chore: bump versions (security)#4513
Merged
GordonSmith merged 1 commit intohpcc-systems:mainfrom Jan 26, 2026
Merged
Conversation
Signed-off-by: Gordon Smith <GordonJSmith@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR performs a comprehensive security-focused version bump of dependencies across the monorepo, updating multiple development and production dependencies to their latest patch/minor versions.
Changes:
- Updates root-level development tools (ESLint, TypeScript ESLint, Playwright, Vite, Rimraf) to latest versions
- Updates package-specific dependencies across multiple @hpcc-js packages (Preact, Lumino, Observable, lit-html, React, webpack tooling, and WASM packages)
- Updates demo applications to use latest internal @hpcc-js package versions
Reviewed changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updates root development dependencies including Vite 7.3.1 (requires Node.js 20.19.0+), Playwright 1.58.0, ESLint 9.39.2, and TypeScript ESLint 8.53.1 |
| package-lock.json | Comprehensive lockfile update with new resolved versions and integrity hashes for all updated dependencies |
| packages/react/package.json | Updates Preact from 10.27.3 to 10.28.2 |
| packages/phosphor/package.json | Updates @lumino/widgets from 2.7.2 to 2.7.3 |
| packages/observablehq-compiler/package.json | Updates @observablehq/notebook-kit from 1.5.0 to 1.5.1 |
| packages/markdown-it-plugins/package.json | Updates tsx from 4.20.6 to 4.21.0 |
| packages/graph/package.json | Updates @hpcc-js/wasm-graphviz from 1.17.0 to 1.20.0 and lit-html from 3.3.1 to 3.3.2 |
| packages/esbuild-plugins/package.json | Updates vite-plugin-static-copy, @hpcc-js/wasm-base91, and @hpcc-js/wasm-zstd versions |
| packages/dgrid2/package.json | Updates React ecosystem from 19.2.0/19.2.2 to 19.2.3/19.2.9 and react-data-grid from beta.58 to beta.59 |
| packages/dgrid-shim/package.json | Updates webpack from 5.102.1 to 5.104.1, terser-webpack-plugin from 5.3.14 to 5.3.16, and string-replace-loader |
| packages/comms/package.json | Updates undici from 7.18.2 to 7.19.1 and soap from 1.6.0 to 1.6.3 |
| demos/gallery/package.json | Updates internal @hpcc-js package version references to latest versions |
| demos/imdb/package.json | Updates internal @hpcc-js package version references to latest versions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
GordonSmith
added a commit
that referenced
this pull request
Jan 26, 2026
Signed-off-by: Gordon Smith <GordonJSmith@gmail.com>
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist:
Testing: