Run npm audit fix to address non-breaking security vulnerabilities#25899
Draft
Run npm audit fix to address non-breaking security vulnerabilities#25899
Conversation
Agent-Logs-Url: https://github.com/microsoft/vscode-python/sessions/464d2b93-3e91-4a8d-a7e8-952d31b3efed Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
rzhao271
April 6, 2026 18:50
View session
rzhao271
approved these changes
Apr 6, 2026
lramos15
previously approved these changes
Apr 6, 2026
|
Requires fixing vscode/test. |
|
I closed microsoft/vscode-test#325 since merging it just to fix Windows tests with spaces might regress an earlier issue. |
|
@copilot Modify Windows tests to not use paths with spaces |
…ssues Agent-Logs-Url: https://github.com/microsoft/vscode-python/sessions/ccac6482-1eac-4b3b-96a4-08d7ea54b17f Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ran
npm audit fix(no force flag, no overrides) to address security vulnerabilities that can be fixed without breaking changes.Changes
package-lock.jsonwith fixed dependency versionsRemaining vulnerabilities
The following vulnerabilities require
--force(breaking changes) and were not addressed per task requirements:node-polyfill-webpack-pluginto v4.1.0 — breaking change)downloadto v3.3.0 — breaking change)@typescript-eslint/parserto v8.58.0 — breaking change)copy-webpack-pluginto v14.0.0 — breaking change)