Skip to content

fix: resolve dependabot alerts #450

Open
Shubhangi-Microsoft wants to merge 1 commit into
devfrom
psl-dependabot-fix
Open

fix: resolve dependabot alerts #450
Shubhangi-Microsoft wants to merge 1 commit into
devfrom
psl-dependabot-fix

Conversation

@Shubhangi-Microsoft

@Shubhangi-Microsoft Shubhangi-Microsoft commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

This PR resolves Dependabot alert by forcing the transitive dependency http-proxy-middleware (via react-scripts → webpack-dev-server) to the patched 2.0.10 using an overrides entry in package.json, and regenerating package-lock.json accordingly. It is intentionally an override/pin of a transitive package, not a direct dependencies change.

Dependency update:

  • Upgraded http-proxy-middleware from version 2.0.9 to 2.0.10 in both package.json and package-lock.json to keep dependencies up to date. [1] [2]This pull request updates the http-proxy-middleware dependency to version 2.0.10 in both package.json and package-lock.json. This ensures the project uses the latest compatible version of the package.

Dependency update:

Purpose

  • ...

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request aims to resolve a Dependabot alert by updating the resolved version of http-proxy-middleware used by the src/App React app.

Changes:

  • Added an overrides entry in src/App/package.json to force http-proxy-middleware to 2.0.10.
  • Updated the src/App/package-lock.json entry for node_modules/http-proxy-middleware to 2.0.10 (resolved URL + integrity).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/App/package.json Pins http-proxy-middleware via overrides to address the alert (note: not a direct dependency update).
src/App/package-lock.json Updates the lockfile’s resolved http-proxy-middleware package metadata to 2.0.10.
Files not reviewed (1)
  • src/App/package-lock.json: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/App/package.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants