[Snyk] Upgrade @swc/core from 1.3.68 to 1.13.19

[q1blue]

Snyk has created this PR to upgrade @swc/core from 1.3.68 to 1.13.19.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 454 versions ahead of your current version.

• The recommended version was released 22 days ago.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

EntelligenceAI PR Summary

This PR updates @swc/core from version ^1.3.46 to ^1.13.19 in the Backstage storybook package, which is a major version jump of approximately 10 versions. The update includes new dependencies (@swc/counter and @swc/types) and updated peer dependency requirements.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​swc/​core-linux-x64-gnu@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-win32-arm64-msvc@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-win32-x64-msvc@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-linux-arm-gnueabihf@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-darwin-arm64@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-darwin-x64@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-linux-arm64-gnu@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-linux-arm64-musl@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-linux-x64-musl@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​core-win32-ia32-msvc@​1.3.68 ⏵ 1.13.20				-1
	@​swc/​counter@​0.1.3
	@​swc/​types@​0.1.25
	@​swc/​core@​1.3.68 ⏵ 1.13.20	+1		+3	-1

View full report

[entelligence-ai-pr-reviews]

📝 Walkthrough

This PR updates the @swc/core package from version ^1.3.46 to ^1.13.19 in the Backstage storybook package. This represents a significant version jump of approximately 10 major versions. The update introduces new dependencies (@swc/counter and @swc/types) and updates peer dependency requirements for @swc/helpers from ^0.5.0 to >=0.5.17.

However, this update is incomplete as it only affects the storybook package while the main CLI package and microsite package still use the older version. This inconsistency creates potential compatibility issues, build inconsistencies, and runtime errors. Additionally, the major version jump without a gradual migration strategy introduces significant risk due to accumulated breaking changes across versions.

📊 Changes

File	Change
storybook/package.json	Updated @swc/core from ^1.3.46 to ^1.13.19
storybook/yarn.lock	Updated dependencies, added @swc/counter and @swc/types, updated peer dependency for @swc/helpers

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    title SWC Core Dependency Update Flow

    participant App as "Storybook Application"
    participant Bundler as "Storybook Bundler"
    participant SWC as "@swc/core v1.13.19"
    participant Counter as "@swc/counter"
    participant Types as "@swc/types"
    participant Platform as "Platform-specific SWC Binary"

    Note over App,Platform: Dependency update from @swc/core v1.3.46 to v1.13.19

    App->>Bundler: Initialize build process
    activate Bundler
    
    Bundler->>SWC: Load SWC compiler
    activate SWC
    
    SWC->>Counter: Initialize counter module
    activate Counter
    Counter-->>SWC: Counter initialized
    deactivate Counter
    
    SWC->>Types: Load type definitions
    activate Types
    Types-->>SWC: Types loaded
    deactivate Types
    
    SWC->>Platform: Detect platform and load appropriate binary
    activate Platform
    Note over Platform: One of multiple platform-specific binaries:<br/>darwin-arm64, darwin-x64, linux-arm-gnueabihf,<br/>linux-arm64-gnu, linux-arm64-musl, etc.
    Platform-->>SWC: Platform-specific implementation loaded
    deactivate Platform
    
    SWC-->>Bundler: SWC compiler ready
    
    Bundler->>SWC: Transform JavaScript/TypeScript code
    SWC->>Counter: Track compilation metrics
    SWC->>Platform: Execute transformation
    Platform-->>SWC: Transformed code
    SWC-->>Bundler: Return transformed code
    
    Bundler->>Bundler: Bundle transformed code
    Bundler-->>App: Build complete
    deactivate Bundler
    deactivate SWC
    
    Note over App,Platform: New dependency structure includes @swc/counter and @swc/types

Loading

🔒 Security Analysis

• Vulnerabilities: 0
• Bugs: 0
• Code Smells: 0
• Security Hotspots: 0

Caution

7 comments are outside the diff range and can't be posted inline due to platform limitations.

⚠️ View Outside Diff Range Comments (7)

🔴 Critical High Priority  ·  3 issues

packages/cli/package.json  ·  1 comment

1. Lines line_with_@swc/helpers · Correctness

@swc/helpers version compatibility issue - CLI package explicitly depends on @swc/helpers: ^0.5.0, but the new @swc/core v1.13.19 requires @swc/helpers >= 0.5.17, creating a peer dependency conflict

Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

// Fix: @swc/helpers Peer Dependency Conflicts
// This file resolves the version conflict between @swc/core and @swc/helpers

// Problem: packages/cli/package.json specifies "@swc/helpers": "^0.5.0"
// But @swc/core@1.13.19 requires "@swc/helpers": ">=0.5.17"
// This creates a peer dependency resolu...

webpack configuration files  ·  1 comment

1. Lines SWC configuration sections · Correctness

Missing configuration updates - SWC had breaking configuration changes around v1.3.83+ where jsc.experimental.keepImportAssertions was renamed to jsc.experimental.keepImportAttributes. The current SWC configuration may be incompatible with v1.13.19

Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

// Fix: SWC Configuration Compatibility Issues  
// This file addresses potential configuration breaking changes between SWC versions

// Problem: SWC has introduced breaking configuration changes between v1.3.46 and v1.13.19
// Most notably the keepImportAssertions → keepImportAttributes change in ...

multiple package.json files  ·  1 comment

1. Lines dependency sections · Correctness

Major version jump without testing strategy - jumping 10 major versions (1.3.x → 1.13.x) without gradual migration introduces significant risk including breaking changes, parser and AST changes, and potential performance regressions

Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

// Fix: Testing and Validation Strategy for SWC Major Version Update
// This file provides a comprehensive testing approach for the SWC upgrade

// Problem: Major version jump (1.3.46 → 1.13.19) without adequate testing
// could introduce runtime failures, build breakages, or performance issues

// ...

🟡 Medium Medium Priority  ·  2 issues

storybook/package.json  ·  1 comment

1. Lines dependencies section · Correctness

Lack of testing for compatibility - no evidence of testing this major version upgrade against existing Storybook stories compilation, TypeScript/React transformation, build pipeline compatibility, and bundle size impact

storybook/yarn.lock  ·  1 comment

1. Lines dependency sections · Security

Dependency chain security - adding new dependencies (@swc/counter, @swc/types) increases attack surface. While these are from the official SWC project, they should be audited for security vulnerabilities

🟢 Minor Low Priority  ·  2 issues

multiple package.json files  ·  1 comment

1. Lines dependency sections · Correctness

Gradual migration strategy - consider updating in smaller increments (e.g., 1.3.x → 1.6.x → 1.9.x → 1.13.x) to identify and resolve issues incrementally

documentation files  ·  1 comment

1. Lines various · Style

Documentation update - update any documentation that references @swc/core version requirements or build processes

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

Correctness: Incomplete dependency update - only the storybook package was updated to @swc/core v1.13.19, but the main CLI package and microsite package still use the older version, creating a version mismatch

📝 Committable Code Suggestion

‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	"build-storybook": "build-storybook --output-dir dist"
	},
	"dependencies": {
	"@swc/core": "^1.3.46",
	"@swc/core": "^1.13.19",
	// Fix: Complete @swc/core dependency update across all packages
	// This file demonstrates the correct approach to updating SWC dependencies consistently
	// Problem: Only storybook/package.json was updated, but packages/cli/package.json
	// and microsite/package.json still use the old version, crea...

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!