fix: restore copilot extension dep ranges and pin typescript ^5.9.3

[imran-siddique]

Fixes ADO build failure: ts-jest@^29 requires typescript <6, and previous lockfile regen stripped all caret ranges causing exact pins to nonexistent versions.

• Restore caret ranges on all deps/devDeps
• typescript ^5.9.3 (latest 5.x, ts-jest compatible)
• eslint ^9 (typescript-eslint 8.x compat)
• Regenerate package-lock.json

[github-actions]

🤖 AI Agent: code-reviewer

Feedback on Pull Request

🔴 CRITICAL

1. Dependency Downgrades:

   • The downgrade of dependencies such as eslint (from 10.1.0 to 9.39.4) and related packages (@eslint/core, @eslint/config-array, etc.) introduces potential vulnerabilities or missing features. Ensure that the downgraded versions do not reintroduce known security vulnerabilities or break compatibility with the rest of the codebase. Use tools like npm audit or Snyk to verify this.

2. Peer Dependencies:

   • Adding "peer": true to several dependencies (e.g., eslint, typescript, jest) without proper validation can lead to runtime issues if the consuming project does not meet the peer dependency requirements. Ensure that the consuming projects are compatible with these changes.

🟡 WARNING

1. Breaking Changes in Dependency Versions:

   • The downgrade of typescript from 6.0.2 to 5.9.3 might cause compatibility issues with other dependencies or code relying on features introduced in TypeScript 6.x. Verify that all code and dependencies are compatible with TypeScript 5.9.3.

2. Lockfile Regeneration:

   • The regeneration of package-lock.json introduces significant changes to dependency versions and sub-dependencies. This can lead to breaking changes in runtime behavior. Ensure thorough testing of all affected packages and extensions.

💡 SUGGESTION

1. Automated Dependency Validation:

   • Integrate tools like npm audit or Snyk into the CI/CD pipeline to automatically detect vulnerabilities in dependencies during pull requests.

2. Backward Compatibility Testing:

   • Run regression tests across all packages in the monorepo to ensure that the changes do not introduce breaking changes or runtime errors.

3. Dependency Pinning:

   • While restoring caret ranges (^) for dependencies is helpful for flexibility, consider pinning critical dependencies (e.g., typescript, eslint) to specific versions to avoid unexpected behavior due to minor or patch updates.

4. Documentation Update:

   • Update the documentation or release notes to inform users about the downgraded dependencies and any potential impact on compatibility or features.

Summary

This pull request introduces significant changes to dependency versions and lockfile structure. While it resolves the immediate build failure, it introduces potential risks related to security vulnerabilities, runtime compatibility, and breaking changes. Address the critical issues and warnings, and ensure thorough testing before merging.

[github-actions]

🤖 AI Agent: security-scanner — Security Analysis of the Pull Request

Security Analysis of the Pull Request

This pull request primarily focuses on dependency updates, lockfile regeneration, and version pinning for the microsoft/agent-governance-toolkit repository. While these changes are not directly modifying the core logic of the toolkit, dependency updates can introduce security risks or mitigate existing vulnerabilities. Below is a detailed analysis of potential security concerns:

---

1. Prompt Injection Defense Bypass

Risk Level: 🔵 LOW
Analysis:
This PR does not directly modify any prompt handling or input sanitization logic. However, dependency updates (e.g., typescript, eslint, path-to-regexp) could indirectly affect how prompts are processed or validated. For example, if path-to-regexp is used in routing or input validation, changes in its behavior could inadvertently allow crafted input to bypass guards.
Recommendation:

• Review the usage of path-to-regexp in the codebase to ensure that its updated version does not introduce any changes that could weaken input validation.
• Add or update test cases to verify that prompt injection defenses remain robust.

---

2. Policy Engine Circumvention

Risk Level: 🔵 LOW
Analysis:
The PR does not modify the policy engine directly. However, changes to dependencies like typescript and eslint could affect the behavior of the codebase, especially if the policy engine relies on specific TypeScript features or linting rules.
Recommendation:

• Run the full test suite to ensure that the policy engine's behavior remains consistent.
• Perform a manual review of the policy engine's logic to confirm that no assumptions have been invalidated by the dependency updates.

---

3. Trust Chain Weaknesses

Risk Level: 🔵 LOW
Analysis:
No changes in this PR directly affect trust chain mechanisms such as SPIFFE/SVID validation or certificate pinning. However, updates to dependencies like axios (used for HTTP requests) could impact how certificates are validated.
Recommendation:

• Verify that the updated version of axios (^1.14.0) does not introduce any changes to SSL/TLS validation behavior.
• Ensure that any custom certificate validation logic is still functioning as expected.

