You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release is all about juicin’ UI perf. We did a ton of work around it, and it should be particularly noticeable with long sessions, long messages, long, open-toggled thinking blocks, mouse selection, scrolling and stuff like that.
We always strive to make the Crush user experience top-notch, so if you notice any places where perf is suffering please let us know!
Have a great weekend,
The Charm Team
Changelog
Fixed
646a505: fix(ui): keep tool spinners animating during long-running tasks (@meowgorithm)
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range
<=v7.0.0
Fixed version
Not Fixed
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.346%
EPSS Percentile
57th percentile
Description
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range
<=7.0.0
Fixed version
Not Fixed
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.149%
EPSS Percentile
35th percentile
Description
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
golang.org/x/image0.38.0 (golang)
pkg:golang/golang.org/x/image@0.38.0
Affected range
<0.39.0
Fixed version
0.39.0
EPSS Score
0.063%
EPSS Percentile
20th percentile
Description
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
Affected range
<0.39.0
Fixed version
0.39.0
EPSS Score
0.012%
EPSS Percentile
2nd percentile
Description
Parsing a malicious font file can cause excessive memory allocation.
Disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
nicholasdille-bot
left a comment
This PR contains the following updates:
0.69.0→0.69.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
charmbracelet/crush (crush)
v0.69.1Compare Source
It’s Perf Time
This release is all about juicin’ UI perf. We did a ton of work around it, and it should be particularly noticeable with long sessions, long messages, long, open-toggled thinking blocks, mouse selection, scrolling and stuff like that.
We always strive to make the Crush user experience top-notch, so if you notice any places where perf is suffering please let us know!
Have a great weekend,
The Charm Team
Changelog
Fixed
646a505: fix(ui): keep tool spinners animating during long-running tasks (@meowgorithm)Other stuff
30f9c6e: chore(ui): make spinner deterministic for testing (@meowgorithm)8370edb: perf(chat): cache the parts of an assistant message separately (@meowgorithm)771117c: perf(chat): cache the prefixed render of chat messages (@meowgorithm)77b6c38: perf(chat): only render the chat lines that fit on screen (@meowgorithm)1c7ccfd: perf(chat): reuse the rendered prefix of a streaming reply (@meowgorithm)43b986c: perf(chat): show only the tail of long reasoning blocks when expanded (@meowgorithm)65f30a1: perf(chat): skip re-parsing the rendered chat when nothing has changed (@meowgorithm)6b101f3: perf(chat): skip re-rendering chat list items that have not changed (@meowgorithm)6938ded: perf: batch streaming message updates (@meowgorithm)Verifying the artifacts
First, download the
checksums.txtfile and thechecksums.txt.sigstore.jsonfile files, for example, withwget:Then, verify it using
cosign:If the output is
Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release usingsha256sum:Done! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.
Configuration
📅 Schedule: (in timezone Europe/Berlin)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.