fix: patch outdated dependencies and update overrides#7393
Open
waldekmastykarz wants to merge 5 commits into
Open
fix: patch outdated dependencies and update overrides#7393waldekmastykarz wants to merge 5 commits into
waldekmastykarz wants to merge 5 commits into
Conversation
- @inquirer/confirm 6.1.0 → 6.1.1 - @inquirer/select 5.2.0 → 5.2.1 - eslint 10.4.0 → 10.4.1 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- fast-xml-parser 5.7.0 → 5.8.0 (adaptive-expressions) - lodash 4.18.0 → 4.18.1 (adaptive-expressions) - swiper 12.1.3 → 12.2.0 (adaptivecards) - @opentelemetry/sdk-node 0.217.0 → 0.218.0 (@azure/monitor-opentelemetry) - @opentelemetry/exporter-prometheus 0.217.0 → 0.218.0 (@azure/monitor-opentelemetry) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The skill now covers: 1. npm audit — security vulnerabilities 2. npm outdated — outdated direct dependencies 3. Override checks — stale pinned versions in overrides Previously only covered npm audit, missing outdated deps and overrides. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When the latest target version is in cooldown (<7 days old), the skill now checks for older intermediate versions between current and target that pass the 7-day rule. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive dependency patch covering all three blind spots:
npm audit,npm outdated, and override staleness checks.Direct dependencies updated
@inquirer/confirm6.1.0 → 6.1.1@inquirer/select5.2.0 → 5.2.1@inquirer/input5.1.0 → 5.1.1eslint10.4.0 → 10.4.1Overrides updated
fast-xml-parser5.7.0 → 5.8.0 (adaptive-expressions)lodash4.18.0 → 4.18.1 (adaptive-expressions)swiper12.1.3 → 12.2.0 (adaptivecards)@opentelemetry/sdk-node0.217.0 → 0.218.0 (@azure/monitor-opentelemetry)@opentelemetry/exporter-prometheus0.217.0 → 0.218.0 (@azure/monitor-opentelemetry)Remaining (not patched)
In cooldown (<7 days old): @azure/msal-common, @azure/msal-node, @types/node, @typescript-eslint/eslint-plugin, axios, semver
Major version bumps (skipped): uuid 11→14, diff 8→9, jws 3→4, protobufjs 7→8, @xmldom/xmldom 0.8→0.9, typescript 5→6
Verification
All 15,760 tests pass with 100% code coverage.