Consolidate compatible Dependabot dependency updates#703
Draft
torosent wants to merge 5 commits into
Draft
Conversation
Consolidates the following open dependabot PRs into a single update, bumping each package to the latest compatible version (often newer than what dependabot proposed). Direct dependencies (package.json): - @azure/functions: ^4.0.0 -> ^4.14.0 (root, samples-ts, test-app) and ^4.7.0 -> ^4.14.0 (samples-js) [supersedes #680, #681, #684, #685] - axios: ^1.11.0 -> ^1.16.1 (root) [supersedes #674] - axios: ^1.12.0 -> ^1.16.1 (samples-js, samples-ts) [supersedes #673, #692] - lodash: ^4.17.15 -> ^4.18.1 (root) [matches #691] Transitive dependencies (package-lock.json): - picomatch: 2.3.1 -> 2.3.2 [supersedes #687, #688, #689] - flatted: 3.2.4 -> 3.4.2 [matches #686] - minimatch: 3.1.2 -> 3.1.5 [supersedes #683] - qs: 6.14.1 -> 6.15.2 [supersedes #676] - follow-redirects: 1.15.6 -> 1.16.0 (samples-ts) [matches #693] - undici: removed as transitive (replaced by @azure/functions bump) Verified: lint passes, build succeeds, all 237 unit tests pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ed-deps-update-may2026 # Conflicts: # package-lock.json
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
torosent
changed the title
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates the still-relevant open Dependabot updates against current
v3.xinto one draft PR:axios:1.16.1->1.17.0in the root package,samples-js, andsamples-tsuuid:9.0.1->11.1.1in the root packageCompatibility audit
axios@1.17.0is the latest published version and satisfies the existing semver usage.uuid@14.0.0is the current latest release, butuuid@12+is ESM-only. This repo builds CommonJS (tsconfig.jsonuses"module": "commonjs") and importsuuidfrom runtime source/tests, so this PR usesuuid@11.1.1, the latest compatible CommonJS-capable release.@azure/functions/undiciDependabot PRs are obsolete against currentv3.x: the base already uses@azure/functions@4.14.0and no longer resolvesundici.lodash,picomatch,flatted,minimatch, andqsDependabot PRs are already satisfied on currentv3.xlockfiles, so this PR does not carry additional changes for them.Validation
npm test(npm run build+ mocha): 237 passing, 2 pending