Skip to content

Security: Fix all package vulnerabilities for component governance compliance#65

Merged
bghcore merged 10 commits intomicrosoft:mainfrom
bghcore:comp-gov
Jan 23, 2026
Merged

Security: Fix all package vulnerabilities for component governance compliance#65
bghcore merged 10 commits intomicrosoft:mainfrom
bghcore:comp-gov

Conversation

@bghcore
Copy link
Contributor

@bghcore bghcore commented Jan 22, 2026

  • Fixed all npm package vulnerabilities (0 remaining)
  • Upgraded lodash and babel for security
  • Updated package-lock lockfileVersion to 3
  • Simplified build system (removed vite, streamlined to tsc-only build)
  • Removed unnecessary build infrastructure and scripts
  • Suppressed console noise in FramedlessClient tests
  • Reverted to simpler CommonJS output format

Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the package metadata and introduces npm overrides to address Component Governance findings for lodash and Babel-related packages.

Changes:

  • Bump package version from 0.1.12-0 (pre-release) to 0.1.12.
  • Add an overrides block to enforce specific versions for lodash, @babel/core, and @babel/runtime-corejs3.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

bghcore and others added 7 commits January 22, 2026 16:37
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Added beforeEach/afterEach hooks to mock console.error and console.log in FramedlessClient tests to suppress expected warning messages:
- Console.error about FramedMode in browser environment (intentional warning)
- Console.log from error handling during fetch operations in test environment

These messages were cluttering test output but not indicating actual test failures.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added Fixed section documenting the suppression of console noise in FramedlessClient tests.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@bghcore bghcore changed the title Component Governance fixes for lodash and babel packages Security: Fix all package vulnerabilities for component governance compliance Jan 23, 2026
@bghcore bghcore merged commit 9787953 into microsoft:main Jan 23, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants