chore: upgrade all dependencies with vulnerabilities#5183
Merged
timotheeguerin merged 3 commits intomainfrom Apr 9, 2026
Merged
chore: upgrade all dependencies with vulnerabilities#5183timotheeguerin merged 3 commits intomainfrom
timotheeguerin merged 3 commits intomainfrom
Conversation
…rush changelogs Agent-Logs-Url: https://github.com/Azure/autorest/sessions/1c294d8f-ce05-4ec6-b67d-019c2b83fdfc Co-authored-by: timotheeguerin <1031227+timotheeguerin@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
timotheeguerin
April 9, 2026 02:51
View session
|
You may test this build by running Add the following CLI flags
Or with all autorest --version:https://tinyurl.com/2c2et3nx --use:https://tinyurl.com/2adj27yvor use the following in your autorest configuration: # For changes to autorest core
version: "https://tinyurl.com/2c2et3nx"
# For changes to modelerfour
use-extension:
"@autorest/modelerfour": "https://tinyurl.com/2adj27yv"If this build is good for you, give this comment a thumbs up. (👍) And you should run `autorest --reset` again once you're finished testing to remove it. |
Agent-Logs-Url: https://github.com/Azure/autorest/sessions/09b152b4-9085-47dc-810c-1c387304e81c Co-authored-by: timotheeguerin <1031227+timotheeguerin@users.noreply.github.com>
Member
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
|
@copilot the test are failing in openapi converter |
…sions Agent-Logs-Url: https://github.com/Azure/autorest/sessions/8c4d4647-3836-4fc0-a85f-c7dc07c08002 Co-authored-by: timotheeguerin <1031227+timotheeguerin@users.noreply.github.com>
Contributor
Author
The issue was that Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
You may test this build by running Add the following CLI flags
Or with all autorest --version:https://tinyurl.com/2bztwegr --use:https://tinyurl.com/265zrh64or use the following in your autorest configuration: # For changes to autorest core
version: "https://tinyurl.com/2bztwegr"
# For changes to modelerfour
use-extension:
"@autorest/modelerfour": "https://tinyurl.com/265zrh64"If this build is good for you, give this comment a thumbs up. (👍) And you should run `autorest --reset` again once you're finished testing to remove it. |
|
You may test this build by running Add the following CLI flags
Or with all autorest --version:https://tinyurl.com/28caxvca --use:https://tinyurl.com/2dbufl9gor use the following in your autorest configuration: # For changes to autorest core
version: "https://tinyurl.com/28caxvca"
# For changes to modelerfour
use-extension:
"@autorest/modelerfour": "https://tinyurl.com/2dbufl9g"If this build is good for you, give this comment a thumbs up. (👍) And you should run `autorest --reset` again once you're finished testing to remove it. |
timotheeguerin
deleted the
copilot/upgrade-dependencies-with-vulnerabilities
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrades direct dependencies in package.json files to fix transitive vulnerability issues, and refreshes the lockfile via conservative
rush update.Changes Made
copy-webpack-plugin^13.0.0→^14.0.0inpackages/apps/autorest/package.jsonandpackages/extensions/core/package.json(fixes serialize-javascript RCE vulnerability)node-gyp^10.0.1→^11.0.0inpackages/tools/compare/package.json(fixes tar path traversal vulnerabilities)pnpm-lock.yamlusing conservativerush update(not--full) to preserve TypeSpec dependency versions and avoid breaking openapi-to-typespec testsVulnerabilities Fixed
Testing