chore: resolve open dependabot security alerts#253
Conversation
|
Warning Review limit reached
Next review available in: 53 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Updates the Angular integration test project dependencies to address outstanding Dependabot security alerts by upgrading Angular/Vite and related tooling, plus adding targeted npm overrides.
Changes:
- Upgraded Angular dependencies from
19.2.25to20.3.25and aligned Angular-related dev tooling (@angular/compiler-cli,typescript). - Bumped Vite from
6.4.2to6.4.3(including an override) and refreshed the lockfile accordingly. - Added an override for
@babel/coreto address a transitive vulnerability.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| test/angular-integration/package.json | Updates Angular/Vite/TypeScript versions and adds @babel/core override to resolve security alerts. |
| test/angular-integration/package-lock.json | Regenerates the lockfile to reflect the dependency upgrades and new overrides. |
Files not reviewed (1)
- test/angular-integration/package-lock.json: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Address Copilot review feedback on PR #253: @openfeature/angular-sdk 1.3.1 requires @openfeature/web-sdk ^1.9.0 as a peer dependency, but package.json still allowed ^1.7.3. Bump the declared range to match and regenerate the lockfile. Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Summary
Resolved 7 open Dependabot security alerts in
test/angular-integrationby upgrading vulnerable dependencies.Dependabot Alerts Resolved
vite^6.4.3in devDependencies and overridesvite^6.4.3in devDependencies and overrides@babel/core@babel/core: ^7.29.6override (transitive via@angular/compiler-cli)@angular/core@angular/common@angular/common@angular/compilerThe Angular 19.x vulnerabilities have no patch in the 19.x line; the advisories are fixed in Angular 20.3.25+. The integration test suite has been upgraded to Angular 20 accordingly, along with compatible versions of
@openfeature/angular-sdk(1.3.1),@angular/compiler-cli,@analogjs/vitest-angular, and TypeScript (~5.8.0, required by Angular 20).All 58 integration tests pass after the upgrade.