Skip to content

[release/10.0] Update NPM dependencies#66050

Merged
wtgodbe merged 3 commits intorelease/10.0from
wtgodbe/AuditNFix10
Mar 28, 2026
Merged

[release/10.0] Update NPM dependencies#66050
wtgodbe merged 3 commits intorelease/10.0from
wtgodbe/AuditNFix10

Conversation

@wtgodbe
Copy link
Copy Markdown
Member

@wtgodbe wtgodbe commented Mar 27, 2026

Fixes CG alerts

@wtgodbe wtgodbe requested a review from a team as a code owner March 27, 2026 23:52
Copilot AI review requested due to automatic review settings March 27, 2026 23:52
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates NPM dependency constraints/lockfiles on the release/10.0 branch to address CG security alerts across the repo’s JS/TS workspaces.

Changes:

  • Bump @typescript-eslint/* to v8 in the JSInterop workspace.
  • Add/adjust root overrides to force patched transitive dependency versions (e.g., tar, serialize-javascript, @tootallnate/once).
  • Refresh package-lock.json to reflect the new resolved graph.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/JSInterop/Microsoft.JSInterop.JS/src/package.json Updates TypeScript ESLint tooling versions used by the JSInterop workspace.
package.json Adds additional root-level overrides to remediate vulnerable transitive deps.
package-lock.json Locks updated dependency graph/resolutions produced by the override/tooling updates.

Comment thread src/JSInterop/Microsoft.JSInterop.JS/src/package.json
@wtgodbe wtgodbe added the tell-mode Indicates a PR which is being merged during tell-mode label Mar 28, 2026
@github-actions github-actions Bot added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Mar 28, 2026
@build-analysis build-analysis Bot mentioned this pull request Mar 28, 2026
Open
3 tasks
@wtgodbe wtgodbe merged commit 093e938 into release/10.0 Mar 28, 2026
31 of 33 checks passed
@wtgodbe wtgodbe deleted the wtgodbe/AuditNFix10 branch March 28, 2026 01:56
@dotnet-policy-service dotnet-policy-service Bot added this to the 10.0.7 milestone Mar 28, 2026
@dotnet-maestro dotnet-maestro Bot mentioned this pull request Mar 28, 2026
Merged
@wtgodbe wtgodbe modified the milestones: 10.0.7, 10.0.8 Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically tell-mode Indicates a PR which is being merged during tell-mode

Projects

None yet

Milestone

10.0.8

Development

Successfully merging this pull request may close these issues.

2 participants

@wtgodbe