fix: update backend and frontend dependencies for security and performance improvements#195
Merged
Conversation
chore: Dev to Main merge
chore: Dev to Main merge
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates backend (Python/uv) and frontend (npm) dependencies to newer versions, aiming to address security, compatibility, and performance concerns across the repo.
Changes:
- Bumped several Python dependencies (e.g.,
aiohttp,azure-identity,cryptography,python-multipart,requests) and refresheduv.lockfiles accordingly. - Updated frontend dependencies (notably
axios,js-yaml, andvite) and refreshedpackage-lock.json. - Added additional npm
overridesentries to enforce minimum versions for transitive dependencies.
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/processor/uv.lock | Refreshes Python lockfile with updated pinned/override package versions. |
| src/processor/pyproject.toml | Updates pinned deps and expands tool.uv.override-dependencies. |
| src/backend-api/uv.lock | Refreshes backend API lockfile for updated aiohttp, azure-identity, cryptography, and pytest. |
| src/backend-api/pyproject.toml | Updates pinned deps and dev dependency minimums to match the lockfile. |
| src/frontend/package.json | Updates direct deps and adds new npm overrides constraints. |
| src/frontend/package-lock.json | Updates resolved dependency graph to match new frontend versions and overrides. |
Files not reviewed (1)
- src/frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Roopan-Microsoft
approved these changes
Apr 21, 2026
|
🎉 This PR is included in version 1.1.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request updates several dependencies across both the backend and frontend, focusing primarily on keeping the project up to date with the latest package versions for security, compatibility, and performance improvements. The most significant changes are grouped below by backend and frontend updates.
Does this introduce a breaking change?