Skip to content

chore: fix vulnerabilities in dependencies#9576

Merged
dyc3 merged 2 commits intomainfrom
chore/vulnerabilities
Mar 21, 2026
Merged

chore: fix vulnerabilities in dependencies#9576
dyc3 merged 2 commits intomainfrom
chore/vulnerabilities

Conversation

@ematipico
Copy link
Member

@ematipico ematipico commented Mar 21, 2026

Summary

There were a few SEC that affected our dependencies, which I updated.

I also removed paste, which is unmaintained. It was very easy to replace it. Not sure why it wasn't done in the first place cc @tidefield

Test Plan

Green CI

Docs

@changeset-bot
Copy link

changeset-bot bot commented Mar 21, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 577f81d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@ematipico ematipico requested review from a team March 21, 2026 17:40
@github-actions github-actions bot added L-JavaScript Language: JavaScript and super languages A-Type-Inference Area: type inference labels Mar 21, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 21, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fdeb10e5-7b64-48a7-aee2-214830524cd1

📥 Commits

Reviewing files that changed from the base of the PR and between 92d0399 and 577f81d.

📒 Files selected for processing (1)
  • crates/biome_js_type_info/src/globals_ids.rs

Walkthrough

Removed the paste crate from crates/biome_js_type_info/Cargo.toml and refactored the define_global_type! macro in crates/biome_js_type_info/src/globals_ids.rs to accept an explicit name identifier. Macro invocations were updated to supply both the TypeId constant identifier and the corresponding &'static str name constant identifier; identifier synthesis via paste was removed. No runtime logic or public Rust signatures were otherwise changed.

Possibly related PRs

Suggested reviewers

  • arendjr
🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'chore: fix vulnerabilities in dependencies' accurately reflects the main objective of addressing security issues and removing the unmaintained paste crate dependency.
Description check ✅ Passed The PR description is directly related to the changeset, explaining the motivation (SEC vulnerabilities, removing unmaintained paste crate) and mentioning the test plan, though it could be more detailed about specific changes.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/vulnerabilities

Comment @coderabbitai help to get the list of available commands and usage tips.

@codspeed-hq
Copy link

codspeed-hq bot commented Mar 21, 2026
edited
Loading

Merging this PR will not alter performance

✅ 58 untouched benchmarks
⏩ 156 skipped benchmarks1

Comparing chore/vulnerabilities (577f81d) with main (b7ab931)

Open in CodSpeed

Footnotes

  1. 156 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@dyc3 dyc3 merged commit a62487a into main Mar 21, 2026
32 checks passed
@dyc3 dyc3 deleted the chore/vulnerabilities branch March 21, 2026 20:22
@coderabbitai coderabbitai bot mentioned this pull request Mar 21, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dyc3 dyc3 dyc3 approved these changes

Assignees

No one assigned

Labels

A-Type-Inference Area: type inference L-JavaScript Language: JavaScript and super languages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ematipico @dyc3