Skip to content

Apply npm audit fixes to all lockfile-managed dependencies#481

Merged
rzhao271 merged 2 commits into
mainfrom
copilot/run-npm-audit-fix-in-directories
Jun 12, 2026
Merged

Apply npm audit fixes to all lockfile-managed dependencies#481
rzhao271 merged 2 commits into
mainfrom
copilot/run-npm-audit-fix-in-directories

Conversation

Copilot AI commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR applies npm audit fix across every directory containing an npm lockfile, without using force flags or overrides. In this repository, only the root lockfile was in scope, so the update is isolated to dependency resolution in package-lock.json.

  • Scope

    • Detected lockfiles in:
      • package-lock.json (repo root)
    • No additional package manager lockfiles were present.

  • Dependency resolution updates

    • Refreshed vulnerable transitive packages in package-lock.json.
    • Key security-related updates include @xmldom/xmldom via transitive dependency upgrades (e.g., svg2ttf chain).
    • No source files or package manifests were modified.

  • Resulting lockfile delta

    • Updated resolved versions/integrity hashes for affected transitive deps.
    • Maintains existing dependency graph shape while removing known vulnerable selections.
# applied in each lockfile directory (root only in this repo)
npm audit fix
Original prompt

Run npm audit fix in all directories with lockfiles. No force flags. No overrides. Create a PR.

Created from VS Code.

Copilot AI changed the title [WIP] Run npm audit fix to resolve vulnerabilities in lockfiles Apply npm audit fixes to all lockfile-managed dependencies Jun 11, 2026
Copilot AI requested a review from rzhao271 June 11, 2026 23:48
@rzhao271 rzhao271 added this to the 1.125.0 milestone Jun 11, 2026
@rzhao271 rzhao271 marked this pull request as ready for review June 11, 2026 23:51
@rzhao271 rzhao271 merged commit 6632224 into main Jun 12, 2026
6 checks passed
@rzhao271 rzhao271 deleted the copilot/run-npm-audit-fix-in-directories branch June 12, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmitrivMS dmitrivMS dmitrivMS approved these changes

+1 more reviewer

@rzhao271 rzhao271 rzhao271 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rzhao271 rzhao271

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

1.125.0

Development

Successfully merging this pull request may close these issues.

3 participants

@rzhao271 @dmitrivMS