[Snyk] Upgrade @swc/core from 1.3.68 to 1.13.20#8158
Conversation
Snyk has created this PR to upgrade @swc/core from 1.3.68 to 1.13.20. See this package in yarn: @swc/core See this project in Snyk: https://app.snyk.io/org/q1bluequantumblockchainlabs.onmicrosoft.com/project/78e89a11-7570-4c90-8650-785847255aa5?utm_source=github&utm_medium=referral&page=upgrade-pr
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
📝 WalkthroughThis pull request performs a major version upgrade of the @swc/core dependency used in the Backstage storybook package. The update jumps from version The changes include updates to all platform-specific binary packages (darwin-arm64, darwin-x64, linux-arm-gnueabihf, etc.) from version 1.3.68 to 1.14.0, along with corresponding checksum updates in the yarn.lock file. However, there's a critical version mismatch where package.json specifies Given the magnitude of this version jump, there are significant risks including potential breaking changes in AST definitions, parser behavior modifications, and plugin compatibility issues that need thorough testing before merge. 📊 Changes
🔒 Security Highlights
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant PM as Package Manager
participant SB as Storybook App
participant SWC as @swc/core
participant Binaries as Platform Binaries
participant Counter as @swc/counter
participant Types as @swc/types
Note over PM,Types: Dependency Update: @swc/core 1.3.46 → 1.13.20
PM->>PM: Read package.json
Note right of PM: Updated dependency:<br/>@swc/core: ^1.13.20
PM->>SWC: Resolve @swc/core@^1.13.20
activate SWC
Note right of SWC: Resolves to v1.14.0
SWC->>Counter: Require @swc/counter@^0.1.3
activate Counter
Counter-->>SWC: v0.1.3 available
deactivate Counter
SWC->>Types: Require @swc/types@^0.1.25
activate Types
Types->>Counter: Depend on @swc/counter@^0.1.3
Types-->>SWC: v0.1.25 available
deactivate Types
SWC->>Binaries: Resolve platform-specific binaries
activate Binaries
Note over Binaries: All binaries updated to 1.14.0:<br/>- darwin-arm64/x64<br/>- linux-arm/arm64/x64<br/>- win32-arm64/ia32/x64
Binaries-->>SWC: Platform binaries resolved
deactivate Binaries
opt Peer Dependency Check
SWC->>PM: Check @swc/helpers peer dependency
Note right of PM: Updated requirement:<br/>>=0.5.17 (was ^0.5.0)
end
SWC-->>PM: Dependencies resolved
deactivate SWC
PM->>PM: Update yarn.lock
Note right of PM: Lock file updated with<br/>new versions and checksums
PM->>SB: Install updated dependencies
activate SB
SB->>SWC: Import and use @swc/core v1.14.0
Note over SB,SWC: Storybook now uses<br/>updated SWC compiler
deactivate SB
🔒 Security Analysis
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
![entelligence-ai-pr-reviews[bot]](https://avatars.githubusercontent.com/in/932812?s=60&v=4){kind=small}
| }, | ||
| "dependencies": { | ||
| "@swc/core": "^1.3.46", | ||
| "@swc/core": "^1.13.20", |
There was a problem hiding this comment.
Correctness: 🚨 Version Mismatch Risk: The package.json specifies ^1.13.20 but yarn.lock resolves to 1.14.0. This could lead to inconsistent behavior across different environments where different team members may get different SWC versions.
📝 Committable Code Suggestion
‼️ Ensure you review the code suggestion before committing it to the branch. Make sure it replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| "@swc/core": "^1.13.20", | |
| "@swc/core": "1.14.0", |
| }, | ||
| "dependencies": { | ||
| "@swc/core": "^1.3.46", | ||
| "@swc/core": "^1.13.20", |
There was a problem hiding this comment.
Correctness: 🚨 Major Version Jump Without Gradual Migration: Jumping from 1.3.46 to 1.13.20 spans multiple major releases with potential breaking changes. SWC has had documented breaking changes in AST definitions and plugin compatibility that could break existing builds, transformations, or plugin compatibility.
| }, | ||
| "dependencies": { | ||
| "@swc/core": "^1.3.46", | ||
| "@swc/core": "^1.13.20", |
There was a problem hiding this comment.
Style:
| "@swc/core-darwin-arm64@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-darwin-arm64@npm:1.14.0" | ||
| conditions: os=darwin & cpu=arm64 | ||
| languageName: node | ||
| linkType: hard | ||
|
|
||
| "@swc/core-darwin-x64@npm:1.3.68": | ||
| version: 1.3.68 | ||
| resolution: "@swc/core-darwin-x64@npm:1.3.68" | ||
| "@swc/core-darwin-x64@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-darwin-x64@npm:1.14.0" | ||
| conditions: os=darwin & cpu=x64 | ||
| languageName: node | ||
| linkType: hard | ||
|
|
||
| "@swc/core-linux-arm-gnueabihf@npm:1.3.68": | ||
| version: 1.3.68 | ||
| resolution: "@swc/core-linux-arm-gnueabihf@npm:1.3.68" | ||
| "@swc/core-linux-arm-gnueabihf@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-linux-arm-gnueabihf@npm:1.14.0" | ||
| conditions: os=linux & cpu=arm |
There was a problem hiding this comment.
Security: @swc/counter and @swc/types are now required dependencies. This increases bundle size and introduces potential supply chain risk. These dependencies should be verified as legitimate and audited for security.
| "@swc/core-darwin-arm64@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-darwin-arm64@npm:1.14.0" | ||
| conditions: os=darwin & cpu=arm64 | ||
| languageName: node | ||
| linkType: hard | ||
|
|
||
| "@swc/core-darwin-x64@npm:1.3.68": | ||
| version: 1.3.68 | ||
| resolution: "@swc/core-darwin-x64@npm:1.3.68" | ||
| "@swc/core-darwin-x64@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-darwin-x64@npm:1.14.0" | ||
| conditions: os=darwin & cpu=x64 | ||
| languageName: node | ||
| linkType: hard | ||
|
|
||
| "@swc/core-linux-arm-gnueabihf@npm:1.3.68": | ||
| version: 1.3.68 | ||
| resolution: "@swc/core-linux-arm-gnueabihf@npm:1.3.68" | ||
| "@swc/core-linux-arm-gnueabihf@npm:1.14.0": | ||
| version: 1.14.0 | ||
| resolution: "@swc/core-linux-arm-gnueabihf@npm:1.14.0" | ||
| conditions: os=linux & cpu=arm |
There was a problem hiding this comment.
Correctness: @swc/helpers requirement changed from ^0.5.0 to >=0.5.17. This may require updates to other packages using SWC helpers and could impact compatibility across the Backstage monorepo.
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
2 participants
Snyk has created this PR to upgrade @swc/core from 1.3.68 to 1.13.20.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 457 versions ahead of your current version.
The recommended version was released a month ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
EntelligenceAI PR Summary
This PR updates the
@swc/coredependency in the Backstage storybook package from version^1.3.46to^1.13.20, representing a significant version jump. The update includes new dependencies (@swc/counterand@swc/types), updated peer dependencies, and all platform-specific binaries upgraded to version 1.14.0.