chore: update dependencies and improve security in code execution (#49)

[frontegg-david]

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Resolved memory leak in worker pool shutdown procedure

• Chores

  • Released core and broker packages version 2.10.0
  • Upgraded React peer dependency requirement to version 18.0.0
  • Updated dependencies for enhanced stability and compatibility
  • Re-enabled worker pool adapter tests

[coderabbitai]

📝 Walkthrough

Walkthrough

Configuration restructured for CodeRabbit auto-reviews; package versions and dependencies bumped across workspace libraries and root toolchain; code wrapping mechanisms refactored from template literals to string concatenation; worker pool memory handler improved with explicit cleanup; custom globals tracking added to Enclave core logic.

Changes

Cohort / File(s)	Summary
Configuration .coderabbit.yaml	Restructured base_branches from top-level reviews to nested reviews.auto_review with regex patterns ("main", "release/.*") replacing wildcard notation.
Package Version Updates libs/broker/package.json, libs/core/package.json, libs/types/package.json, libs/react/package.json, libs/runtime/package.json	Bumped versions: broker and core to 2.10.0; updated internal dependencies (@enclave-vm/*); updated transitive dependencies (minimatch, zod, @babel/standalone, ws).
Root Toolchain package.json	Replaced deprecated devDependencies; updated Nx (22.4.x), SWC (~1.15.x), esbuild (^0.27.2), testing-library/react (16.3.2), typescript-eslint (8.54.0), and related tooling.
Build Configuration libs/core/project.json	Added new build-worker-script esbuild target; updated build-cjs to depend on it; set deleteOutputPath: false in build-cjs options.
Code Wrapping Refactoring libs/core/src/adapters/vm-adapter.ts, libs/core/src/adapters/worker-pool/worker-script.ts	Replaced template-literal code construction with string concatenation using explicit newlines; preserved async IIFE wrapping semantics.
Worker Pool Improvements libs/core/src/adapters/worker-pool/worker-pool-adapter.ts	Introduced bound memoryExceeded handler as private field; added listener cleanup in dispose method to prevent dangling references.
Core Logic libs/core/src/enclave.ts	Added customGlobalNames field to track custom globals; ensured custom globals preserved across transformations and not prefixed with _safe.
Test Updates libs/core/src/__tests__/worker-pool-adapter.spec.ts	Re-enabled previously skipped test; added enclave.dispose() cleanup call.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Manual cherry-pick needed: chore: update dependencies and improve security in code execution #50: Changes align with objective to update dependencies and improve security in code-execution components (vm-adapter, worker-script, worker-pool, enclave).

Possibly related PRs

• chore: update dependencies and improve security in code execution #49: Identical changes to .coderabbit.yaml structure and matching package.json/adapter updates.
• refactor: rename folders and update package imports to @enclave-vm #46: Related refactoring of library packages and configuration paths.

Poem

🐰 A rabbit hops through version trails,
Dependencies dance, configurations sail,
Code wraps tighter, memory freed,
Globals tracked with care and speed!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main objectives of the changeset: dependency updates across multiple packages and security improvements in code execution handling (e.g., memory leak fixes in worker-pool adapter and custom globals tracking in enclave).
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cherry-pick-pr-49

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.coderabbit.yaml:
- Around line 5-8: Remove the default branch entry "main" from the auto_review
-> base_branches list; update the base_branches setting so it only contains
non-default patterns (e.g., "release/.*") and no longer includes "main" to match
CodeRabbit's expectation that base_branches are extra base branches besides the
repository default.

🧹 Nitpick comments (1)

libs/core/src/__tests__/worker-pool-adapter.spec.ts (1)

379-398: Ensure enclave.dispose() runs even on assertion failure.

Wrap the test body in try/finally so workers are cleaned up even if an assertion throws.

Proposed change

-    const result = await enclave.run(`
-      async function __ag_main() {
-        return {
-          value: customValue,
-        };
-      }
-    `);
-
-    expect(result.success).toBe(true);
-    expect(result.value).toEqual({ value: 42 });
-
-    enclave.dispose();
+    try {
+      const result = await enclave.run(`
+        async function __ag_main() {
+          return {
+            value: customValue,
+          };
+        }
+      `);
+
+      expect(result.success).toBe(true);
+      expect(result.value).toEqual({ value: 42 });
+    } finally {
+      enclave.dispose();
+    }