Skip to content

Fix dependency vulnerability overrides#257

Merged
GoodDayForSurf merged 5 commits into
DevExpress:masterfrom
GoodDayForSurf:master_fix-deps_vulnerability
Jun 19, 2026
Merged

Fix dependency vulnerability overrides#257
GoodDayForSurf merged 5 commits into
DevExpress:masterfrom
GoodDayForSurf:master_fix-deps_vulnerability

Conversation

@GoodDayForSurf

@GoodDayForSurf GoodDayForSurf commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@GoodDayForSurf GoodDayForSurf self-assigned this Jun 19, 2026
@GoodDayForSurf GoodDayForSurf requested review from a team and Copilot June 19, 2026 08:35
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates pnpm overrides/lockfile to address dependency vulnerabilities by forcing patched versions for several transitive packages.

Changes:

  • Added new overrides for @babel/core and tar, and updated existing overrides for vite and hono.
  • Updated pnpm-lock.yaml to reflect some dependency bumps (notably @babel/core and tar) and override metadata.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File Description
pnpm-workspace.yaml Adjusts overrides rules intended to force patched dependency versions.
pnpm-lock.yaml Updates stored overrides and some resolved packages in the lockfile.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pnpm-workspace.yaml Outdated
Comment thread pnpm-workspace.yaml Outdated
fast-uri@<=3.1.0: '>=3.1.1'
fast-uri@<=3.1.1: '>=3.1.2'
hono@<4.12.18: '>=4.12.18'
hono@<4.12.18: '>=4.12.25'
Comment thread pnpm-lock.yaml Outdated
Comment thread pnpm-lock.yaml Outdated
@GoodDayForSurf GoodDayForSurf requested a review from Copilot June 19, 2026 11:14
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 6 comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

Comment thread pnpm-workspace.yaml Outdated
Comment thread pnpm-workspace.yaml Outdated
Comment thread pnpm-workspace.yaml Outdated
Comment thread pnpm-lock.yaml Outdated
Comment thread pnpm-lock.yaml Outdated
Comment thread pnpm-lock.yaml Outdated
Copilot AI review requested due to automatic review settings June 19, 2026 13:39
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

Comment thread pnpm-lock.yaml
Comment on lines 7 to 10
overrides:
'@babel/core@<=7.29.0': ^7.29.1
picomatch: ^4.0.4
vite@<7.3.2: 7.3.2
fast-uri@<=3.1.0: '>=3.1.1'
fast-uri@<=3.1.1: '>=3.1.2'
hono@<4.12.18: '>=4.12.18'
ip-address@<=10.1.0: '>=10.1.1'
hono@<4.12.16: '>=4.12.16'
brace-expansion@>=5.0.0 <5.0.6: '>=5.0.6'
esbuild@>=0.27.3 <0.28.1: ^0.28.1

@GoodDayForSurf GoodDayForSurf merged commit 0cde0e0 into DevExpress:master Jun 19, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@dxvladislavvolkov dxvladislavvolkov dxvladislavvolkov approved these changes

Assignees

@GoodDayForSurf GoodDayForSurf

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@GoodDayForSurf @dxvladislavvolkov