Skip to content

Upgrade dependencies to latest versions, fix security vulnerabilities #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 31, 2025
Merged

Upgrade dependencies to latest versions, fix security vulnerabilities #166

merged 2 commits into from
Oct 31, 2025

Conversation

Copy link
Contributor

Copilot AI commented Oct 31, 2025
edited
Loading

Upgrades all project dependencies to latest compatible versions, addressing critical security vulnerabilities in vitest (RCE) and hono (improper authorization).

Changes

Root Dependencies

  • ESLint ecosystem: 9.17.0 → 9.39.0
  • TypeScript tooling: 5.7.2 → 5.9.3, ESLint plugin 8.18.0 → 8.46.2
  • Prettier: 3.4.2 → 3.6.2, organize-imports plugin 4.1.0 → 4.3.0
  • Vitest: 2.1.8 → 3.2.4 (🔒 fixes CVE RCE vulnerability)
  • Build tools: tsup 8.0.2 → 8.5.0, lint-staged 15.2.11 → 16.2.6
  • Types: @types/node 22.10.2 → 24.9.2, eslint-config-prettier 9.1.0 → 10.1.8

Workspace Packages

cloudflare-worker:

  • hono: 4.6.14 → 4.10.4 (🔒 fixes authorization vulnerability)
  • wrangler: 3.95.0 → 4.45.3
  • esbuild: 0.24.0 → 0.25.11
  • @cloudflare/vitest-pool-workers: 0.5.36 → 0.10.3
  • @cloudflare/workers-types: 4.20241205.0 → 4.20251014.0

core:

  • leetcode-query: 1.2.3 → 2.0.1
  • @cloudflare/workers-types: 4.20241205.0 → 4.20251014.0
  • tsup: 8.0.2 → 8.5.0

Notes

Vitest upgraded to 3.2.4 rather than 4.x due to @cloudflare/vitest-pool-workers peer dependency constraint (supports 2.0.x - 3.2.x only).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • leetcode.cn
    • Triggering command: node (vitest 2) (dns block)
    • Triggering command: node (vitest 1) (dns block)
  • leetcode.com
    • Triggering command: node (vitest 2) (dns block)
    • Triggering command: node (vitest 1) (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Upgrade the dependencies to the latest version and ensure that the new version works correctly.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@changeset-bot
Copy link

changeset-bot bot commented Oct 31, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 1c7376a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copilot AI changed the title [WIP] Update dependencies to latest version and validate functionality Upgrade dependencies to latest versions, fix security vulnerabilities Oct 31, 2025
Copilot AI requested a review from JacobLinCool October 31, 2025 21:33
Copilot finished work on behalf of JacobLinCool October 31, 2025 21:33
@JacobLinCool JacobLinCool marked this pull request as ready for review October 31, 2025 22:02
@JacobLinCool JacobLinCool merged commit 355026c into main Oct 31, 2025
3 checks passed
@JacobLinCool JacobLinCool deleted the copilot/upgrade-dependencies-to-latest branch October 31, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JacobLinCool JacobLinCool Awaiting requested review from JacobLinCool

Assignees

@JacobLinCool JacobLinCool

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JacobLinCool