Dependency updates#1497
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
Updates dependency versions across the SDK’s runtime and tooling stack (docs build, bundling, formatting, and test runners) by bumping package.json entries and refreshing the pnpm-lock.yaml resolution graph.
Changes:
- Bump runtime dependencies:
axiosto1.18.0,bignumber.jsto^11.1.4. - Bump dev/tooling dependencies: Astro/Starlight, Rollup plugins, Vitest, Playwright, Prettier, and TypeScript ESLint.
- Remove
overridesfrompackage.jsonand regenerate lockfile accordingly.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates direct dependency version ranges and removes overrides. |
| pnpm-lock.yaml | Regenerates dependency graph to reflect updated versions/resolutions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9d603df2f8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "smol-toml": "^1.6.1", | ||
| "uint8array-extras": "^1.5.0" | ||
| }, | ||
| "overrides": { |
There was a problem hiding this comment.
Yes, should be good. There are newer versions of these packages that are safe, so no need to pin to older versions anymore. And now that we have 7 day delay installing any new packages, we should be OK.
No description provided.