Skip to content

[Snyk] Security upgrade vscode-languageclient from 9.0.1 to 10.0.0#1784

Open
david-driscoll wants to merge 1 commit into
masterfrom
snyk-fix-4e18ada1b790b6ada75a8f09d6204bfb
Open

[Snyk] Security upgrade vscode-languageclient from 9.0.1 to 10.0.0#1784
david-driscoll wants to merge 1 commit into
masterfrom
snyk-fix-4e18ada1b790b6ada75a8f09d6204bfb

Conversation

@david-driscoll

Copy link
Copy Markdown
Member

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • vscode-testextension/package.json
  • vscode-testextension/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue
high severity Inefficient Algorithmic Complexity
SNYK-JS-BRACEEXPANSION-17706650

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

…-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-17706650
@david-driscoll

Copy link
Copy Markdown
Member Author

Merge Risk: High

This is a major version upgrade from 9.x to 10.x which introduces significant and mandatory breaking changes for developers. The new version aligns with Language Server Protocol (LSP) version 3.18.

Key Breaking Changes:

  • Build System & Module Imports: The package and its dependencies have migrated to use the exports field in package.json. This is a critical change that will likely require updating your tsconfig.json to use a moduleResolution of node16 or similar to handle the new module resolution rules. [13]
  • API Changes: There are breaking API changes, including the replacement of vscode.OutputChannel with vscode.LogOutputChannel. [14] Code that uses the output channel for logging will need to be updated.
  • Environment Requirements: This version introduces stricter environment dependencies. The package now requires a minimum VS Code engine version of ^1.91.0 and has been updated to depend on newer versions of Node.js. [13, 17]

Recommendation:
This upgrade requires careful migration. Developers must review their build configurations (tsconfig.json), update their code to accommodate API changes like the new LogOutputChannel, and ensure their development environment meets the new VS Code and Node.js version requirements. A thorough review of the official changelog is strongly recommended before upgrading.

Source: vscode-languageserver-node Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants