fix: Upgrade oxc_resolver to resolve yanked papaya dependency#11733
Merged
anthonyshew merged 4 commits intomainfrom Feb 9, 2026
Merged
fix: Upgrade oxc_resolver to resolve yanked papaya dependency#11733anthonyshew merged 4 commits intomainfrom
anthonyshew merged 4 commits intomainfrom
Conversation
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Congrats! CodSpeed is installed 🎉
You will start to see performance impacts in the reports once the benchmarks are run from your default branch.
|
The previous check_import_via_resolver used resolver.resolve() which resolves everything including node_modules. This caused bare package imports like 'react' to bypass check_package_import dependency validation. Restrict to imports that aren't relative paths or potential package names so dependency declaration checks still fire.
Verify that check_import_as_tsconfig_path_alias: - Skips bare package names (react, @scope/pkg, @types/node) - Skips relative imports (./foo, ../bar) - Resolves actual tsconfig path aliases (@/utils/helper) This prevents regressions where bare package imports could bypass check_package_import dependency validation.
Contributor
Coverage Report
|
anthonyshew
added a commit
that referenced
this pull request
Feb 9, 2026
## Release v2.8.3-canary.12 ### Changes - fix: Upgrade futures/futures-util to resolve yanked futures-util 0.3.30 (#11735) (`9c2c84ac84`) - fix: Upgrade oxc_resolver to resolve yanked papaya dependency (#11733) (`250e8a45b3`) - fix: Upgrade portable-pty to resolve RUSTSEC-2017-0008 (#11732) (`136a658917`) - fix: Upgrade pprof to fix RUSTSEC-2024-0408 (#11730) (`c2937e7aa0`) - fix: Upgrade git2 to fix RUSTSEC-2026-0008 (#11729) (`6422f1d0ba`) - fix: Upgrade pest/pest_derive to resolve yanked version (#11734) (`9be27e67e1`) - fix: Upgrade test-case to resolve transitive proc-macro-error (#11737) (`095b81969e`) - fix: Upgrade rustls chain to resolve RUSTSEC-2025-0134 (#11739) (`3fa43fd818`) - refactor: Centralize configuration resolution funnel (#11727) (`4021bb7758`) - fix: Upgrade indicatif to 0.18.3 to drop unmaintained number_prefix (#11716) (`a7d8427ef8`) - fix: Upgrade test-case and merge to drop unmaintained proc-macro-error (#11721) (`3b43995a2c`) - fix: Migrate from unmaintained serde_yaml to serde_yml (#11720) (`9760bd2341`) - fix: Upgrade async-io to 2.x to drop unmaintained instant crate (#11719) (`e588b670f8`) - fix(docs): Fix code syntax highlighting by using correct Shiki CSS variable names (#11726) (`e5bbd0982e`) - release(turborepo): 2.8.3-canary.11 (#11725) (`21b2777399`)
github-actions Bot
added a commit
that referenced
this pull request
Feb 9, 2026
## Release v2.8.3-canary.13 Versioned docs: https://v2-8-3-canary-13.turborepo.dev ### Changes - release(turborepo): 2.8.3-canary.12 (#11740) (`ffe943b6db`) - fix: Upgrade futures/futures-util to resolve yanked futures-util 0.3.30 (#11735) (`9c2c84ac84`) - fix: Upgrade oxc_resolver to resolve yanked papaya dependency (#11733) (`250e8a45b3`) - fix: Upgrade portable-pty to resolve RUSTSEC-2017-0008 (#11732) (`136a658917`) - fix: Upgrade pprof to fix RUSTSEC-2024-0408 (#11730) (`c2937e7aa0`) - fix: Upgrade git2 to fix RUSTSEC-2026-0008 (#11729) (`6422f1d0ba`) - fix: Upgrade pest/pest_derive to resolve yanked version (#11734) (`9be27e67e1`) - fix: Upgrade test-case to resolve transitive proc-macro-error (#11737) (`095b81969e`) - fix: Upgrade rustls chain to resolve RUSTSEC-2025-0134 (#11739) (`3fa43fd818`) - refactor: Centralize configuration resolution funnel (#11727) (`4021bb7758`) - fix: Upgrade indicatif to 0.18.3 to drop unmaintained number_prefix (#11716) (`a7d8427ef8`) - fix: Upgrade test-case and merge to drop unmaintained proc-macro-error (#11721) (`3b43995a2c`) - fix: Migrate from unmaintained serde_yaml to serde_yml (#11720) (`9760bd2341`) - fix: Upgrade async-io to 2.x to drop unmaintained instant crate (#11719) (`e588b670f8`) - fix(docs): Fix code syntax highlighting by using correct Shiki CSS variable names (#11726) (`e5bbd0982e`) - release(turborepo): 2.8.3-canary.11 (#11725) (`21b2777399`) - chore: Upgrade reqwest toward addressing RUSTSEC-2025-0134 (#11718) (`f7ee5a39ab`) Co-authored-by: Turbobot <turbobot@vercel.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
oxc_resolverfrom 4.2.0 to 11.17.1, resolving the yankedpapaya0.2.0 transitive dependencyTsconfigOptionsnow wrapped inTsconfigDiscovery::Manual()enumTsConfigSerdetype removed — replaced import checking with directResolver::resolve()callscrates/turborepo-boundaries/src/tsconfig.rs(its caching is now handled by oxc_resolver internally)Resolves TURBO-5253