chore: bump babel-dead-code-elimination #6228
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
📝 WalkthroughWalkthroughBumped several Babel-related dependencies across packages and added a pnpm override; removed various React test-snapshot files and stripped UI/client-side code from an isomorphic test snapshot while preserving server handlers. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: defaults Review profile: CHILL Plan: Pro 📒 Files selected for processing (8)
💤 Files with no reviewable changes (8)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
Comment |
|
View your CI Pipeline Execution ↗ for commit d29e415
☁️ Nx Cloud last updated this comment at |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (3)
packages/router-plugin/package.jsonpackages/start-plugin-core/package.jsonpackages/start-plugin-core/tests/createServerFn/snapshots/server-provider/isomorphic-fns.tsx
💤 Files with no reviewable changes (1)
- packages/start-plugin-core/tests/createServerFn/snapshots/server-provider/isomorphic-fns.tsx
🧰 Additional context used
📓 Path-based instructions (1)
**/package.json
📄 CodeRabbit inference engine (AGENTS.md)
Use workspace protocol
workspace:*for internal dependencies in package.json files
Files:
packages/router-plugin/package.jsonpackages/start-plugin-core/package.json
🧠 Learnings (5)
📓 Common learnings
Learnt from: nlynzaad
Repo: TanStack/router PR: 5402
File: packages/router-generator/tests/generator/no-formatted-route-tree/routeTree.nonnested.snapshot.ts:19-21
Timestamp: 2025-10-08T08:11:47.088Z
Learning: Test snapshot files in the router-generator tests directory (e.g., files matching the pattern `packages/router-generator/tests/generator/**/routeTree*.snapshot.ts` or `routeTree*.snapshot.js`) should not be modified or have issues flagged, as they are fixtures used to verify the generator's output and are intentionally preserved as-is.
📚 Learning: 2025-12-06T15:03:07.223Z
Learnt from: CR
Repo: TanStack/router PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-06T15:03:07.223Z
Learning: Applies to **/package.json : Use workspace protocol `workspace:*` for internal dependencies in package.json files
Applied to files:
packages/router-plugin/package.jsonpackages/start-plugin-core/package.json
📚 Learning: 2025-11-02T16:16:24.898Z
Learnt from: nlynzaad
Repo: TanStack/router PR: 5732
File: packages/start-client-core/src/client/hydrateStart.ts:6-9
Timestamp: 2025-11-02T16:16:24.898Z
Learning: In packages/start-client-core/src/client/hydrateStart.ts, the `import/no-duplicates` ESLint disable is necessary for imports from `#tanstack-router-entry` and `#tanstack-start-entry` because both aliases resolve to the same placeholder file (`fake-start-entry.js`) in package.json during static analysis, even though they resolve to different files at runtime.
Applied to files:
packages/router-plugin/package.jsonpackages/start-plugin-core/package.json
📚 Learning: 2025-12-25T13:04:46.897Z
Learnt from: nlynzaad
Repo: TanStack/router PR: 6215
File: e2e/react-start/custom-basepath/package.json:13-17
Timestamp: 2025-12-25T13:04:46.897Z
Learning: In the TanStack Router repository, e2e test scripts are specifically designed to run in CI (which uses a Unix environment), so Unix-specific commands (like `rm -rf`, `&` for backgrounding, and direct environment variable assignments without `cross-env`) are acceptable in e2e test npm scripts.
Applied to files:
packages/router-plugin/package.jsonpackages/start-plugin-core/package.json
📚 Learning: 2025-10-01T18:31:35.420Z
Learnt from: schiller-manuel
Repo: TanStack/router PR: 5330
File: e2e/react-start/custom-basepath/src/routeTree.gen.ts:58-61
Timestamp: 2025-10-01T18:31:35.420Z
Learning: Do not review files named `routeTree.gen.ts` in TanStack Router repositories, as these are autogenerated files that should not be manually modified.
Applied to files:
packages/router-plugin/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Test
- GitHub Check: Preview
🔇 Additional comments (1)
packages/start-plugin-core/package.json (1)
74-74: LGTM! Consistent version alignment across packages.The dependency update to
babel-dead-code-elimination@^1.0.11aligns with the version inrouter-plugin, ensuring consistency across the monorepo.
| "@tanstack/router-utils": "workspace:*", | ||
| "@tanstack/virtual-file-routes": "workspace:*", | ||
| "babel-dead-code-elimination": "^1.0.10", | ||
| "babel-dead-code-elimination": "^1.0.11", |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n packages/router-plugin/package.json | sed -n '100,130p'Repository: TanStack/router
Length of output: 1188
🌐 Web query:
babel-dead-code-elimination npm package version 1.0.11 security vulnerabilities
💡 Result:
Short answer: There are no public security advisories specifically reporting vulnerabilities in babel-dead-code-elimination v1.0.11 — and the npm registry shows the latest published release as v1.0.10 (no v1.0.11 listed). [1][2]
Details/sources:
- npm package page (latest listed version 1.0.10, no 1.0.11). [1]
- Third‑party package scanners (Socket/Socket.dev) show the package metadata and recent scans but list v1.0.10 as latest; no advisories for v1.0.11. [2]
If you’d like, I can:
- search for any dependent-package or indirect advisories that might affect code produced by this package, or
- check GitHub repo/tags for a v1.0.11 release or recent security issues.
Incorrect version: babel-dead-code-elimination@1.0.11 does not exist on npm.
The specified version 1.0.11 is not published on npm registry. Only 1.0.10 (and earlier versions) are available. The dependency specification "babel-dead-code-elimination": "^1.0.11" will fail during installation.
Update to "^1.0.10" or the specific available version needed.
🤖 Prompt for AI Agents
In packages/router-plugin/package.json around line 117 the dependency version
"babel-dead-code-elimination": "^1.0.11" is invalid because that version is not
published to npm; change the version to an available release such as "^1.0.10"
(or the exact version required) so installs will succeed, then run npm/yarn
install to verify resolution.
schiller-manuel
force-pushed
the
bump-babel-dce
branch
from
a2b118f to
e71d56b
Compare
schiller-manuel
force-pushed
the
bump-babel-dce
branch
from
e71d56b to
90aadc9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.