Skip to content

chore(deps): remove unused remark-prism dependency#17098

Merged
sfanahata merged 1 commit intomasterfrom
chore/remove-unused-remark-prism
Mar 24, 2026
Merged

chore(deps): remove unused remark-prism dependency#17098
sfanahata merged 1 commit intomasterfrom
chore/remove-unused-remark-prism

Conversation

@sfanahata
Copy link
Contributor

@sfanahata sfanahata commented Mar 23, 2026
edited
Loading

Summary

Removes the unused remark-prism dependency.

Why

  • remark-prism is listed in package.json but not imported anywhere in the codebase
  • The project uses rehype-prism-plus for syntax highlighting instead (imported in src/mdx.ts)
  • Removing it also eliminates the @tootallnate/once transitive dependency which has a LOW severity vulnerability (CVE-2026-3449)

Investigation

# Confirmed remark-prism is not imported in source code
grep -r "remark-prism" --include="*.js" --include="*.ts" src/ app/
# (no results)

# rehype-prism-plus is the actual syntax highlighter in use
grep "rehype-prism" src/mdx.ts
# import rehypePrismPlus from 'rehype-prism-plus';

Testing

  • pnpm install succeeds
  • pnpm test:ci passes (149 tests)
  • CI will validate full build

Related

Part of security dependency cleanup effort.

Fixes:

chore(deps): remove unused remark-prism dependency
6d6ba53 
Remove remark-prism as it's not imported anywhere in the codebase.
The project uses rehype-prism-plus for syntax highlighting instead.

This also removes the @tootallnate/once transitive dependency which
has a LOW severity vulnerability (CVE-2026-3449).
@vercel
Copy link

vercel bot commented Mar 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
develop-docs Ready Ready Preview, Comment Mar 23, 2026 11:41pm
sentry-docs Ready Ready Preview, Comment Mar 23, 2026 11:41pm

Request Review

@sfanahata sfanahata requested review from chargome and sergical March 23, 2026 23:45
@sfanahata sfanahata merged commit 7918be0 into master Mar 24, 2026
18 checks passed
@sfanahata sfanahata deleted the chore/remove-unused-remark-prism branch March 24, 2026 16:43
@sfanahata sfanahata mentioned this pull request Mar 24, 2026
Merged
sfanahata added a commit that referenced this pull request Mar 24, 2026
@sfanahata
chore(deps): refresh pnpm lockfile (#17106)
6dda6d1 
## Summary
- Refreshes pnpm-lock.yaml to pick up latest transitive dependency
resolutions
- Ensures overrides from previous PRs are fully applied in the lockfile

## Related PRs
- #17095 - Added pnpm overrides for transitive vulnerabilities
- #17096 - Updated sass to 1.98.0
- #17097 - Updated @aws-sdk/client-s3 to 3.1015.0
- #17098 - Removed unused remark-prism

## Testing
- `pnpm install` completes successfully
- `pnpm build` passes
- `pnpm test` passes

Co-authored-by: Shannon Anahata <shannonanahata@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergical sergical sergical approved these changes

@chargome chargome Awaiting requested review from chargome

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sfanahata @sergical