Skip to content

Update dependencies #4169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 22, 2025
Merged

Update dependencies #4169

merged 2 commits into from
Oct 22, 2025
+39 −128

Conversation

@d10c
Copy link
Contributor

@d10c d10c commented Oct 21, 2025
edited
Loading

There are still a few deprecation warnings remaining (@humanwhocodes/config-array@0.13.0, vscode-extension-telemetry@0.1.7, @humanwhocodes/object-schema@2.0.3, glob@7.2.3, eslint@8.57.1), but updating those packages is more involved so I'm leaving them out of this PR.

d10c added 2 commits October 21, 2025 14:48
@d10c
Update dev-dependency patch-package to 8.0.1
9e9c606 
Transitive dependency tmp 0.0.33 is vulnerable and introduced via
patch-package 8.0.0 -> tmp 0.0.33

patched version: tmp 0.2.4 used by patch-package 8.0.1
@d10c
npm audit fix and remove deprecated @types dependencies.
ddb1a50
@d10c d10c marked this pull request as ready for review October 21, 2025 15:06
@d10c d10c requested a review from a team as a code owner October 21, 2025 15:06
Copilot AI review requested due to automatic review settings October 21, 2025 15:06
Copilot AI reviewed Oct 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates dependencies to address security and deprecation concerns. It upgrades patch-package to resolve a Dependabot security alert and removes deprecated @types packages that are no longer needed.

Key changes:

  • Updated patch-package from 8.0.0 to 8.0.1 to resolve security alert
  • Removed deprecated @types/del and @types/gulp-replace dependencies
Files not reviewed (1)
  • extensions/ql-vscode/package-lock.json: Language not supported

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@d10c d10c requested a review from robertbrignull October 21, 2025 15:08
@d10c
Copy link
Contributor Author

d10c commented Oct 22, 2025

I'm a bit concerned that the expect(ext!.isActive).toBeTruthy(); part of launching with a minimal workspace › should activate the extension when a .ql file is opened is failing repeatedly on Windows, so I'll try to bisect that before merging.

@d10c d10c merged commit 85d3eca into github:main Oct 22, 2025
86 of 91 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@robertbrignull robertbrignull robertbrignull approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@d10c @robertbrignull