Skip to content

chore: mitigates vulnerabilities#1803

Merged
pedrolamas merged 2 commits intofluidd-core:developfrom
pedrolamas:pedrolamas/mitigate-vulnerabilities
Mar 19, 2026
Merged

chore: mitigates vulnerabilities#1803
pedrolamas merged 2 commits intofluidd-core:developfrom
pedrolamas:pedrolamas/mitigate-vulnerabilities

Conversation

@pedrolamas
Copy link
Member

@pedrolamas pedrolamas commented Mar 18, 2026

Attempt to mitigate some vulnerabilities via package overrides.

@pedrolamas
chore: mitigates vulnerabilities
49330d7 
Signed-off-by: Pedro Lamas <pedrolamas@gmail.com>
@pedrolamas pedrolamas added this to the 1.36.3 milestone Mar 18, 2026
@pedrolamas pedrolamas requested a review from Copilot March 18, 2026 17:18
@pedrolamas pedrolamas added the Code - Deps Pull requests that update a dependency file label Mar 18, 2026
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s release tooling and dependency set in package.json / package-lock.json, aligning lockfile resolution with new dev tooling + security/override adjustments.

Changes:

  • Switch release script from standard-version to commit-and-tag-version (and update dev dependency set accordingly).
  • Upgrade jsdom to ^29.0.0 and refresh lockfile dependency graph.
  • Expand npm overrides (notably forcing glob@^13, plus overrides for monaco-editordompurify and serialize-javascript).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File Description
package.json Swaps release tool, bumps jsdom, and updates npm overrides.
package-lock.json Lockfile regen reflecting new release tool, jsdom bump, and override-driven dependency resolution.

@pedrolamas
chore: update commit guidelines link in CHANGELOG.md
6bf3682 
Signed-off-by: Pedro Lamas <pedrolamas@gmail.com>
@pedrolamas pedrolamas merged commit fa9ecc1 into fluidd-core:develop Mar 19, 2026
4 checks passed
@pedrolamas pedrolamas deleted the pedrolamas/mitigate-vulnerabilities branch March 19, 2026 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Code - Deps Pull requests that update a dependency file

Projects

None yet

Milestone

1.36.3

Development

Successfully merging this pull request may close these issues.

2 participants

@pedrolamas