added for automated npm publishing on release events. The package.json file has been rebranded with updates to version, package name, author, and scripts. Additionally, multiple target fixture files across several languages and frameworks have been updated to replace percent-encoded URL characters with their literal forms, and in one file the URL is now decoded before being returned.

Changes

File(s)	Change Summary
`.editorconfig`	Changed global whitespace and newline settings: `trim_trailing_whitespace` and `insert_final_newline` toggled from `true` to `false` (except for the fixtures section).
`.github/workflows/hopp-publish.yml`	Added a new GitHub Actions workflow to publish the package to npm on release events, including steps for checkout, Node.js setup, dependency installation, building, and publishing.
`SECURITY.md`	Removed the "How to Report" section outlining security vulnerability reporting instructions.
`package.json`	Updated package metadata: version downgraded from `3.0.9` to `3.0.7`, package renamed to `@hoppscotch/httpsnippet`, author and URLs updated, Node engine support adjusted, and new `dev`/`test:watch` scripts added.
`src/httpsnippet.ts`	Replaced the raw `fullUrl` with a URL-decoded version (`decodedFullUrl` via `decodeURIComponent`) in the returned object.
`src/targets/.../fixtures/*`	Modified URL strings in multiple target fixture files: replaced percent-encoded square brackets (`%5B`, `%5D`) and commas (`%2C`) with their literal characters to adjust how query parameters are represented.

Sequence Diagram(s)

sequenceDiagram
    participant R as Release Event
    participant G as GitHub Runner
    participant C as Checkout Step
    participant N as Node Setup
    participant I as Install & Build
    participant P as Publish
    R->>G: Trigger workflow on release
    G->>C: Checkout repository
    C-->>G: Source code
    G->>N: Setup Node.js environment
    N-->>G: Environment ready
    G->>I: Run npm install and build
    I-->>G: Build completed
    G->>P: Publish package to npm
    P-->>G: Confirmation of publication

Poem

I’m Rabbit, hopping with delight,
Code tweaks and workflows shining bright.
Whitespace settings now soft and kind,
URLs unmasked, no secrets confined.
With a skip and a jump in every line,
I cheer the changes—simply divine!
Keep on coding, let your dreams align! 🐇

✨ Finishing Touches

📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

codiumai-pr-agent-free · 2025-03-08T11:59:22Z

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review URL Decoding The PR adds URL decoding which changes the behavior of the library. Verify that this change is intentional and doesn't break existing functionality for clients that might expect encoded URLs. const decodedFullUrl = decodeURIComponent(fullUrl); return { ...request, allHeaders, fullUrl: decodedFullUrl, Inconsistent Output This file now contains both decoded and encoded URL formats in the same file. This seems inconsistent with the PR's purpose of standardizing on decoded URLs. curl --request GET --url 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value' Inconsistent Output Similar to the curl fixture, this file now contains both decoded and encoded URL formats in the same file, which seems inconsistent. http GET 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'

codiumai-pr-agent-free · 2025-03-08T11:59:41Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Avoid URL decoding The code is decoding the URL which can cause issues with special characters in URLs. This change removes URL encoding that might be necessary for proper HTTP requests. Many HTTP clients expect encoded URLs, and decoding them can break functionality, especially with special characters like brackets and commas. src/httpsnippet.ts [310-323] const fullUrl = urlFormat({ ...urlWithParsedQuery, ...uriObj, }); //? -const decodedFullUrl = decodeURIComponent(fullUrl); - return { ...request, allHeaders, - fullUrl: decodedFullUrl, + fullUrl, url, uriObj, }; `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical issue where decoding URLs can break functionality with special characters. The PR is specifically changing encoded URLs to decoded ones across many files, but this could cause problems with HTTP clients that expect properly encoded URLs.	High
General	Remove duplicate command The file contains duplicate curl commands with different URL encoding formats. This is likely unintentional and could cause confusion or errors when the script is executed. One of these lines should be removed. src/targets/shell/curl/fixtures/dont-deglob.sh [1-2] curl --request GET --url 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value' -curl --request GET --url 'http://mockbin.com/har?foo%5Bbar%5D=baz%2Czap&fiz=buz&key=value' `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that the file now contains duplicate curl commands with different URL encoding formats. This appears to be unintentional and could cause confusion when the script is executed.	Medium
More

sourcery-ai

Hey @FortiShield - I've reviewed your changes - here's some feedback:

Overall Comments:

Consider updating the package version in a separate commit to keep the core changes focused.
The changes to the fixtures seem to be just URL encoding; it would be good to confirm that this is the only change.

Here's what I looked at during the review

🟡 General issues: 2 issues found
🟢 Security: all looks good
🟢 Testing: all looks good
🟢 Complexity: all looks good
🟢 Documentation: all looks good

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

sourcery-ai · 2025-03-08T11:59:43Z

package.json

 {
-  "version": "3.0.9",
-  "name": "httpsnippet",
+  "version": "3.0.7",


question (bug_risk): Version number downgrade — verify if this version is intentional.

The version was changed from 3.0.9 to 3.0.7. Please confirm that this revision aligns with your intended release strategy.

sourcery-ai · 2025-03-08T11:59:43Z

SECURITY.md

-   - Potential impact
-   - Any relevant logs or screenshots
-
 ## What to Expect


suggestion: Consider adding back guidance on how to report vulnerabilities.

While the contact email is provided, the removed section "How to Report" contained valuable information about what details to include in a report. This could help users submit more effective reports. Perhaps a condensed version of the old section could be included.

Suggested change

## What to Expect

## How to Report

When reporting vulnerabilities, please include:

- A clear description of the issue and the steps required to reproduce it.

- Any relevant logs, screenshots, or sample code that illustrate the vulnerability.

- An assessment of the potential impact.

- Your contact information for follow-up questions.

You can reach our security team at [security@example.com](mailto:security@example.com).

## What to Expect

coderabbitai

Actionable comments posted: 4

🧹 Nitpick comments (3)

src/targets/shell/curl/fixtures/dont-deglob.sh (1)
1-1: Modification of URL encoding pattern

The change updates the URL from using percent-encoded characters to using literal characters (%5B → [, %5D → ], %2C → ,). This affects how the URL is interpreted.

While this may improve readability, be aware that:

Unencoded square brackets may cause issues with some shells due to glob expansion (though the filename suggests this is intentional)

Different servers may handle unencoded special characters differently

Consider adding a shebang to address the shellcheck warning:
+#!/bin/sh
 curl --request GET --url 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'
🧰 Tools

🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)
src/targets/shell/httpie/fixtures/nested.sh (1)
1-1: URL encoding pattern changed to use literal characters

The change replaces percent-encoded characters with their literal equivalents (%5B → [, %5D → ], %2C → ,).

This is consistent with similar changes across other fixture files and makes the examples more readable, though it has implications for how the query parameters are processed by the server.

Consider adding a shebang to address the shellcheck warning:
+#!/bin/sh
 http GET 'http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value'
🧰 Tools

🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)
.github/workflows/hopp-publish.yml (1)
1-28: Consider adding a workflow to test the package.

While this workflow handles publishing, adding a separate workflow to run tests on pull requests and pushes to main branches would improve code quality assurance.

Here's a simple example:
name: Test

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [14.x, 16.x, 18.x]
    steps:
      - uses: actions/checkout@v4
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - run: npm ci
      - run: npm run build
      - run: npm test
🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e0287f and 40575c4.

⛔ Files ignored due to path filters (1)

package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (30)

