- Read docs/development.md "Tracking Upstream Dependencies" first
- Dependencies are split:
dependencies+devDependenciesfor build,optionalDependenciesfor lint/test - Remember to use
npm install --include=optionalsince we also need to update lint and test dependencies - The
.npmrcuses an Azure Artifacts mirror; read its comments for authentication instructions - After updating, verify:
npm run compile(build),npm run lint(lint),npm audit(security) - The ESLint packages (
eslint,@eslint/js,typescript-eslint,eslint-config-prettier) should be updated together - Fix any new lint warnings from updates to ESLint
- Use
npm auditto identify vulnerabilities - Do not use
npm audit fix --forcewhen a vulnerability is in a transitive dependency, instead add anoverridesentry