Skip to content

⬆️ Upgrade Biome to the latest version #1861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Sep 9, 2025
Merged

⬆️ Upgrade Biome to the latest version #1861

merged 14 commits into from
Sep 9, 2025

Conversation

alejsdev
Copy link
Member

@alejsdev alejsdev commented Sep 8, 2025
edited
Loading

⬆️ Upgrade Biome to the latest version

Also included fix proposed in #1833 (to exclude dist and src/client)

Closes #1858

@alejsdev alejsdev marked this pull request as ready for review September 8, 2025 15:36
@alejsdev alejsdev changed the title ⬆️ Upgrade Biome ⬆️ Upgrade Biome to the latest version Sep 8, 2025
@alejsdev alejsdev mentioned this pull request Sep 8, 2025
Closed
@alexrockhill
Copy link
Contributor

alexrockhill commented Sep 8, 2025
edited
Loading 

$ npm install

added 101 packages, removed 21 packages, changed 66 packages, and audited 424 packages in 2s

72 packages are looking for funding
  run `npm fund` for details

7 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

full-stack-fastapi-template/frontend$ npm audit
# npm audit report

is-arrayish  *
Severity: critical
Malware in is-arrayish - https://github.com/advisories/GHSA-hfm8-9jrf-7g9w
fix available via `npm audit fix --force`
Will install @emotion/[email protected], which is a breaking change
node_modules/is-arrayish
  error-ex  >=1.3.0
  Depends on vulnerable versions of is-arrayish
  node_modules/error-ex
    parse-json  3.0.0 - 7.1.1
    Depends on vulnerable versions of error-ex
    node_modules/parse-json
      cosmiconfig  >=3.0.1
      Depends on vulnerable versions of parse-json
      node_modules/cosmiconfig
        babel-plugin-macros  >=2.0.0
        Depends on vulnerable versions of cosmiconfig
        node_modules/babel-plugin-macros
          @emotion/babel-plugin  *
          Depends on vulnerable versions of babel-plugin-macros
          node_modules/@emotion/babel-plugin
            @emotion/react  >=11.8.0
            Depends on vulnerable versions of @emotion/babel-plugin
            node_modules/@emotion/react

7 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

FYI

"@emotion/react": "<11.8.0",

fixes it in the package.json

@alejsdev
Copy link
Member Author

alejsdev commented Sep 8, 2025 

$ npm install

added 101 packages, removed 21 packages, changed 66 packages, and audited 424 packages in 2s

72 packages are looking for funding
  run `npm fund` for details

7 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

full-stack-fastapi-template/frontend$ npm audit
# npm audit report

is-arrayish  *
Severity: critical
Malware in is-arrayish - https://github.com/advisories/GHSA-hfm8-9jrf-7g9w
fix available via `npm audit fix --force`
Will install @emotion/[email protected], which is a breaking change
node_modules/is-arrayish
  error-ex  >=1.3.0
  Depends on vulnerable versions of is-arrayish
  node_modules/error-ex
    parse-json  3.0.0 - 7.1.1
    Depends on vulnerable versions of error-ex
    node_modules/parse-json
      cosmiconfig  >=3.0.1
      Depends on vulnerable versions of parse-json
      node_modules/cosmiconfig
        babel-plugin-macros  >=2.0.0
        Depends on vulnerable versions of cosmiconfig
        node_modules/babel-plugin-macros
          @emotion/babel-plugin  *
          Depends on vulnerable versions of babel-plugin-macros
          node_modules/@emotion/babel-plugin
            @emotion/react  >=11.8.0
            Depends on vulnerable versions of @emotion/babel-plugin
            node_modules/@emotion/react

7 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

FYI

"@emotion/react": "<11.8.0",

fixes it in the package.json

I cannot replicate it. Have you pulled the latest changes from master? Several upgrades were made recently.
In this branch with the latest changes, I found 0 vulnerabilities.

@alexrockhill
Copy link
Contributor

I'm not able to replicate now either, maybe it's yanked already, it was posted 3 hours ago

YuriiMotov
YuriiMotov reviewed Sep 9, 2025
View reviewed changes
@alejsdev alejsdev merged commit f813161 into master Sep 9, 2025
17 checks passed
@alejsdev alejsdev deleted the upgrade-biome branch September 9, 2025 12:45
jpizquierdo pushed a commit to jpizquierdo/full-stack-fastapi-template that referenced this pull request Sep 24, 2025
@alejsdev @jpizquierdo
⬆️ Upgrade Biome to the latest version (fastapi#1861)
3ff8a37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YuriiMotov YuriiMotov YuriiMotov left review comments

Assignees
No one assigned
Labels
upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alejsdev @alexrockhill @YuriiMotov