.editorconfig (1 hunks)
.github/workflows/hopp-publish.yml (1 hunks)
SECURITY.md (0 hunks)
package.json (3 hunks)
src/httpsnippet.ts (1 hunks)
src/targets/c/libcurl/fixtures/nested.c (1 hunks)
src/targets/csharp/httpclient/fixtures/nested.cs (1 hunks)
src/targets/csharp/restsharp/fixtures/nested.cs (1 hunks)
src/targets/go/native/fixtures/nested.go (1 hunks)
src/targets/java/asynchttp/fixtures/nested.java (1 hunks)
src/targets/java/nethttp/fixtures/nested.java (1 hunks)
src/targets/java/okhttp/fixtures/nested.java (1 hunks)
src/targets/java/unirest/fixtures/nested.java (1 hunks)
src/targets/javascript/fetch/fixtures/nested.js (1 hunks)
src/targets/javascript/jquery/fixtures/nested.js (1 hunks)
src/targets/javascript/xhr/fixtures/nested.js (1 hunks)
src/targets/kotlin/okhttp/fixtures/nested.kt (1 hunks)
src/targets/node/fetch/fixtures/nested.js (1 hunks)
src/targets/objc/nsurlsession/fixtures/nested.m (1 hunks)
src/targets/ocaml/cohttp/fixtures/nested.ml (1 hunks)
src/targets/php/curl/fixtures/nested.php (1 hunks)
src/targets/php/guzzle/fixtures/nested.php (1 hunks)
src/targets/powershell/restmethod/fixtures/nested.ps1 (1 hunks)
src/targets/powershell/webrequest/fixtures/nested.ps1 (1 hunks)
src/targets/ruby/native/fixtures/nested.rb (1 hunks)
src/targets/shell/curl/fixtures/dont-deglob.sh (1 hunks)
src/targets/shell/curl/fixtures/nested.sh (1 hunks)
src/targets/shell/httpie/fixtures/nested.sh (1 hunks)
src/targets/shell/wget/fixtures/nested.sh (1 hunks)
src/targets/swift/nsurlsession/fixtures/nested.swift (1 hunks)

💤 Files with no reviewable changes (1)

SECURITY.md

🧰 Additional context used

🪛 Shellcheck (0.10.0)

src/targets/shell/curl/fixtures/dont-deglob.sh

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

src/targets/shell/httpie/fixtures/nested.sh

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🪛 actionlint (1.7.4)

.github/workflows/hopp-publish.yml

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (28)

src/targets/powershell/restmethod/fixtures/nested.ps1 (1)

1-1: URL encoding changed from percent-encoded to literal characters

The URL in the Invoke-RestMethod call has been changed to use literal square brackets and commas instead of their percent-encoded equivalents.

This change is consistent with modifications in other fixture files across the repository.

src/targets/javascript/jquery/fixtures/nested.js (1)

4-4: URL encoding pattern updated to use literal characters

The URL has been modified to use literal square brackets and commas instead of their percent-encoded equivalents (%5B → [, %5D → ], %2C → ,).

This change aligns with the consistent pattern applied across all fixture files in this PR.

src/targets/php/curl/fixtures/nested.php (1)

6-6: URL encoding changed to use literal characters

The URL in CURLOPT_URL has been modified to use literal square brackets and commas instead of their percent-encoded equivalents.

This is part of a consistent pattern applied across all fixture files, making the examples more readable. In PHP's context, this works correctly as the square brackets in the URL will be properly handled by curl.

src/targets/shell/curl/fixtures/nested.sh (1)

1-2: Ensure URL Consistency Across Shell Fixtures

The updated URL now uses literal square brackets ([, ]) and an unencoded comma, which aligns with the standardized approach across targets. Please verify that the target server correctly interprets these characters.

🧰 Tools

🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

src/targets/ocaml/cohttp/fixtures/nested.ml (1)

5-5: Consistent URI Handling in OCaml

The change to use an unencoded URL string with literal square brackets and commas in the Uri.of_string call is consistent with the other modifications in this PR. Confirm that the OCaml Cohttp library processes such URIs properly.

src/targets/go/native/fixtures/nested.go (1)

11-12: Standardized URL Formatting in Go

The updated URL in the Go fixture now uses literal square brackets and commas instead of percent-encoded values. This change improves consistency across the codebase. Please ensure that the Go HTTP client parses the URL as expected.

src/targets/java/nethttp/fixtures/nested.java (1)

1-2: Unified URL Representation in Java

The updated URI in the Java HTTP request now directly uses literal square brackets and commas. This adjustment is in harmony with the project's overall URL formatting goals. Verify that URI.create() and the Java HTTP client correctly interpret the unencoded query parameters.

src/targets/javascript/fetch/fixtures/nested.js (1)

1-1: Modernized URL Construction in Fetch Request

The URL constant now uses literal square brackets and a comma in line with the revised formatting standards across the PR. Ensure that the environment using fetch supports this URL format without issues.

src/targets/csharp/restsharp/fixtures/nested.cs (1)

1-1: URL encoding change looks good

Changed from percent-encoded to literal square brackets in the query parameter. This makes the URL more readable while maintaining the same functionality.

src/targets/php/guzzle/fixtures/nested.php (1)

5-5: URL encoding standardization approved

The URL now uses literal square brackets ([]) and comma instead of percent-encoded characters (%5B, %5D, %2C). This change is consistent with the updates made across other language fixtures.

src/targets/java/okhttp/fixtures/nested.java (1)

4-4: URL character encoding simplified

Changed from percent-encoded characters to literal characters in the URL query parameters. This improves code readability while maintaining the same request functionality.

src/targets/java/unirest/fixtures/nested.java (1)

1-1: URL encoding standardization across fixtures

Updated the URL to use literal square brackets and comma instead of their percent-encoded equivalents. This change aligns with similar updates in other language fixtures in this PR.

src/targets/kotlin/okhttp/fixtures/nested.kt (1)

4-4: URL encoding has been modified.

The URL now uses unencoded square brackets [] and comma , in the query parameters instead of their percent-encoded equivalents (%5B, %5D, %2C). This change is part of a larger pattern across the codebase to standardize URL representation.

While this change is consistent with the modifications in other files, be aware that:

Some servers or frameworks may interpret unencoded square brackets differently (especially in nested parameter structures)

Technically, square brackets are reserved characters that should be percent-encoded according to RFC 3986

Has this change been tested with the target server to ensure it handles the unencoded characters correctly?

src/targets/java/asynchttp/fixtures/nested.java (1)

2-2: URL encoding has been modified.

The URL now uses unencoded square brackets [] and comma , in the query parameters instead of their percent-encoded equivalents. This change is part of a consistent pattern across the codebase's fixtures.

While the change streamlines the URL representation, be mindful that:

Different server-side frameworks may parse unencoded square brackets differently (especially PHP, Rails, etc.)

Per RFC 3986, square brackets are reserved characters that should be percent-encoded

Ensure this representation works correctly with the target server and confirm if this is an intentional standardization approach.

src/targets/javascript/xhr/fixtures/nested.js (1)

12-12: URL encoding has been modified.

The URL now uses unencoded square brackets [] and comma , in the query parameters instead of their percent-encoded equivalents. This change follows the same pattern seen in other fixture files.

Consider the following:

Browser XHR implementations may handle the encoding differently than expected

Some frameworks automatically encode URLs again before sending

Modern browsers typically handle unencoded brackets in query parameters well, but older ones might not

Verify this works across the browser targets this code is expected to support.
src/targets/ruby/native/fixtures/nested.rb (1)

4-4:
Details

❓ Verification inconclusive

URL encoding has been modified.

The URL now uses unencoded square brackets [] and comma , in the query parameters rather than percent-encoded equivalents. This change is consistent with similar modifications across the codebase.

In Ruby, this change has additional implications:

Ruby's URI class may behave differently with unencoded square brackets

Ruby web frameworks like Rails have special parsing for parameters with square brackets, interpreting them as nested parameters

🏁 Script executed:
#!/bin/bash
# Check how Ruby's URI class handles unencoded square brackets
ruby -ruri -e 'url = URI("http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value"); puts "Original: #{url}"; puts "Escaped: #{URI.escape(url.to_s)}"'
Length of output: 560
Attention: Verify URL Encoding Behavior in Ruby

The changes in src/targets/ruby/native/fixtures/nested.rb are intentional and consistent with similar modifications across the codebase—the URL now includes unencoded square brackets ([]) and commas (,) in its query parameters. Note that:
The URL is defined as:
url = URI("http://mockbin.com/har?foo[bar]=baz,zap&fiz=buz&key=value")
When processed by Ruby’s URI class, the input URL remains unchanged. Our verification script shows the original URL prints without any encoding.

An attempted use of URI.escape resulted in a NoMethodError because that method has been removed in recent Ruby versions.

Additionally, be aware that frameworks like Rails interpret query parameters with square brackets as nested parameters, which could affect parameter parsing downstream.
Please manually verify that this behavior aligns with the expected functionality in your specific Ruby/Rails environment.
src/targets/shell/wget/fixtures/nested.sh (1)

4-4: URL encoding changed to use literal characters instead of percent-encoded values.

The URL now uses literal square brackets [ and ] and a comma instead of their percent-encoded equivalents (%5B, %5D, and %2C). While this makes the URL more readable, be aware that according to RFC 3986, square brackets are reserved characters in URLs and should typically be percent-encoded.

This change appears to be part of a consistent pattern across multiple files, suggesting an intentional modification to how URLs are represented. Please ensure this aligns with your server's expectations, as some servers might interpret unencoded square brackets differently than their encoded equivalents.

src/targets/csharp/httpclient/fixtures/nested.cs (1)

6-6: URL encoding changed to use literal characters instead of percent-encoded values.

The URI now uses literal square brackets [ and ] and a comma instead of their percent-encoded equivalents (%5B, %5D, and %2C). Note that the Uri class in C# might re-encode these characters when the request is sent, depending on which characters it considers reserved.

This change is consistent with modifications in other files. Verify that the HttpClient properly handles these characters as intended when making the request.

src/targets/c/libcurl/fixtures/nested.c (1)

4-4: URL encoding changed to use literal characters instead of percent-encoded values.

The URL passed to curl_easy_setopt now uses literal square brackets [ and ] and a comma instead of their percent-encoded equivalents (%5B, %5D, and %2C). libcurl's behavior with these unencoded characters will depend on its configuration.

This change is consistent with modifications in other files. Verify that the libcurl properly handles these characters when making the request and that the server interprets them as expected.

src/targets/powershell/webrequest/fixtures/nested.ps1 (1)

1-1: URL encoding changed to use literal characters instead of percent-encoded values.

The URI now uses literal square brackets [ and ] and a comma instead of their percent-encoded equivalents (%5B, %5D, and %2C). PowerShell's Invoke-WebRequest cmdlet may handle these characters differently depending on the PowerShell version.

This change is consistent with modifications in other files. Ensure that PowerShell properly sends the request with these characters as intended and that the server interprets them correctly.

src/targets/objc/nsurlsession/fixtures/nested.m (1)

3-3: URL Decoding Update in Objective-C Fixture

The URL string has been updated to use literal square brackets in the query parameter instead of percent-encoded values. This change is consistent with similar modifications elsewhere in the repository. Please verify that the target server accepts these literal characters and that no unintended side effects occur with URL parsing.

src/targets/node/fetch/fixtures/nested.js (1)

3-3: URL Decoding Update in Node.js Fixture

The URL now directly includes literal square brackets for the query parameter, aligning it with changes implemented across other language targets. Ensure that the node-fetch library and the backend correctly interpret these unencoded characters in your GET request processing.

src/targets/swift/nsurlsession/fixtures/nested.swift (1)

3-3: Literal Square Brackets in Swift Fixture URL

The URL in this Swift fixture now contains literal square brackets in the query parameter rather than their percent-encoded counterparts. This update is in line with the overall approach seen in similar files. Additionally, consider whether force-unwrapping via ! is acceptable in this context (fixture code) or if safer unwrapping should be adopted in production code.

.editorconfig (1)

9-10: Consider maintaining standard whitespace practices.

The changes to turn off trim_trailing_whitespace and insert_final_newline deviate from common development practices. Not having a final newline can cause issues with certain tools, and preserving trailing whitespace may lead to unnecessary diff changes during collaboration.

Would you like to know more about the benefits of these standard practices?
package.json (2)

64-65: LGTM: Development script improvements.

The addition of dev and test:watch scripts improves the development workflow by enabling continuous compilation and testing.

2-2:
Details

❓ Verification inconclusive

Version downgrade from 3.0.9 to 3.0.7.

Downgrading the version number is unusual and may cause issues for users who were already using version 3.0.9. Consider maintaining semantic versioning best practices.

🌐 Web query:
What are the implications of downgrading an NPM package version number?
💡 Result:

Downgrading an NPM package version can have significant technical and operational implications, particularly in dependency management, security, and compatibility. Below are the key considerations:

1. Compatibility Risks

Dependency Conflicts: Downgrading a package may create incompatibilities with other dependencies that rely on newer versions of the same package[3][12]. For example, if Package A depends on lodash@^4.0.0 and is downgraded to lodash@3.0.0, downstream packages expecting modern methods may fail[6][9].

Peer Dependencies: Downgrades of peer dependencies (e.g., React) often require dependent packages to adjust their own versions, potentially cascading into breaking changes[4][12].

Toolchain Issues: Older package versions may lack support for newer Node.js or npm features, causing build failures or runtime errors[1][8].

