Skip to content

fix(ci): update rand lockfile entries#11827

Merged
kdy1 merged 1 commit intoswc-project:mainfrom
kdy1:kdy1/fix-rand-advisory
Apr 27, 2026
Merged

fix(ci): update rand lockfile entries#11827
kdy1 merged 1 commit intoswc-project:mainfrom
kdy1:kdy1/fix-rand-advisory

Conversation

@kdy1
Copy link
Copy Markdown
Member

@kdy1 kdy1 commented Apr 27, 2026

Description:

Updates Cargo.lock so cargo-deny no longer reports RUSTSEC-2026-0097 for rand. This moves rand 0.8.5 to 0.8.6 and rand 0.9.2 to 0.9.4, staying within the existing semver-compatible dependency ranges.

BREAKING CHANGE:

None.

Related issue (if exists):

CI failure: https://github.com/swc-project/swc/actions/runs/24973953736/job/73122070650

Copilot AI review requested due to automatic review settings April 27, 2026 10:12
@kdy1 kdy1 requested a review from a team as a code owner April 27, 2026 10:12
Copilot AI reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 27, 2026

⚠️ No Changeset found

Latest commit: 3275680

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint@​8.57.08910010050100
Addedglob@​8.1.010010010050100
Addedexpect@​27.5.1991007492100
Addedregenerator-runtime@​0.13.111001007980100
Updated@​types/​node@​20.5.0 ⏵ 20.12.121001008195100
Addedprop-types@​15.8.19910010083100
Addedsource-map-support@​0.5.219910010083100
Updatedsemver@​7.6.2 ⏵ 7.5.410010010086100
Updatedprettier@​3.3.2 ⏵ 2.8.892 +210098 +196100

View full report

@kdy1 kdy1 enabled auto-merge (squash) April 27, 2026 10:14
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 27, 2026
edited
Loading

Merging this PR will not alter performance

✅ 219 untouched benchmarks
⏩ 31 skipped benchmarks1

Comparing kdy1:kdy1/fix-rand-advisory (3275680) with main (347181c)2

Open in CodSpeed

Footnotes

  1. 31 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

  2. No successful run was found on main (2aa10d6) during the generation of this report, so 347181c was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 27, 2026

Binary Sizes

File Size
swc.linux-x64-gnu.node 27M (27787208 bytes)

Commit: c4971fe

@kdy1 kdy1 disabled auto-merge April 27, 2026 13:04
@kdy1 kdy1 merged commit 7988966 into swc-project:main Apr 27, 2026
200 of 202 checks passed
@kdy1 kdy1 deleted the kdy1/fix-rand-advisory branch April 27, 2026 13:04
@github-actions github-actions Bot modified the milestones: Planned, 1.15.33 Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kodiakhq kodiakhq[bot] kodiakhq[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

1.15.33

Development

Successfully merging this pull request may close these issues.

2 participants

@kdy1