chore(deps): resolve various dependency vulnerabilities#8474
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Ruby and JavaScript dependencies (and associated lockfiles) to address reported security vulnerabilities across the main app, client bundle, and Playwright test workspace.
Changes:
- Bump Ruby gems to patched versions (e.g.,
jwt,nokogiri,faraday,concurrent-ruby) and tighten constraints where applicable. - Update client dependencies and lockfile entries (e.g.,
react-router-dom,webpack-dev-server, and transitive updates like@remix-run/router/launch-editor). - Ensure the tests workspace resolves
istanbul-lib-processinfoto3.0.1viapackage.jsonandyarn.lockupdates.
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
tests/yarn.lock |
Updates istanbul-lib-processinfo lock entry to 3.0.1 and removes now-unneeded uuid lock entry. |
tests/package.json |
Adds istanbul-lib-processinfo and a resolution to enforce the patched version in the tests workspace. |
Gemfile.lock |
Bumps multiple gems to patched versions and reflects updated dependency constraints. |
Gemfile |
Pins jwt to ~> 2.10.3 and raises minimum nokogiri version to >= 1.19.4. |
client/yarn.lock |
Updates lockfile entries for react-router-dom/react-router/@remix-run/router, webpack-dev-server, and launch-editor. |
client/package.json |
Bumps react-router-dom and webpack-dev-server versions to patched releases. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.