fix: dependabot package upgrades#554
Merged
Roopan-Microsoft merged 9 commits intodevfrom Apr 22, 2026
Merged
Conversation
Ayaz-Microsoft
had a problem deploying
to
production
GitHub Actions
Failure
…npm lockfile - Upgrade pydantic 2.12.5 -> 2.13.3 and pydantic-core 2.45.0 -> 2.46.3 to fix incompatible pinned versions (pydantic 2.12.5 requires pydantic-core==2.41.5) - Regenerate pnpm-lock.yaml to match updated package.json dependencies Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft
had a problem deploying
to
production
GitHub Actions
Failure
Coverage Report •
|
- Add eslint@^9.0.0 as devDependency to fix 'Cannot find module eslint' build error - Revert @eslint/js from ^10.0.1 to ^9.39.2 for compatibility with react-scripts 5.x - Regenerate pnpm-lock.yaml Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft
had a problem deploying
to
production
GitHub Actions
Failure
react-scripts 5.0.1 uses eslint-webpack-plugin@3.2.0 which passes extensions and resolvePluginsRelativeTo options removed in eslint 9. Using eslint 8.57.x which still supports these options. Tested locally - build succeeds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Resolved 9 conflicting files by keeping the latest version of each package: - pydantic 2.13.3, pydantic-core 2.46.3 (from PR branch, newer) - pillow 12.2.0 (from PR branch, newer) - coverage 7.13.5, pytest-cov 7.1.0 (from dev, newer) - pydantic-settings 2.13.1, starlette 1.0.0, uvicorn 0.42.0 (from dev, newer) - Regenerated uv.lock files with uv lock - Regenerated pnpm-lock.yaml with pnpm install Tested locally - frontend build succeeds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Regenerated uv.lock files for ContentProcessor and ContentProcessorAPI to align with pydantic 2.13.3 after new commits landed on dev. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Contributor
There was a problem hiding this comment.
Pull request overview
Updates dependency pins/lockfiles to address reported vulnerabilities across the Web (pnpm) and Python services (ContentProcessor + ContentProcessorAPI).
Changes:
- Bump MSAL packages and several frontend transitive overrides (including
follow-redirects) in the web app lockfile. - Adjust web dev tooling dependencies (notably
@eslint/js) and add aneslintdevDependency entry. - Update Python dependency pins (e.g.,
pydantic,pydantic-core,python-multipart,pillow,pytest) in bothrequirements.txtandpyproject.tomlwhere applicable.
Reviewed changes
Copilot reviewed 5 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/ContentProcessorWeb/pnpm-lock.yaml | Locks updated frontend dependency graph (MSAL, ESLint-related packages, follow-redirects). |
| src/ContentProcessorWeb/package.json | Updates frontend dev tooling deps and pnpm overrides to align with vulnerability remediation. |
| src/ContentProcessorAPI/requirements.txt | Bumps pinned Python package versions to newer patched releases. |
| src/ContentProcessorAPI/pyproject.toml | Updates pinned Python dependencies for the API service to match newer versions. |
| src/ContentProcessor/requirements.txt | Bumps pinned Python package versions (incl. pillow, pydantic*, pytest). |
| src/ContentProcessor/pyproject.toml | Updates pinned Python dependencies/dev-deps for the ContentProcessor service. |
Files not reviewed (1)
- src/ContentProcessorWeb/pnpm-lock.yaml: Language not supported
Comments suppressed due to low confidence (1)
src/ContentProcessorWeb/package.json:70
devDependenciescontains twoeslintentries (one newly added near the top and another existing later). Duplicate keys inpackage.jsonare invalid JSON and may lead to confusing/unstable dependency installs depending on the parser. Remove one of theeslintentries and keep a single version declaration.
"devDependencies": {
"@eslint/js": "^9.39.2",
"eslint": "^8.57.0",
"@testing-library/jest-dom": "^6.9.1",
"@testing-library/react": "^16.3.2",
"@testing-library/user-event": "^14.6.1",
"@types/jest": "^30.0.0",
"@types/node": "^22.15.0",
"@types/react": "^19.2.14",
"@types/react-dom": "^19.2.3",
"@types/react-virtualized": "^9.22.3",
"@types/react-window": "^2.0.0",
"customize-cra": "^1.0.0",
"eslint": "^8.57.0",
"gh-pages": "^6.3.0",
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Ayaz-Microsoft
requested review from
Avijit-Microsoft,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801,
nchandhi and
toherman-msft
as code owners
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 8 changed files in this pull request and generated 1 comment.
Files not reviewed (1)
- src/ContentProcessorWeb/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Roopan-Microsoft
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information