chore: update dependencies while keeping zod at v3 #199
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Consolidate build process with unified artifact generation - Add Docker image build support with multi-platform capability - Implement NPM package preparation workflow - Enhance security scanning with CodeQL integration - Replace DeepSource with SonarQube for code quality analysis - Add comprehensive issue templates and PR template - Improve artifact naming with commit SHA for traceability - Add build manifest generation for transparency - Update release process to create tag before artifacts - Add reusable Docker workflow for modularity 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- revert sonarqube changes to use deepsource for test coverage - update main.yml to pass DEEPSOURCE_DSN secret - update pr.yml to pass DEEPSOURCE_DSN secret - update reusable-validate.yml to expect DEEPSOURCE_DSN - preserve existing deepsource test coverage workflow integration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- add nodejs user with UID 1001 and GID 1001 (DS002 HIGH) - change ownership of /app directory to nodejs user - switch to non-root user before starting application - add HEALTHCHECK instruction for container monitoring (DS026 LOW) - resolves Trivy security scan failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- remove HEALTHCHECK instruction as it doesn't provide meaningful verification for stdio-based MCP servers - DS026 (LOW severity) will be flagged but won't block builds - only HIGH/CRITICAL severities cause build failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- document workflow improvements and consolidation - highlight docker security enhancements - note developer experience improvements - patch version bump for infrastructure changes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- add HEALTHCHECK instruction for container monitoring - resolves DS026 (LOW severity) Trivy finding - ensures clean security scan with no findings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated production and development dependencies to latest versions: - @modelcontextprotocol/sdk: 1.18.1 → 1.20.0 - Dev dependencies: commitlint, typescript-eslint, eslint, lint-staged, typescript, vite, and others - Kept zod at 3.25.76 as requested (v4 available but not upgraded) All tests passing with 80%+ coverage maintained. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
|
Here's the code health analysis summary for commits Analysis Summary
Code Coverage Report
|
There was a problem hiding this comment.
Pull Request Overview
Updates all dependencies to their latest versions while keeping zod at v3 per project requirements, and significantly refactors the CI/CD infrastructure with enhanced Docker support, security improvements, and better developer experience.
- Dependency updates from patch versions to latest compatible releases
- Major CI/CD workflow restructuring with unified build process and reusable Docker workflows
- Enhanced security with CodeQL integration, container hardening, and vulnerability scanning
Reviewed Changes
Copilot reviewed 16 out of 17 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated 11 dependencies to latest versions while preserving zod at v3 |
| Dockerfile | Added non-root user security and health check for container hardening |
| .github/workflows/reusable-validate.yml | Split into separate test and lint jobs with changeset validation |
| .github/workflows/reusable-setup.yml | Removed redundant setup workflow (functionality merged elsewhere) |
| .github/workflows/reusable-security.yml | Streamlined security scanning with audit and OSV workflows |
| .github/workflows/reusable-docker.yml | New comprehensive Docker workflow with multi-platform builds and Trivy scanning |
| .github/workflows/publish.yml | Enhanced to use pre-built artifacts with attestation support |
| .github/workflows/pr.yml | Simplified with new security and Docker validation workflows |
| .github/workflows/main.yml | Major restructuring with unified build phase and better artifact management |
| .github/workflows/codeql.yml | New dedicated CodeQL security analysis workflow |
| .github/scripts/determine-artifact.sh | New script for finding correct artifacts from GitHub releases |
| .github/pull_request_template.md | Added comprehensive PR template for better contributions |
| .github/ISSUE_TEMPLATE/feature_request.md | Added feature request template |
| .github/ISSUE_TEMPLATE/bug_report.md | Added bug report template |
| .changeset/silver-sheep-exist.md | Empty changeset for dependency updates |
| .changeset/refactor-ci-workflows-docker-security.md | Changeset documenting CI/CD refactoring |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Comments suppressed due to low confidence (1)
.github/workflows/reusable-security.yml:1
- The secret DEEPSOURCE_DSN is marked as required, but it was optional in the original workflow. This could break existing workflows if the secret is not configured.
# =============================================================================
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates all dependencies to their latest versions while keeping zod at v3 as requested.
Changes
Production Dependencies
Development Dependencies
Kept at v3
Testing
Changeset
🤖 Generated with Claude Code