2. Security Vulnerabilities

Exposure to Known Risks: Older versions may reintroduce security flaws patched in later releases. For example, downgrading express from 5.x to 4.x could expose the project to vulnerabilities resolved in v5[1][7].

Audit Failures: Tools like npm audit flag outdated packages, potentially blocking CI/CD pipelines or requiring overrides[7].

3. Loss of Features and Bug Fixes

Regression of Fixes: Downgrading forfeits bug fixes introduced in newer versions. For instance, reverting webpack from 5.75.0 to 5.74.0 might reintroduce a critical bundling bug resolved in the later version[3][10].

Feature Unavailability: Functionality added in minor/patch updates (e.g., performance improvements or API expansions) becomes inaccessible[4].

4. Impact on Semantic Versioning

Version Locking: Downgrades often lead to stricter version pinning (e.g., replacing ^2.1.0 with 2.0.0), reducing flexibility for future updates[3][12].

Semver Violations: If a downgrade crosses a major version boundary (e.g., 3.0.0 → 2.1.0), it may violate semantic versioning rules, requiring major version increments in dependent packages[4][12].

5. Dependency Resolution Challenges

npm Update Behavior: npm prioritizes satisfying version ranges across dependencies. Downgrades may force npm to install older sub-dependencies, creating complex resolution trees[6][9].

Global Installs: Downgrading global packages (e.g., npm install -g npm@6) can delete unrelated global modules if not handled carefully[13].

When to Downgrade

Reactive Scenarios: Address critical bugs or incompatibilities introduced by a new version[3][8].

Preventive Measures: Avoid anticipated issues in upcoming releases (e.g., unstable beta features)[3].

Best Practices

Test Downgrades Locally: Use tools like nvm to isolate Node.js environments[2][8].

Audit Dependencies: Run npm audit and check release notes for downgrade impacts[7][10].

Pin Versions Conservatively: Specify exact versions (e.g., 1.2.3) or narrow ranges (e.g., ~1.2.0) in package.json[9][12].

Document Rationale: Track downgrade reasons in commit messages or project docs to aid future maintenance[3].

Dowgrading should be a deliberate decision, balancing immediate stability needs against long-term technical debt. Always validate downgrades in a staging environment and monitor for unintended side effects.

Citations:

1: https://www.squash.io/how-to-downgrade-npm-to-a-specific-version/

2: https://visionx.io/blog/check-and-change-node-version/

3: https://sail.cs.queensu.ca/data/pdfs/TSE2019_AnEmpiricalStudyOfDependencyDowngradesInTheNpmEcosystem.pdf

4: https://8hob.io/posts/semantic-versioning-npm-packages-after-dependency-update/

5: https://hackernoon.com/best-way-to-install-node-and-keep-it-up-to-date

6: https://docs.npmjs.com/cli/v8/commands/npm-update

7: https://docs.npmjs.com/cli/v9/commands/npm-audit/

8: https://refine.dev/blog/change-node-version/

9: https://dev.to/typescripttv/understanding-npm-versioning-3hn4

10: https://www.mend.io/blog/npm-how-to-install-a-specific-version-of-node-js-package/

11: https://www.casaflora.ca/Trending/downgrade-node-version

12: https://docs.npmjs.com/about-semantic-versioning/

13: npm/cli#3671
Attention: Confirm Version Downgrade Intent

The change in package.json (Line 2) downgrades the version from 3.0.9 to 3.0.7. Downgrading may introduce several risks:

Dependency Issues: Users or dependent packages expecting fixes or features from 3.0.9 might face compatibility conflicts.

Security Vulnerabilities: Older versions could reintroduce bugs or security flaws patched in later releases.

Loss of Improvements: Any bug fixes or enhancements in 3.0.9 will be lost.

Please ensure this downgrade is intentional and that its rationale is clearly documented. Verify its impact on dependency management and user experience before finalizing.
src/httpsnippet.ts (1)

315-321:
Details

✅ Verification successful

Improved URL handling with decoding.

Decoding the URL before returning it improves readability by converting percent-encoded characters (like %20) to their literal forms (like spaces), which is likely a better user experience.

However, verify this change doesn't introduce issues with URL handling in downstream components that might expect URLs in their encoded form.

