Skip to content

fix(amplify-category-function): remove jstreemap dependency#14939

Draft
sarayev wants to merge 1 commit into
devfrom
fix/remove-jstreemap-dependency
Draft

fix(amplify-category-function): remove jstreemap dependency#14939
sarayev wants to merge 1 commit into
devfrom
fix/remove-jstreemap-dependency

Conversation

@sarayev

@sarayev sarayev commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Description of changes

Removes the jstreemap dependency from amplify-category-function entirely.

jstreemap releases 1.29.1–1.29.3 shipped a broken UMD bundle that threw ReferenceError: self is not defined on Node, crashing amplify-category-function during amplify init and causing SEV-2s. PR #14922 mitigated this by pinning jstreemap to 1.28.2, but the dependency — and therefore the risk vector — remained.

The package only used jstreemap's TreeSet, and only for membership checks and a single max-value lookup. These are trivially served by the native Set, so the dependency can be dropped outright rather than pinned, permanently eliminating the broken-bundle risk.

Replace TreeSet with native Set

In the cron expression generator, all TreeSet usage is migrated to Set<number>: the field initializers and reset paths now construct new Set<number>(), the TreeSet<number> type annotations become Set<number>, and the one sorted-order lookup (daysOfMonth.last()) becomes Math.max(...this.daysOfMonth), which returns the same largest element. Membership checks (.has()) and insertions (.add()) are identical on both types, so behavior is unchanged.

Drop the dependency

The jstreemap entry is removed from the package manifest and yarn.lock is regenerated to drop all related entries.

Issue #, if available

N/A — follow-up to the mitigation in #14922.

Description of how you validated changes

  • tsc type-checks cleanly with no errors.
  • The cron expression test suite (scheduleWalkthrough) passes 7/7.
  • Zero remaining jstreemap / TreeSet references across the package, and zero jstreemap entries in yarn.lock.

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)
  • New AWS SDK calls or CloudFormation actions have been added to relevant test and service IAM policies
  • Pull request labels are added

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sarayev
fix(amplify-category-function): remove jstreemap dependency
22e4b8a 
jstreemap releases 1.29.1-1.29.3 shipped a broken UMD bundle that
threw "ReferenceError: self is not defined" on Node, crashing
amplify-category-function during `amplify init` and causing SEV-2s.
PR #14922 mitigated this by pinning jstreemap to 1.28.2, but the
risk vector remained.

The package only used jstreemap's TreeSet, and solely for membership
checks and a single max-value lookup. These are trivially served by
the native Set: all `new TreeSet()` instances become `new
Set<number>()`, the `TreeSet<number>` type annotations become
`Set<number>`, and the one `daysOfMonth.last()` call becomes
`Math.max(...this.daysOfMonth)`. Removing the dependency entirely
permanently eliminates the broken-bundle risk.

Removed the `jstreemap` entry from the package manifest and
regenerated yarn.lock to drop all jstreemap entries.

Testing: tsc clean, cron expression tests 7/7 passing, and zero
remaining jstreemap/TreeSet references across the package.

---
Prompt: Can we get rid of jstreemap in our repo (amplify-cli)
completely? Implement that! Prepare a PR for it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sarayev