Bump uuid and @rspack/cli in /build/rspack

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependency @rspack/cli. These dependencies need to be updated together.

Removes uuid

Updates @rspack/cli from 1.7.10 to 2.0.4

Release notes

Sourced from @​rspack/cli's releases.

v2.0.4

Highlights 💡

• Inline const with module declarations (#14032): Previously, Rspack only inlined constant exports from leaf modules in the module graph. Now constant exports from any module can be inlined, even when that module also imports or re-exports other modules. In rare circular-reference cases this can make a TDZ error disappear, but we do not expect real projects to rely on TDZ errors, so Rspack prioritizes the optimization.

  // constants.js
  import './setup';
  export const ENABLE_EXPERIMENT = false;
  // entry.js
  import { ENABLE_EXPERIMENT } from './constants';
  if (ENABLE_EXPERIMENT) {
  runExperiment();
  }
  // Before: constants.js is not a leaf module, so the branch could keep
  // reading the imported binding.
  if (ENABLE_EXPERIMENT) {
  runExperiment();
  }
  // Now: the constant can still be inlined, so dead branches are easier
  // to remove.
  if (false) {
  runExperiment();
  }

• Tree shake namespace default reexport (#13980): Previously, the import * as a from './a'; export default a; pattern did not tree-shake a through the default export. Now Rspack further analyzes the default-exported namespace object and can remove unused exports from the original namespace module.

  // a.js
  export function used() {}
  export function unused() {}
  // bridge.js
  import * as a from './a';
  export default a;
  // app.js
  import a from './bridge';
  a.used();
  // Before: both used and unused could be kept in the bundle.
  // Now: unused can be tree-shaken.

... (truncated)

Commits

• 744af1e chore: release v2.0.4
• c9e86b8 perf(cli): lazy load json stream helpers (#14079)
• c0db17f docs(cli): update cli option descriptions (#14071)
• 361ecde fix(cli): remove process title startup overhead (#14061)
• 9a2ef24 chore(deps): update patch npm dependencies (#14055)
• 3c6700c fix(cli): write logger trace output to file by default (#14022)
• dfcccd6 chore: release version 2.0.3 (#14015)
• ed2742a chore: enable tsgo for dts generation (#13952)
• 3998196 chore(deps): update patch npm dependencies (#13959)
• 45e3a8a chore: enable Rslint for more packages and fix lint issues (#13934)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated build tool dependency to a newer major version for improved build performance and compatibility.

[coderabbitai]

📝 Walkthrough

Walkthrough

The @rspack/cli devDependency version is upgraded from ^1.3.18 to ^2.0.4 in the rspack build configuration file, advancing to a newer major version of the build tool.

Changes

Rspack CLI dependency upgrade

Layer / File(s)	Summary
Rspack CLI version bump build/rspack/package.json	@rspack/cli devDependency is updated from ^1.3.18 to ^2.0.4 in the build configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A version bump hops by, so small and light,
From one-point-three to two—what a delight!
Rspack's CLI takes a mighty leap,
While our little reviewer's efforts stay cheap!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main changes: removing uuid and bumping @rspack/cli version in /build/rspack directory.
Description check	✅ Passed	The PR description provides detailed information about the changes, including rationale for removal and comprehensive release notes, but lacks explicit testing instructions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/build/rspack/multi-8eefc61473

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@build/rspack/package.json`:
- Around line 10-11: package.json lists `@rspack/cli`@2.0.4 while `@rspack/core`
remains at ^1.3.18, causing a peer dependency conflict; update `@rspack/core` to a
v2-compatible version (e.g., ^2.0.0) and add or bump `@rspack/dev-server` to a
matching ^2.x release in build/rspack/package.json, then review
build/rspack/rspack.serve-out.config.mts (devServer and config option usage) to
adjust any deprecated/renamed options to the Rspack v2 API so `@rspack/cli`,
`@rspack/core`, and `@rspack/dev-server` versions are consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b9147546-72ec-4eec-9656-e2951ce9c5ee

📥 Commits

Reviewing files that changed from the base of the PR and between a7a48c5 and 9b06bba.

