Skip to content

chore(deps): Update rescript requirement from ^12.2.0 to ^12.3.0 in /components/office-addin#197

Merged
hyperpolymath merged 2 commits into
mainfrom
dependabot/npm_and_yarn/components/office-addin/rescript-tw-12.3.0
May 25, 2026
Merged

chore(deps): Update rescript requirement from ^12.2.0 to ^12.3.0 in /components/office-addin#197
hyperpolymath merged 2 commits into
mainfrom
dependabot/npm_and_yarn/components/office-addin/rescript-tw-12.3.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Updates the requirements on rescript to permit the latest version.

Release notes

Sourced from rescript's releases.

12.3.0

(No changes compared to 12.3.0-beta.1.)

🚀 New Feature

🐛 Bug fix

💅 Polish

Changelog

Sourced from rescript's changelog.

12.3.0

No changes compared to 12.3.0-beta.1.

12.3.0-beta.1

🚀 New Feature

🐛 Bug fix

💅 Polish

12.2.0

🚀 New Feature

🐛 Bug fix

  • Fix compiler crash (Fatal error: Parmatch.all_record_args) when matching empty dict/record patterns. rescript-lang/rescript#8246
  • Fix null falling into the object branch instead of the wildcard when pattern matching on untagged variants with both Object and null cases. rescript-lang/rescript#8253

12.2.0-rc.1

💥 Breaking Change

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Update rescript requirement in /components/office-addin
a9e625d 
Updates the requirements on [rescript](https://github.com/rescript-lang/rescript) to permit the latest version.
- [Release notes](https://github.com/rescript-lang/rescript/releases)
- [Changelog](https://github.com/rescript-lang/rescript/blob/v12.3.0/CHANGELOG.md)
- [Commits](rescript-lang/rescript@v12.2.0...v12.3.0)

---
updated-dependencies:
- dependency-name: rescript
  dependency-version: 12.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 25, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 25, 2026

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 25, 2026

🔍 Hypatia Security Scan

Findings: 93 issues detected

Severity Count
🔴 Critical 2
🟠 High 55
🟡 Medium 36

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in container-policy.yml",
    "type": "npermissions_typo",
    "file": "container-policy.yml",
    "action": "fix_typo",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Port.open spawn -- validate command before execution (1 occurrences, CWE-78)",
    "type": "elixir_port_open_shell",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/backend/lib/awap_backend/core_bridge.ex",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
    "type": "js_wildcard_cors",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/office-addin/webpack.config.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/examples/demos/web-ui/app.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (24 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/monitoring/exporters/aws_exporter.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (1 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/core/src/feedback.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "expect() in hot path (5 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/core/src/security.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath merged commit eef15b1 into main May 25, 2026
10 of 17 checks passed
@hyperpolymath hyperpolymath deleted the dependabot/npm_and_yarn/components/office-addin/rescript-tw-12.3.0 branch May 25, 2026 11:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 25, 2026

🔍 Hypatia Security Scan

Findings: 93 issues detected

Severity Count
🔴 Critical 2
🟠 High 55
🟡 Medium 36

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in container-policy.yml",
    "type": "npermissions_typo",
    "file": "container-policy.yml",
    "action": "fix_typo",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Port.open spawn -- validate command before execution (1 occurrences, CWE-78)",
    "type": "elixir_port_open_shell",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/backend/lib/awap_backend/core_bridge.ex",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
    "type": "js_wildcard_cors",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/office-addin/webpack.config.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/examples/demos/web-ui/app.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (24 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/monitoring/exporters/aws_exporter.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (1 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/core/src/feedback.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "expect() in hot path (5 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/academic-workflow-suite/academic-workflow-suite/components/core/src/security.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath