Skip to content

chore: refresh dependencies#335

Merged
spboyer merged 2 commits into
mainfrom
spboyer/audit-dependencies
Jun 18, 2026
Merged

chore: refresh dependencies#335
spboyer merged 2 commits into
mainfrom
spboyer/audit-dependencies

Conversation

@spboyer

@spboyer spboyer commented Jun 18, 2026

Copy link
Copy Markdown
Member

Summary

  • Updates root Go dependencies, including Azure SDK packages, azd, golang.org/x packages, Goldmark, semver, compress, and related transitive pins.
  • Confirms github.com/github/copilot-sdk/go is already current at v1.0.2.
  • Refreshes Node dependencies for web and site, including lucide-react, @astrojs/starlight, sharp, and lockfile-resolved transitive updates.

Validation

  • make test
  • cd web && npm ci && npm run build
  • cd site && npm ci && npm run build
  • go run golang.org/x/vuln/cmd/govulncheck@latest -scan=module
  • cd .adc-sdk && go run golang.org/x/vuln/cmd/govulncheck@latest -scan=module
  • cd web && npm audit
  • cd site && npm audit --audit-level=moderate

Notes

  • site still reports a low-severity esbuild advisory through Astro when running full npm audit; npm’s available fix is npm audit fix --force, which would install astro@5.17.2 as a breaking downgrade, so I left that out of this dependency refresh.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 18, 2026 16:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refreshes Go and Node.js dependencies across the waza CLI (Go module) and the accompanying web/ dashboard and site/ documentation app, aligning the repo with newer upstream SDK/library releases and updated lockfile pins.

Changes:

  • Bumps root Go module dependencies (Azure SDK, azd, goldmark, golang.org/x/*, etc.) and updates go.sum accordingly.
  • Updates web/ dependencies (notably lucide-react) and refreshes web/package-lock.json transitive pins.
  • Updates site/ dependencies (@astrojs/starlight, sharp) for the docs site.
Show a summary per file
File Description
web/package.json Updates lucide-react to a newer major version.
web/package-lock.json Refreshes resolved versions/integrity hashes for updated web dependencies and transitives.
site/package.json Updates Starlight and Sharp versions for the docs site.
go.mod Updates Go dependencies and adjusts the declared Go version.
go.sum Updates module checksums for the refreshed Go dependency graph.

Copilot's findings

Files not reviewed (1)
  • web/package-lock.json: Generated file
  • Files reviewed: 3/6 changed files
  • Comments generated: 1

Comment thread go.mod
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@spboyer spboyer merged commit 310cbf5 into main Jun 18, 2026
9 checks passed
@spboyer spboyer deleted the spboyer/audit-dependencies branch June 18, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants