Commit d8dca07
fix(vscode): version-scope all overrides per Copilot review feedback
Address all 4 review comments on PR #414:
- Convert previously-unscoped overrides (serialize-javascript, flatted,
markdown-it, qs, underscore, diff) to version-scoped form. Each now only
applies to versions in the vulnerable range, eliminating the risk of
forcing major-version upgrades on out-of-scope consumers.
- Bump brace-expansion v1 override target from ^1.1.13 -> ^1.1.14 (and
trigger range to <1.1.14) so the override deterministically lands on
the version the lockfile already resolved.
- Bump minimatch v3 override target from ^3.1.4 -> ^3.1.5 (and trigger
range to <3.1.5) for the same deterministic-resolution reason.
- Replace blanket diff ^8.0.3 with two scoped ranges:
diff@>=5.0.0 <5.2.2 -> ^5.2.2 (patches v5 line in place)
diff@>=6.0.0 <8.0.3 -> ^8.0.3 (patches v6/v7 line, matches what
mocha 11.7.5 already pulls in)
Validation:
- npm audit reports 0 vulnerabilities
- All 14 originally-flagged alerts remain resolved
- npm run compile, lint, pack all clean
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent dc3052e commit d8dca07
2 files changed
Lines changed: 84 additions & 83 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
92 | 92 | | |
93 | 93 | | |
94 | 94 | | |
95 | | - | |
96 | | - | |
97 | | - | |
98 | | - | |
99 | | - | |
100 | | - | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
101 | 102 | | |
102 | 103 | | |
103 | | - | |
| 104 | + | |
104 | 105 | | |
105 | | - | |
| 106 | + | |
106 | 107 | | |
107 | 108 | | |
108 | 109 | | |
| |||
0 commit comments