fix: Security removal dependency null-loader

[mtrezza]

Pull Request

• Report security issues confidentially.
• Any contribution is under this license.

Issue

Security removal dependency null-loader

Summary by CodeRabbit

• Chores
  • Removed an obsolete development dependency to streamline the build environment and reduce unnecessary package files.
  • Updated build configuration so .flow type-definition files are now treated as raw assets during bundling, reducing build clutter and improving build performance.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

Removed the null-loader devDependency and updated webpack configuration to treat .flow files as raw source assets (asset/source) instead of using the removed loader.

Changes

Cohort / File(s)	Summary
Dependency Removal package.json	Removed null-loader (v4.0.1) from devDependencies.
Webpack Configuration Update webpack/base.config.js	Replaced handling of .flow files: no longer uses null-loader; now treats .flow files as asset/source so they are emitted/processed as raw source assets.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete. It includes boilerplate text and only states the issue as 'Security removal dependency null-loader' without providing implementation details, and all tasks are unchecked.	Complete the 'Approach' section to describe what changes were made and why. Address the unchecked tasks or confirm they are not applicable.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: removing the null-loader dependency for security reasons.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@webpack/base.config.js`:
- Around line 78-81: The webpack rule matching test: /\.flow$/ currently sets
type: 'asset/source' but includes an invalid generator option (generator: {
emit: false }); remove the generator property from the .flow rule so it is
simply type: 'asset/source' (or, if you truly need emit: false behavior, change
the rule to type: 'asset/resource' and keep generator: { emit: false }); update
the rule that contains test: /\.flow$/ accordingly.

[parseplatformorg]

🎉 This change has been released in version 9.0.1-alpha.5