Skip to content

chore: update project dependencies#339

Merged
spboyer merged 1 commit into
mainfrom
spboyer-dependency-updates
Jun 23, 2026
Merged

chore: update project dependencies#339
spboyer merged 1 commit into
mainfrom
spboyer-dependency-updates

Conversation

@spboyer

@spboyer spboyer commented Jun 22, 2026

Copy link
Copy Markdown
Member

Summary

  • Refresh npm dependency lockfiles for site and web.
  • Update web TypeScript to ~6.0.3.
  • Add a targeted site override for esbuild@0.28.1 to resolve the low-severity Dependabot alert while keeping Astro on 6.x because @astrojs/starlight@0.40.0 still peers on astro@^6.4.5.
  • Add Dependabot configuration for Go modules, npm workspaces, and GitHub Actions.

Notes from the audit: github.com/github/copilot-sdk/go is already current at v1.0.2, and the direct Go dependency set did not need updates.

Validation

  • go test ./...
  • cd site && npm run build
  • cd site && npm audit --audit-level=low
  • cd web && npm run build
  • cd web && npm audit --audit-level=low

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 22, 2026 15:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refreshes the site/ and web/ npm dependency lockfiles, updates the web TypeScript toolchain, and adds a repo-level Dependabot configuration to keep Go, npm, and GitHub Actions dependencies regularly updated.

Changes:

  • Bump web dev dependency TypeScript from ~5.8.3 to ~6.0.3 and regenerate web/package-lock.json.
  • Add an npm overrides entry in site/package.json to pin esbuild@0.28.1 and regenerate site/package-lock.json.
  • Introduce .github/dependabot.yml to enable weekly updates for Go modules (root + /.adc-sdk), npm (/site, /web), and GitHub Actions.
Show a summary per file
File Description
web/package.json Updates the TypeScript devDependency to ~6.0.3.
web/package-lock.json Regenerated lockfile to reflect updated TypeScript and transitive dependency versions.
site/package.json Adds an overrides pin for esbuild@0.28.1.
site/package-lock.json Regenerated lockfile to apply the esbuild override and updated transitive packages.
.github/dependabot.yml Adds weekly Dependabot update configuration for Go, npm, and GitHub Actions.

Copilot's findings

Files not reviewed (2)
  • site/package-lock.json: Generated file
  • web/package-lock.json: Generated file
  • Files reviewed: 3/5 changed files
  • Comments generated: 0

@spboyer spboyer merged commit 92c2868 into main Jun 23, 2026
10 checks passed
@spboyer spboyer deleted the spboyer-dependency-updates branch June 23, 2026 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants