Skip to content

Security: Fix all package vulnerabilities for component governance compliance#65

Merged
bghcore merged 10 commits intomicrosoft:mainfrom
bghcore:comp-gov
Jan 23, 2026
Merged

Security: Fix all package vulnerabilities for component governance compliance#65
bghcore merged 10 commits intomicrosoft:mainfrom
bghcore:comp-gov

Conversation

@bghcore
Copy link
Contributor

@bghcore bghcore commented Jan 22, 2026
edited
Loading

  • Fixed all npm package vulnerabilities (0 remaining)
  • Upgraded lodash and babel for security
  • Updated package-lock lockfileVersion to 3
  • Simplified build system (removed vite, streamlined to tsc-only build)
  • Removed unnecessary build infrastructure and scripts
  • Suppressed console noise in FramedlessClient tests
  • Reverted to simpler CommonJS output format

@bghcore bghcore requested a review from Copilot January 23, 2026 00:29
Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the package metadata and introduces npm overrides to address Component Governance findings for lodash and Babel-related packages.

Changes:

  • Bump package version from 0.1.12-0 (pre-release) to 0.1.12.
  • Add an overrides block to enforce specific versions for lodash, @babel/core, and @babel/runtime-corejs3.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

bghcore and others added 7 commits January 22, 2026 16:37
@bghcore
change log
4fad1fb
@bghcore
Update package.json
4c3b902 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@bghcore
lockfileVersion
1175f5a
@bghcore
Merge branch 'comp-gov' of https://github.com/bghcore/omnichannel-ams…
dd10e3a 
…client into comp-gov
@bghcore
fix all vulnerabililties
5ac7415
@bghcore @claude
Suppress console noise in FramedlessClient tests
3a7aea7 
Added beforeEach/afterEach hooks to mock console.error and console.log in FramedlessClient tests to suppress expected warning messages:
- Console.error about FramedMode in browser environment (intentional warning)
- Console.log from error handling during fetch operations in test environment

These messages were cluttering test output but not indicating actual test failures.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@bghcore @claude
Update CHANGELOG for v0.1.12
c1352c8 
Added Fixed section documenting the suppression of console noise in FramedlessClient tests.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@bghcore bghcore changed the title Component Governance fixes for lodash and babel packages Security: Fix all package vulnerabilities for component governance compliance Jan 23, 2026
MSSunnyNayak
MSSunnyNayak reviewed Jan 23, 2026
View reviewed changes
@bghcore bghcore merged commit 9787953 into microsoft:main Jan 23, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ca1eb ca1eb ca1eb approved these changes

@MSSunnyNayak MSSunnyNayak MSSunnyNayak approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bghcore @ca1eb @MSSunnyNayak