Skip to content

fix: dependabot package upgrades#554

Draft
Ayaz-Microsoft wants to merge 6 commits intodevfrom
feature/dependabot-package-upgrades
Draft

fix: dependabot package upgrades#554
Ayaz-Microsoft wants to merge 6 commits intodevfrom
feature/dependabot-package-upgrades

Conversation

@Ayaz-Microsoft
Copy link
Copy Markdown
Contributor

@Ayaz-Microsoft Ayaz-Microsoft commented Apr 21, 2026

Purpose

  • Current Vulnerabilities count: High-4, Moderate-23

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

@Ayaz-Microsoft
fix: resolve pydantic/pydantic-core version conflict and regenerate p…
4224fbc 
…npm lockfile

- Upgrade pydantic 2.12.5 -> 2.13.3 and pydantic-core 2.45.0 -> 2.46.3
  to fix incompatible pinned versions (pydantic 2.12.5 requires pydantic-core==2.41.5)
- Regenerate pnpm-lock.yaml to match updated package.json dependencies

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 21, 2026
edited
Loading

Coverage

Coverage Report •
FileStmtsMissCoverMissing
TOTAL120916186% 
report-only-changed-files is enabled. No files were changed during this commit :)

Tests Skipped Failures Errors Time
242 0 💤 0 ❌ 0 🔥 4.486s ⏱️

@Ayaz-Microsoft
fix: add eslint as explicit devDependency and revert @eslint/js to ^9.x
a15e189 
- Add eslint@^9.0.0 as devDependency to fix 'Cannot find module eslint' build error
- Revert @eslint/js from ^10.0.1 to ^9.39.2 for compatibility with react-scripts 5.x
- Regenerate pnpm-lock.yaml

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ayaz-Microsoft and others added 2 commits April 21, 2026 12:08
@Ayaz-Microsoft
fix: downgrade eslint to v8 for react-scripts 5.0.1 compatibility
3259305 
react-scripts 5.0.1 uses eslint-webpack-plugin@3.2.0 which passes
extensions and resolvePluginsRelativeTo options removed in eslint 9.
Using eslint 8.57.x which still supports these options.

Tested locally - build succeeds.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Ayaz-Microsoft
fix: resolve merge conflicts with dev, keep latest package versions
fa99662 
Resolved 9 conflicting files by keeping the latest version of each package:
- pydantic 2.13.3, pydantic-core 2.46.3 (from PR branch, newer)
- pillow 12.2.0 (from PR branch, newer)
- coverage 7.13.5, pytest-cov 7.1.0 (from dev, newer)
- pydantic-settings 2.13.1, starlette 1.0.0, uvicorn 0.42.0 (from dev, newer)
- Regenerated uv.lock files with uv lock
- Regenerated pnpm-lock.yaml with pnpm install

Tested locally - frontend build succeeds.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft will be requested when the pull request is marked ready for review Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft will be requested when the pull request is marked ready for review Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft will be requested when the pull request is marked ready for review Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft will be requested when the pull request is marked ready for review Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft will be requested when the pull request is marked ready for review aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft will be requested when the pull request is marked ready for review toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi will be requested when the pull request is marked ready for review nchandhi is a code owner

@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 will be requested when the pull request is marked ready for review dgp10801 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Ayaz-Microsoft