---

4. Credential Exposure

Risk Level: 🔵 LOW
Analysis:
There are no changes in this PR that suggest any new risk of credential exposure. However, the introduction of new dependencies and changes to existing ones (e.g., dotenv) necessitate a review of how environment variables and secrets are handled.
Recommendation:

• Confirm that dotenv is used securely and that sensitive information is not inadvertently logged or exposed.

---

5. Sandbox Escape

Risk Level: 🔵 LOW
Analysis:
This PR does not introduce any changes to sandboxing or containerization logic. No new dependencies appear to have the capability to affect process isolation.
Recommendation:

• No immediate action required. Continue to monitor for any changes to dependencies that could impact sandboxing.

---

6. Deserialization Attacks

Risk Level: 🟠 HIGH
Analysis:
The updated js-yaml dependency (^4.1.1) is a critical component for YAML parsing. If js-yaml is used to parse untrusted input, it could be vulnerable to deserialization attacks, especially if the safeLoad function is not used.
Recommendation:

• Verify that js-yaml is only used with safe parsing methods (e.g., safeLoad or equivalent).
• Add tests to ensure that malicious YAML payloads cannot exploit deserialization vulnerabilities.

---

7. Race Conditions

Risk Level: 🔵 LOW
Analysis:
No changes in this PR suggest the introduction of race conditions. Dependency updates should not affect concurrency or time-of-check-to-time-of-use (TOCTOU) issues unless they modify critical sections of the codebase.
Recommendation:

• No immediate action required. Ensure that tests for concurrency issues are included in the test suite.

---

8. Supply Chain Risks

Risk Level: 🔴 CRITICAL
Analysis:
The PR introduces several new dependencies and updates existing ones. This increases the risk of supply chain attacks, such as dependency confusion or typosquatting. Notably, the following dependencies are updated or added:

• path-to-regexp updated to ^8.4.1
• typescript pinned to ^5.9.3
• eslint downgraded to ^9.0.0
• New dependencies: lodash.merge, globals, parent-module, import-fresh

Recommendation:

• Verify Dependency Authenticity: Ensure that all dependencies are sourced from trusted registries and are not typosquatted packages. Use tools like npm audit or snyk to identify vulnerabilities in the dependency tree.
• Review Critical Dependencies: Manually review the changelogs and commits for critical dependencies like path-to-regexp, js-yaml, and axios to identify any potential security implications.
• Lock Dependency Versions: While some dependencies are pinned (e.g., typescript), others are still using caret (^) ranges. Consider pinning all dependencies to specific versions to prevent unintentional updates.
• Implement Dependency Scanning: Integrate a dependency scanning tool into the CI/CD pipeline to monitor for vulnerabilities in real-time.

---

Summary of Findings

Finding	Risk Level	Description	Recommendation
Prompt Injection Defense Bypass	🔵 LOW	Dependency updates could indirectly affect input validation.	Review path-to-regexp usage and update test cases.
Policy Engine Circumvention	🔵 LOW	Dependency updates could affect policy engine behavior.	Run tests and manually review policy engine logic.
Trust Chain Weaknesses	🔵 LOW	Dependency updates could impact SSL/TLS validation.	Verify axios SSL/TLS behavior.
Credential Exposure	🔵 LOW	No direct changes, but dotenv usage should be reviewed.	Ensure secrets are not logged or exposed.
Sandbox Escape	🔵 LOW	No changes affecting sandboxing or isolation.	No immediate action required.
Deserialization Attacks	🟠 HIGH	js-yaml update could introduce unsafe deserialization risks.	Use safe parsing methods and add tests for malicious YAML payloads.
Race Conditions	🔵 LOW	No changes suggesting race conditions.	No immediate action required.
Supply Chain Risks	🔴 CRITICAL	New dependencies and updates increase risk of supply chain attacks.	Verify dependency authenticity, review changelogs, and lock versions.

---

Final Recommendation

Before merging this PR:

1. Perform a thorough review of the updated and newly introduced dependencies, focusing on path-to-regexp, js-yaml, and axios.
2. Run a dependency scanning tool to identify any known vulnerabilities.
3. Consider pinning all dependencies to specific versions to reduce the risk of unintentional updates.
4. Add or update tests to ensure that critical security features (e.g., prompt injection defenses, deserialization safety) remain intact.