⛔ Files ignored due to path filters (1)

• build/rspack/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• build/rspack/package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check peer dependencies and verify compatibility

# Check the peer dependencies of `@rspack/cli` 2.0.4
echo "=== `@rspack/cli` 2.0.4 peer dependencies ==="
npm view `@rspack/cli`@2.0.4 peerDependencies

# Check if `@rspack/dev-server` is used and needs updating
echo -e "\n=== Checking for `@rspack/dev-server` usage ==="
rg -n "`@rspack/dev-server`" build/rspack/

# Check the configuration file for any deprecated or changed APIs
echo -e "\n=== Checking configuration file ==="
cat build/rspack/rspack.serve-out.config.mts

Repository: cliff-security/vscode

Length of output: 5167

---

🌐 Web query:

@rspack/cli version 2 migration guide breaking changes from version 1

💡 Result:

Breaking changes for @rspack/cli v2 when migrating from v1 (grounded in the official v1→v2 upgrade guide and v2 release notes): 1) Node.js requirement changed (Node 18 no longer supported) Rspack v2 requires a minimum Node.js version of 20.19+ or 22.12+, and Node.js 18 is no longer supported. [1] 2) Pure ESM packaging: @rspack/cli is now ESM-only (CommonJS builds removed) @rspack/core, @rspack/cli, @rspack/dev-server, and @rspack/plugin-react-refresh are now published as pure ESM packages, with CommonJS builds removed. [1] 3) @rspack/dev-server is no longer a default dependency of @rspack/cli @rspack/cli no longer depends on @rspack/dev-server by default. If you use the rspack dev or rspack serve commands, install @rspack/dev-server manually. [1] 4) Built-in analyzer removed; --analyze flag removed The built-in webpack-bundler-analyzer has been removed from @rspack/cli, and the --analyze flag is no longer available. [1] 5) Dev server option changes (proxy / watchFiles, etc.) The v2 upgrade guide notes that some devServer options have changed (including Server.proxy and devServer.watchFiles). [1] 6) Default devtool behavior changed (when using @rspack/cli) When mode is development, the default devtool changed from eval to cheap-module-source-map. [1] When mode is production and you are using @rspack/cli, the default devtool changed from source-map to false. [1] Additional CLI-related breaking changes mentioned at the v2 release level The v2 release announcement also summarizes that @rspack/cli no longer depends on @rspack/dev-server by default (aligning with the upgrade guide), reflecting the dependency streamlining. [2] Where to find the complete, “authoritative” checklist Use the official migration page “Upgrading from v1 to v2” in rspack.rs, which is explicitly described as listing breaking changes from Rspack 1.x to 2.0. [1] Sources: [1] https://rspack.rs/guide/migration/rspack_1.x [2] https://www.rspack.dev/blog/announcing-2-0

Citations:

• 1: https://rspack.rs/guide/migration/rspack_1.x
• 2: https://www.rspack.dev/blog/announcing-2-0

---

Critical peer dependency conflict: @rspack/cli v2 with @rspack/core v1 (and dev-server v2 required)

In build/rspack/package.json (lines 10-11), @rspack/cli@2.0.4 declares peer deps @rspack/core: ^2.0.0-0 (and @rspack/dev-server: ^2.0.0-0), but the file keeps @rspack/core at ^1.3.18. This guarantees a peer dependency conflict during install and can break rspack serve/dev-server behavior. Upgrade @rspack/core (and ensure @rspack/dev-server) to matching Rspack v2 versions, and confirm build/rspack/rspack.serve-out.config.mts devServer/config options still match v2 expectations.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build/rspack/package.json` around lines 10 - 11, package.json lists
`@rspack/cli`@2.0.4 while `@rspack/core` remains at ^1.3.18, causing a peer
dependency conflict; update `@rspack/core` to a v2-compatible version (e.g.,
^2.0.0) and add or bump `@rspack/dev-server` to a matching ^2.x release in
build/rspack/package.json, then review build/rspack/rspack.serve-out.config.mts
(devServer and config option usage) to adjust any deprecated/renamed options to
the Rspack v2 API so `@rspack/cli`, `@rspack/core`, and `@rspack/dev-server`
versions are consistent.