Problem: runtime(tar): missing path traversal checks in tar#Extract()
Solution: Add check for leading slash, however gnu tar should already
detect this (q1uf3ng)
tar#Extract() did not check for ../ sequences or absolute paths,
unlike zip#Extract() which was patched in recent commits. Add the
same checks: ../ (relative traversal), leading slash (Unix), drive
letter and UNC/leading slash (Windows).
closes: vim/vim#19981490b737f3e
Co-authored-by: q1uf3ng <q1uf3ng@protone.me>
zip#Write(): the Windows path check did not match a single leading
slash (/path), which resolves to the current drive root on Windows.
Simplify the regex to match any leading slash or backslash.
zip#Extract(): add absolute path checks for both Unix and Windows,
matching the existing checks in zip#Write().
closes: vim/vim#19976351a16c88f
Co-authored-by: q1uf3ng <q1uf3ng@protone.me>
Problem:
The window opened by `vim.lsp.util.open_floating_preview()`
allows its buffer to be switched. Presumably that only happens
by accident and is disorienting.
Solution:
Set 'winfixbuf' in the open_floating_preview() window.
continues d0af4cd909.
This commit renames positional parameters. This is only "cosmetic", but
is intended to make it extra clear which name is preferred, since people
often copy existing code despite the guidelines in `:help dev-naming`.
Problem:
To support `collapsedText`, which allows the LSP server to determine the
content of the foldtext, we provided `vim.lsp.foldtext()`. However, such
content does not have highlighting.
Solution
Treat the filetype of `collapsedText` as the filetype of the corresponding
buffer and use tree-sitter to highlight it.
In 3a4a66017b, 4d3a67cd62, df8d98173c we renamed "buffer" to "buf"
in dict parameters and return-values.
This commit renames positional parameters. This is only "cosmetic", but
is intended to make it extra clear which name is preferred, since people
often copy existing code despite the guidelines in `:help dev-naming`.
Extract the diagnostic implementation from
runtime/lua/vim/diagnostic.lua into focused internal modules covering
config, display, float rendering, jump/list helpers, namespace and
storage management, severity/shared utilities, and statusline support.
Move the builtin handlers into runtime/lua/vim/diagnostic/handlers/ and
keep runtime/lua/vim/diagnostic.lua as the public facade that lazily
dispatches to the split modules. This preserves the external
vim.diagnostic API while making the implementation easier to navigate
and reason about.
AI-assisted: Codex
Replace the busted-based Lua test runner with a repo-local harness.
The new harness runs spec files directly under `nvim -ll`, ships its own
reporter and lightweight `luassert` shim, and keeps the helper/preload
flow used by the functional and unit test suites.
Keep the file boundary model shallow and busted-like by restoring `_G`,
`package.loaded`, `package.preload`, `arg`, and the process environment
between files, without carrying extra reset APIs or custom assertion
machinery.
Update the build and test entrypoints to use the new runner, add
black-box coverage for the harness itself, and drop the bundled
busted/luacheck dependency path.
AI-assisted: Codex
Problem: The cursor shape is changed to indicate when it is behind an
unfocused floating window (since a2b92a5e). This behavior
cannot be controlled by a floating window that doesn't want
to dim the cursor.
Solution: Assign a zindex-offset of 50 to the zindex of the current
window. To not dim the cursor when creating a floating window
on top of the current window one can assign the zindex
accordingly.
Problem:
- Not obvious which _meta/ are generated and which should be edited
manually.
- The require guard (`error('Cannot require a meta file')`) is not
consistently present in all meta files.
Solution:
- Update headers.
- Add require() guard to all meta files.
- Rename generated meta files with `.gen.lua`.
Problem:
- Lots of redundant text in options docs for "not allowed in
a modeline", even though we already have a flag that indicates that.
- `deny_in_modelines` is an old vestigial flag only used by 'encoding'
(which never changes).
Solution:
- Generate docs based on the `secure` flag.
- Remove the `deny_in_modelines` flag (`kOptFlagNoML`).
Problem:
Neovim's Node.js provider does not support the Bun package manager.
PR #26829 attempted to add this but used a hardcoded path and was abandoned.
Solution:
- Use `bun pm bin -g` to dynamically locate the global binary directory.
- Update `health.lua` to recognize bun installations.
Problem: vim.lsp.util.show_document insert mode is unable
to set the cursor after the target character position if the target character
is at end of line.
Solution: Move cursor after the target character (in append position)
in this case.
Problem: _get_and_set_name edits the name for the whole group,
thus only one client per group gets the didOpen message.
Solution: move the logic to _changetracking and loop over every
client per group.
Problem:
If `'keywordprg'` begins with `:`, `3K` turns the count into an Ex
range. Commands that don't support that then fail. Vim passes the count
as the first arg (see #19436, vim/vim#10745).
Solution:
Pass `[count]` as the first arg for `'keywordprg'`.
Problem: hlgroup2dict passes &ns_id to ns_get_hl twice. The first call
(link=true) sets *ns_hl = 0 when link_global is set, so the second call
and the sg_cleared guard both see ns_id == 0 and bail out. The group is
silently dropped from the result.
Solution: use a temporary copy of ns_id for each ns_get_hl call so the
original value is preserved.
Problem:
On Git versions 2.13..2.26 there is a bug that prevents using
`stash --message`.
Solution:
Use the full `stash push --message` form to avoid that bug.
Problem: hover/signature callback lacked consistency checks, so slow LSP servers
could open a float after the cursor had already moved away.
Solution: guard the callback with buf validity, buf version, and cursor
position checks before opening the float. Also fix table capacity calculation.
Problem:
When a new textDocument/codeLens response arrives with unresolved lenses,
on_win clears the existing codelens row before codeLens/resolve
completes. This causes the displayed codelens text to flicker while
typing.
Solution:
Keep the current virtual lines if any of the refreshed lenses are still
unresolved. Clear the old virtual lines only when the line no longer has
lenses or all its lenses are resolved.
A trade-off is that the user may temporarily see outdated codelenses.
However, that's preferable to spamming updates on every refresh.
AI-assisted: Codex
Problem: If the lockfile points to the revision that is not on disk, the
`:checkhealth vim.pack` suggests to run `vim.pack.update()`. Although
usually it should resolve the problem, it is not always the case: like
if the state on disk is already the latest available.
Solution: Add an extra suggestion with a more drastic measure by
manually removing `rev` field from the lockfile for it to be repaired
after the `:restart`.
Problem: runtime(tar): but with dotted path
Solution: Do not strip everything after the first dot
(Aaron Burrow)
tar#Extract was getting the extensionless basename by
stripping away everything starting with the leftmost
dot. So if a directory had a dot or the file had an
'extra' dot then the code did the wrong thing. For
example, if it was given:
/tmp/foo.bar/baz.tar.gz
Then it would treat /tmp/foo as the extensionless
basename, but it actually should have grabbed:
/tmp/foo.bar/baz
This patch fixes the issue by instead looking at the
rightmost dot(s).
This bug was discovered by ChatGPT 5.4. I wrote the
patch and tested vim.
closes: vim/vim#199304a1bcc67b4
Co-authored-by: Aaron Burrow <burrows@fastmail.com>
Problem: patch 9.2.0325: runtime(tar): bug in zstd handling
Solution: use correct --zstd argument, separated from other arguments,
rework testing framework (Aaron Burrow).
The tar.vim plugin allows vim to read and manipulate zstd archives,
but it had a bug that caused extraction attempts to fail.
Specifically, if the archive has a .tar.zst or .tzst extension, then
the code was generating invalid extraction commands that looked like
this:
tar --zstdpxf foo.tar.zst foo
When they should be like this:
tar --zstd -pxf foo.tar.zst foo
This patch changes the flag manipulation logic so that --zstd isn't
glued to pxf.
The labor for this change was divided between ChatGPT 5.4 and me.
ChatGPT 5.4 identified the issue (from a code scan?), and I wrote
the patch and tested vim.
related: vim/vim#1993000285c035a
Note: tests need the next patch to pass in Nvim.
Co-authored-by: Aaron Burrow <burrows@fastmail.com>
The regex for status line highlighting was too broad, `jjComment` lines
containing e.g. the letter 'A' followed by a space anywhere in the line
were highlighted.
related: vim/vim#19879959817472d
Co-authored-by: Joël Stemmer <jstemmer@google.com>
Problem:
`vim.lsp.buf.definition`/`vim.lsp.buf.declaration` use the same underlying code
via `get_locations`, whereas `vim.lsp.buf.reference` does not. This is because
`buf.reference` does not perform a jump when there is only one item.
Solution:
In #38510, I simplified the jump logic using `:cfirst`, so they can now share
code more easily. Additionally, this PR enables `buf.definition` to display the
corresponding qflist name.