🏁 Script executed:
#!/bin/bash
# Check if there are any dependencies on fullUrl being in encoded format
rg -A 3 -B 3 "fullUrl" --glob="!src/httpsnippet.ts" --glob="*.ts" --glob="*.js"
Length of output: 26672
URL Decoding Implementation Verified

The investigation confirms that decoding the URL in src/httpsnippet.ts (lines 315–321) improves readability without breaking downstream usage. A grep search revealed that downstream components and tests (e.g., in src/httpsnippet.test.ts and various client converters) expect the URL to be in its decoded form or are properly quoting it for command generation. No dependency was found that requires the URL to remain percent-encoded.

The test in src/httpsnippet.test.ts expects the decoded URL.

Various target conversion modules simply pass fullUrl to helper functions (such as quote) that handle the string correctly.

No conflicting usages were identified in other parts of the repository.
.github/workflows/hopp-publish.yml (1)

26-28: Ensure NPM_PUBLISH_ACCESS_TOKEN secret is configured.

The workflow uses NPM_PUBLISH_ACCESS_TOKEN for npm authentication. Verify this secret is configured in the repository settings before creating a release.

coderabbitai · 2025-03-08T12:04:04Z

package.json

  ],
  "engines": {
-    "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0"
+    "node": "^14.19.1 || ^16.14.2 || ^18.0.0 "


⚠️ Potential issue

Inconsistent Node.js version requirements.

The package.json removes support for Node.js 20, but the new GitHub workflow uses Node 20 for publishing. This inconsistency could lead to build issues.

- "node": "^14.19.1 || ^16.14.2 || ^18.0.0 " + "node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"node": "^14.19.1 || ^16.14.2 || ^18.0.0 "

"node": "^14.19.1 || ^16.14.2 || ^18.0.0 || ^20.0.0"

coderabbitai · 2025-03-08T12:04:04Z

package.json

+  "name": "@hoppscotch/httpsnippet",
  "description": "HTTP Request snippet generator for *most* languages",
-  "author": "Kong <office@konghq.com>",
-  "homepage": "https://github.com/Kong/httpsnippet",
+  "author": "Hoppscotch Team <support@hoppscotch.io>",
+  "homepage": "https://github.com/Hoppscotch/httpsnippet",


💡 Verification agent

🧩 Analysis chain

Package rebranding from Kong to Hoppscotch.

The package has been rebranded from Kong to Hoppscotch, including package name, author, homepage, repository, and bugs URL. Ensure that all other references to Kong throughout the codebase are also updated for consistency.

Also applies to: 46-48

🏁 Script executed:

#!/bin/bash # Search for any remaining references to Kong in the codebase rg -i "kong" --glob="!.git/*" --glob="!node_modules/*" --glob="!package.json"

Length of output: 2384

Action Required: Update remaining "Kong" references to "Hoppscotch" across the codebase.

The rebranding in package.json is correctly updated, but several files still contain "Kong." In particular:

src/httpsnippet.test.ts

Update string literals such as "Kong-Admin-Token" to reflect the new naming (e.g., "Hoppscotch-Admin-Token") if applicable.

SECURITY.md

Revise vulnerability contact details and links that reference Kong.

README.md and CONTRIBUTING.MD

Replace references in badges, repository URLs, and guidelines.

LICENSE

Confirm that company attribution is updated if required by the rebranding.

Also, ensure similar changes for any lines (like the noted 46-48) that refer to Kong. Please review and update these occurrences for consistency.

coderabbitai · 2025-03-08T12:04:04Z

.github/workflows/hopp-publish.yml

+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3


⚠️ Potential issue

Update GitHub Actions checkout version.

The checkout action version is outdated. GitHub recommends using the latest versions of actions for better compatibility and security.

- uses: actions/checkout@v3 + uses: actions/checkout@v4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

uses: actions/checkout@v3

uses: actions/checkout@v4

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

coderabbitai · 2025-03-08T12:04:04Z

.github/workflows/hopp-publish.yml

+          node-version: 20
+          cache: 'npm'
+          registry-url: "https://registry.npmjs.org"


💡 Verification agent

🧩 Analysis chain

Verify Node.js compatibility with package requirements.

The workflow uses Node.js 20, but the package.json's engines field excludes Node.js 20. Ensure these are aligned to avoid build issues.

Either update the package.json engines field to include Node.js 20 (as mentioned in my previous comment) or update this workflow to use a supported Node.js version.

