Skip to content

chore: update dependencies and fix vulnerabilities#201

Merged
pviti merged 6 commits intomainfrom
update-dependencies
Mar 31, 2026
Merged

chore: update dependencies and fix vulnerabilities#201
pviti merged 6 commits intomainfrom
update-dependencies

Conversation

@pviti
Copy link
Copy Markdown
Member

@pviti pviti commented Mar 31, 2026

No description provided.

@pviti pviti requested a review from Copilot March 31, 2026 16:57
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency versions and introduces pnpm overrides intended to remediate known vulnerabilities in transitive packages for this CLI project.

Changes:

  • Added pnpm overrides to force patched versions of vulnerable transitive dependencies (brace-expansion, handlebars, serialize-javascript).
  • Bumped a few direct dependencies/devDependencies (notably @biomejs/biome and several @oclif/* plugins).
  • Regenerated pnpm-lock.yaml to reflect the new resolutions.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
pnpm-workspace.yaml Introduces pnpm overrides used to enforce patched transitive dependency versions.
pnpm-lock.yaml Lockfile regeneration reflecting overrides and dependency version bumps.
package.json Updates a small set of dependency/devDependency versions.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pnpm-workspace.yaml Outdated
Comment thread pnpm-workspace.yaml Outdated
pviti and others added 2 commits March 31, 2026 19:10
@pviti
Update pnpm-workspace.yaml
44e8239 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@pviti
chore: move pnpm overrides from pnpm-workspace.yaml to package.json
83180e7 
Agent-Logs-Url: https://github.com/commercelayer/commercelayer-cli/sessions/daac2be5-92fe-45e3-8d9c-12d40bea520f

Co-authored-by: pviti <57948342+pviti@users.noreply.github.com>
@pviti pviti requested a review from Copilot March 31, 2026 17:21
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pnpm-lock.yaml
Comment thread pnpm-lock.yaml
Comment thread package.json
@pviti pviti requested review from malessani and removed request for malessani March 31, 2026 17:28
@pviti pviti merged commit 28a8dbb into main Mar 31, 2026
3 checks passed
@pviti
Copy link
Copy Markdown
Member Author

pviti commented Mar 31, 2026

🎉 This PR is included in version 6.9.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@pviti
Copy link
Copy Markdown
Member Author

pviti commented Apr 20, 2026

🎉 This PR is included in version 7.0.0-oclif4.7 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

Copilot code review Copilot Copilot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

released on @latest released on @oclif4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pviti