Skip to content

chore: update npm dependencies to latest versions#68

Merged
dfuchss merged 1 commit into
mainfrom
copilot/update-dependencies
May 6, 2026
Merged

chore: update npm dependencies to latest versions#68
dfuchss merged 1 commit into
mainfrom
copilot/update-dependencies

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 6, 2026

Summary

Updates all npm dependencies to their latest versions and fixes security vulnerabilities where possible.

Dependency Changes

Runtime dependencies:

Package Before After
@headlessui/react ^2.2.9 ^2.2.10
fast-xml-parser ^5.4.2 ^5.7.3
next ^16.1.6 ^16.2.4
react ^19.2.3 ^19.2.5
react-dom ^19.2.4 ^19.2.5
react-resizable-panels ^4.7.1 ^4.11.0
uuid ^13.0.0 ^14.0.0

Dev dependencies:

Package Before After
@tailwindcss/postcss ^4.2.1 ^4.2.4
eslint ^10.1.0 ^10.3.0
eslint-config-next 16.2.3 16.2.4
tailwindcss ^4.2.2 ^4.2.4

Security

Ran npm audit fix to fix 4 of the 6 reported vulnerabilities (brace-expansion, flatted, minimatch, picomatch).

The remaining 2 moderate-severity issues are a postcss XSS vulnerability inside next's bundled internals — fixing it requires downgrading next to v9.3.3, which is not acceptable. This is a known upstream issue.

Copilot finished work on behalf of dfuchss May 6, 2026 12:02
Copilot AI requested a review from dfuchss May 6, 2026 12:02
@dfuchss dfuchss marked this pull request as ready for review May 6, 2026 12:08
@dfuchss dfuchss requested a review from a team as a code owner May 6, 2026 12:08
Copilot AI review requested due to automatic review settings May 6, 2026 12:08
@dfuchss dfuchss merged commit e0cf29b into main May 6, 2026
4 checks passed
@dfuchss dfuchss deleted the copilot/update-dependencies branch May 6, 2026 12:08
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s npm dependencies (runtime + dev) to newer versions, with the intent of reducing known vulnerabilities and keeping the Next.js/React toolchain current.

Changes:

  • Bumped core runtime dependencies (Next.js, React, fast-xml-parser, react-resizable-panels, uuid, Headless UI).
  • Bumped key dev/tooling dependencies (ESLint, eslint-config-next, Tailwind-related packages).
  • Refreshed package-lock.json to reflect the updated dependency graph (including transitive vulnerability fixes).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates declared runtime/dev dependency versions.
package-lock.json Updates resolved dependency tree and transitive versions to match the bumps and audit fixes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json
Comment on lines +31 to +34
"eslint": "^10.3.0",
"eslint-config-next": "16.2.4",
"postcss": "^8",
"tailwindcss": "^4.2.2",
"tailwindcss": "^4.2.4",
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@dfuchss dfuchss dfuchss approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@dfuchss dfuchss

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dfuchss