Upgrade CI actions and project dependencies#78
Open
dsanchezcr wants to merge 1 commit into
Open
Conversation
Bumps `actions/checkout` from v6 to v7 across CI, CodeQL, and dependency review workflows, and updates the devcontainer Docker-in-Docker feature to v4. Also refreshes frontend and API dependency versions (notably Radix UI, Tailwind, Playwright, ESLint/TypeScript tooling, Azure Functions packages, and Node types) to keep the stack current and aligned with newer toolchain releases.
Dependency ReviewThe following issues were found:
|
There was a problem hiding this comment.
Pull request overview
This PR updates CI/devcontainer tooling and refreshes frontend/API npm dependencies to keep the project aligned with newer ecosystem releases (GitHub Actions, Dev Containers features, and JS/TS packages).
Changes:
- Bumped
actions/checkouttov7across CI, CodeQL, and dependency-review workflows. - Updated devcontainer Docker-in-Docker feature to
:4. - Refreshed frontend and API dependency versions (Radix UI, Tailwind toolchain, Playwright, ESLint/TypeScript tooling, Azure Functions packages, Node types) and updated lockfiles accordingly.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updates frontend/runtime tooling deps (Radix UI, Tailwind, Playwright, ESLint/TS) including @types/node. |
| package-lock.json | Lockfile updates reflecting the dependency refresh (includes new resolved/integrity entries). |
| api/package.json | Updates API deps (@azure/functions) and dev tooling (@types/node, core tools). |
| api/package-lock.json | Lockfile updates for the API dependency refresh (includes new resolved/integrity entries). |
| .github/workflows/dependency-review.yml | Bumps checkout action to v7. |
| .github/workflows/codeql.yml | Bumps checkout action to v7. |
| .github/workflows/ci-cd.yml | Bumps checkout action to v7 across multiple jobs. |
| .devcontainer/devcontainer.json | Updates Docker-in-Docker devcontainer feature to major :4. |
Review details
Files not reviewed (1)
- api/package-lock.json: Generated file
- Files reviewed: 6/8 changed files
- Comments generated: 3
- Review effort level: Low
Comment on lines
237
to
241
| "node_modules/@azure/functions": { | ||
| "version": "4.16.0", | ||
| "resolved": "https://registry.npmjs.org/@azure/functions/-/functions-4.16.0.tgz", | ||
| "integrity": "sha512-cwLld7tRi1VLYNdm1evgS9n8ABP/e+0uLjRO++OjM/kigERG80OfFRRMbag/vpXUzCtda83lDiuCvcwPlxgwZw==", | ||
| "version": "4.16.1", | ||
| "resolved": "https://ms-feed-2.pkgs.visualstudio.com/1es-public/_packaging/npm-public/npm/registry/@azure/functions/-/functions-4.16.1.tgz", | ||
| "integrity": "sha1-wy8A+f2oWzRYlbAQB2oDjWmcDPM=", | ||
| "license": "MIT", |
Comment on lines
+74
to
77
| "@playwright/test": "^1.61.0", | ||
| "@tailwindcss/postcss": "^4.3.2", | ||
| "@types/node": "^26.1.0", | ||
| "@types/qrcode": "^1.5.6", |
Comment on lines
22
to
+24
| "@types/jest": "^30.0.0", | ||
| "@types/node": "^25.9.2", | ||
| "azure-functions-core-tools": "^4.12.0", | ||
| "@types/node": "^26.1.0", | ||
| "azure-functions-core-tools": "^4.12.1", |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://black-cliff-03b41b10f-78.eastus2.7.azurestaticapps.net |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
actions/checkoutfrom v6 to v7 across CI, CodeQL, and dependency review workflows, and updates the devcontainer Docker-in-Docker feature to v4. Also refreshes frontend and API dependency versions (notably Radix UI, Tailwind, Playwright, ESLint/TypeScript tooling, Azure Functions packages, and Node types) to keep the stack current and aligned with newer toolchain releases.Purpose
Does this introduce a breaking change?
Pull Request Type
What kind of change does this Pull Request introduce?
How to Test
What to Check
Verify that the following are valid
Other Information