Skip to content

MLE-24230 Updating all devDependencies#1001

Merged
rjrudin merged 1 commit intodevelopfrom
feature/24763-remove-more-overrides
Oct 22, 2025
Merged

MLE-24230 Updating all devDependencies#1001
rjrudin merged 1 commit intodevelopfrom
feature/24763-remove-more-overrides

Conversation

@rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Oct 17, 2025

Draft for now, as it depends on 2 other PRs waiting to be merged.

@github-actions
Copy link

github-actions bot commented Oct 17, 2025
edited
Loading

Copyright Validation Results
Total: 4 | Passed: 0 | Failed: 0 | Skipped: 4 | at: 2025-10-22 12:40:08 UTC | commit: c57c5ea

⏭️ Skipped (Excluded) Files

  • CONTRIBUTING.md
  • Jenkinsfile
  • package-lock.json
  • package.json

✅ All files have valid copyright headers!

@rjrudin rjrudin force-pushed the feature/24763-remove-more-overrides branch from 9f76d8f to 5670ce1 Compare October 20, 2025 14:19
@rjrudin rjrudin marked this pull request as ready for review October 20, 2025 14:19
Copilot AI review requested due to automatic review settings October 20, 2025 14:19
@rjrudin rjrudin requested a review from stevebio as a code owner October 20, 2025 14:19
Copilot AI reviewed Oct 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates all devDependencies to their latest versions and reorganizes the overrides section in package.json. The PR also adds comprehensive documentation explaining each override's purpose, particularly focusing on security vulnerability mitigation.

  • Updates 21 devDependencies to newer versions, removing caret (^) version prefixes for exact version pinning
  • Alphabetizes the overrides section and removes obsolete entries (is-arrayish, nanoid, simple-get, serialize-javascript)
  • Adds detailed documentation in CONTRIBUTING.md explaining the purpose of each override, including CVE references and affected dependencies

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
package.json Updates all devDependencies to latest versions with exact version pinning, reorganizes and cleans up the overrides section
CONTRIBUTING.md Adds comprehensive documentation for each package.json override, explaining security vulnerabilities and their mitigations

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@rjrudin
Copy link
Contributor Author

rjrudin commented Oct 20, 2025

I asked Copilot to analyze every dependency in package.json, here's it's conclusion:

🚀 READY FOR LINTING WORK!
Your package.json is now in production-ready condition:

Zero vulnerabilities
Every dependency necessary
Every override documented and active
Clean, optimized dependency tree
Security hardened against known attacks

You're all set to move back to the linting work! The foundation is solid. 💪

@rjrudin rjrudin changed the title MLE-24763 Updating all devDependencies MLE-24230 Updating all devDependencies Oct 20, 2025
@rjrudin rjrudin force-pushed the feature/24763-remove-more-overrides branch from 5670ce1 to e12461b Compare October 20, 2025 14:54
@rjrudin
MLE-24230 Updating all devDependencies
c57c5ea 
And not using the caret so we know exactly which version we're using.

Also documented each override and alphabetized them. And removed the following overrides which Copilot verified were not in the dependency graph:

- is-arrayish
- nanoid
- simple-get
- serialize-javascript
@rjrudin rjrudin force-pushed the feature/24763-remove-more-overrides branch from e12461b to c57c5ea Compare October 22, 2025 12:39
@rjrudin rjrudin merged commit 72bdd4b into develop Oct 22, 2025
3 checks passed
@rjrudin rjrudin deleted the feature/24763-remove-more-overrides branch October 22, 2025 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BillFarber BillFarber BillFarber approved these changes

@anu3990 anu3990 Awaiting requested review from anu3990 anu3990 is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rjrudin @BillFarber