Skip to content

chore: upgrade deps#1552

Open
paustint wants to merge 1 commit intomainfrom
chore/dep-upgrade-02192026
Open

chore: upgrade deps#1552
paustint wants to merge 1 commit intomainfrom
chore/dep-upgrade-02192026

Conversation

@paustint
Copy link
Contributor

@paustint paustint commented Feb 19, 2026

relates to #1551

Copilot AI review requested due to automatic review settings February 19, 2026 22:52
@socket-security
Copy link

socket-security bot commented Feb 19, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedreact@​19.2.41001008497100
Addedprism-react-renderer@​2.4.19910010086100
Addedtypescript@​5.9.31001009010090
Addedreact-dom@​19.2.41001009298100

View full report

Copilot AI reviewed Feb 19, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request upgrades multiple npm dependencies to address security vulnerabilities and keep the project up-to-date, relating to issue #1551. The changes include security patches for axios, lodash, tar, and other packages, as well as major version upgrades for jsdom and webpack.

Changes:

  • Security updates for axios (1.13.2 → 1.13.5), lodash (4.17.21 → 4.17.23), tar (7.5.7 → 7.5.9), and AWS SDK packages
  • Major version upgrade for jsdom (22.1.0 → 28.1.0) - 6 major versions
  • Webpack upgrade (5.101.3 → 5.105.2)
  • React version bump in docs app (19.2.0 → 19.2.4)
  • Removal of fast-xml-parser workaround resolutions

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 2 comments.

File Description
package.json Updated dependency versions for security patches and removed fast-xml-parser resolutions
yarn.lock Updated dependency tree with new versions and transitive dependencies
apps/docs/package.json Updated React and React-DOM to 19.2.4
apps/docs/yarn.lock Updated React dependency tree for docs app

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

package.json
"html-webpack-plugin": "^5.6.5",
"husky": "^9.1.7",
"jsdom": "22.1.0",
"jsdom": "^28.1.0",
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The upgrade from jsdom 22.1.0 to ^28.1.0 is a major version change (6 major versions). This is a significant breaking change that requires careful testing. According to the jsdom changelog, version 23.0.0 introduced breaking changes including:

  • Removed deprecated APIs
  • Changed behavior of some DOM methods
  • Updated dependencies with their own breaking changes

Please verify that all code using jsdom (especially in test environments) has been tested thoroughly to ensure compatibility with this major version upgrade.

Suggested change
"jsdom": "^28.1.0",
"jsdom": "22.1.0",

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paustint

Comments