Below is a shell script you can run to inspect the Node.js version (the "engines" field) specified in your package.json file. This will help verify whether there’s a mismatch with the workflow’s usage of Node.js 20:

Action Required: Align Node.js Versions

The workflow file (.github/workflows/hopp-publish.yml, lines 18–20) sets node-version: 20.

According to the review comment, the package.json’s engines field does not include Node.js 20.

Please verify the output of the above script. Then either update package.json’s engines field to include Node.js 20 or adjust the workflow to use a Node.js version that is supported by your package.

🏁 Script executed:

#!/bin/bash # Check if package.json exists and display its "engines" field. if [ -f package.json ]; then echo "package.json found. Current Node.js engine specification:" jq '.engines' package.json || echo "Unable to parse the engines field." else echo "package.json not found in the repository root." fi

Length of output: 226

Action Required: Align Node.js Versions

The workflow at .github/workflows/hopp-publish.yml (lines 18–20) currently specifies node-version: 20, but your package.json’s engines field supports only Node.js versions ^14.19.1 || ^16.14.2 || ^18.0.0. This version mismatch could lead to build issues.

Option 1: Update the package.json engines field to include Node.js 20 if you intend to use it.

Option 2: Modify the workflow to use a Node.js version supported by your package.json.

…ed (#5) * fix : invalid query string when duplicate query param keys are provided * added relevant test cases

nivedin and others added 9 commits February 4, 2025 14:51

chore: update package

093995a

chore: update contributing guidelines

555174e

chore: decode full url

0af313a

feat: add ci pipeline to publish to npm on release

cebda7f

chore: fix test and update editorconfig

8497b5b

chore: fix markdown lint

4fea716

fix: broken ci

2cbee85

fix: correct broken package + bump to 3.0.6

1acfcca

chore: bump version

40575c4

codiumai-pr-agent-free bot added the Review effort 2/5 label Mar 8, 2025

sourcery-ai bot reviewed Mar 8, 2025

View reviewed changes

FortiShield changed the base branch from master to FortiShield-patch-1 March 8, 2025 12:02

coderabbitai bot reviewed Mar 8, 2025

View reviewed changes

nivedin and others added 7 commits July 9, 2025 17:45

feat: secret env variable case handle

2676dac

fix : invalid query string when duplicate query param keys are provid…

74b9a70

…ed (#5) * fix : invalid query string when duplicate query param keys are provided * added relevant test cases

chore: bump version

742bd59

chore: minor update

63d27b9

chore: bump version

32de056

chore: bump version

09f17af

chore: bump version

7acb63c

-## What to Expect
+## How to Report
+When reporting vulnerabilities, please include:
+- A clear description of the issue and the steps required to reproduce it.
+- Any relevant logs, screenshots, or sample code that illustrate the vulnerability.
+- An assessment of the potential impact.
+- Your contact information for follow-up questions.
+You can reach our security team at [security@example.com](mailto:security@example.com).
+## What to Expect

	"node": "^14.19.1 \|\| ^16.14.2 \|\| ^18.0.0 "
	"node": "^14.19.1 \|\| ^16.14.2 \|\| ^18.0.0 \|\| ^20.0.0"

init #4

Are you sure you want to change the base?

init #4

Uh oh!

Conversation

FortiShield commented Mar 8, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

User description

PR Type

Description

Changes walkthrough 📝

Summary by CodeRabbit

Uh oh!

sourcery-ai bot commented Mar 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviewer's Guide by Sourcery

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

coderabbitai bot commented Mar 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

codiumai-pr-agent-free bot commented Mar 8, 2025

PR Reviewer Guide 🔍

Uh oh!

codiumai-pr-agent-free bot commented Mar 8, 2025

PR Code Suggestions ✨

Uh oh!

sourcery-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

sourcery-ai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

sourcery-ai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

1. Compatibility Risks

2. Security Vulnerabilities

3. Loss of Features and Bug Fixes

4. Impact on Semantic Versioning

5. Dependency Resolution Challenges

When to Downgrade

Best Practices

Uh oh!

coderabbitai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 8, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

FortiShield commented Mar 8, 2025 •

edited by coderabbitai bot

Loading

sourcery-ai bot commented Mar 8, 2025 •

edited

Loading

coderabbitai bot commented Mar 8, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)