Skip to content

Update dependencies #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
martincostello merged 1 commit into from
Dec 1, 2025
Merged

Update dependencies #82

martincostello merged 1 commit into from
Dec 1, 2025

Conversation

@martincostello
Copy link
Member

@martincostello martincostello commented Dec 1, 2025

Update all dependencies to their latest versions.

@martincostello
Update dependencies
4714cf9 
Update all dependencies to their latest versions.
@martincostello martincostello added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 1, 2025
@martincostello martincostello marked this pull request as ready for review December 1, 2025 10:45
Copilot AI review requested due to automatic review settings December 1, 2025 10:45
@martincostello martincostello merged commit 89c2fa7 into dev Dec 1, 2025
1 check passed
@martincostello martincostello deleted the bump-packages branch December 1, 2025 10:45
Copilot finished reviewing on behalf of martincostello December 1, 2025 10:47
Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates all project dependencies to their latest versions and changes the versioning strategy from semver ranges (using ^) to exact version pinning for all dependencies.

Key changes:

  • Removes all caret (^) version ranges in favor of exact version pinning for both dependencies and devDependencies
  • Updates glob from 11.0.3 to 13.0.0 (a major version jump)
  • Updates several other packages to their latest minor/patch versions (query-string, mocha, prettier, yeoman-environment, yeoman-test)

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
package.json Updates all dependency versions and removes caret ranges, switching to exact version pinning
package-lock.json Reflects the dependency updates with reorganized dependency trees and updated nested dependencies

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

package.json
"cross-fetch": "4.1.0",
"query-string": "9.3.1",
"yeoman-generator": "7.5.1",
"yosay": "3.0.0"
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] All caret (^) version ranges have been removed from dependencies, switching to exact version pinning. This prevents automatic minor and patch updates. While this provides more control over dependency versions, it means security patches and bug fixes won't be automatically available. Consider whether this stricter versioning strategy is intentional for this project.

Suggested change
"yosay": "3.0.0"
"yosay": "^3.0.0"

Copilot uses AI. Check for mistakes.
package.json
"yeoman-generator": "7.5.1",
"yosay": "3.0.0"
},
"devDependencies": {
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The glob package is being updated from version 11.0.3 to 13.0.0, skipping version 12 entirely. This is a major version jump that may introduce breaking changes. Ensure that all usages of glob in the codebase are compatible with version 13.x API changes, and verify that the test suite covers these scenarios.

Suggested change
"devDependencies": {
"devDependencies": {
// NOTE: glob updated from 11.x to 13.x (skipping 12). Review all usages for compatibility with v13 API changes and ensure tests cover these scenarios.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello