[release/8.0] Update npm dependencies#67144
Merged
wtgodbe merged 3 commits intoJun 11, 2026
Merged
Conversation
Re-resolve all yarn.lock files against the dnceng dotnet-public-npm feed. Force semver-regex>=3.1.4 (GHSA-44c6-4v22-4mhx) and http-cache-semantics>=4.1.1 (GHSA-rc47-6667-2j5j) via resolutions in SignalR FunctionalTests to clear the remaining high-severity advisories. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Updates JavaScript/TypeScript client dependency lockfiles (and one package’s Yarn resolutions) in the SignalR TS clients, project template tests, and JSInterop JS package to pick up newer transitive versions.
Changes:
- Bumps multiple transitive npm packages across several Yarn v1 lockfiles (e.g.,
ws,node-fetch,tough-cookie,psl, ESLint toolchain packages). - Adds Yarn
resolutionsentries in SignalR TS FunctionalTests to pin additional transitive packages (semver-regex,http-cache-semantics). - Introduces
undici-typesvia updated@types/nodewhere required.
Reviewed changes
Copilot reviewed 1 out of 11 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/SignalR/clients/ts/signalr/yarn.lock | Refreshes transitive dependencies for the SignalR TS client package (types + fetch/cookie stack updates). |
| src/SignalR/clients/ts/signalr-protocol-msgpack/yarn.lock | Refreshes transitive dependencies for the MsgPack protocol package (notably ws, cookie stack). |
| src/SignalR/clients/ts/FunctionalTests/package.json | Adds/extends Yarn resolutions to pin additional transitive dependencies. |
| src/ProjectTemplates/test/Templates.Tests/yarn.lock | Updates transitive dependencies for template test JS tooling (incl. @types/*, debug, ms). |
| src/JSInterop/Microsoft.JSInterop.JS/src/yarn.lock | Updates ESLint + related dependency graph and other transitive packages for the JSInterop JS package. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-actions
Bot
added
the
needs-area-label
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
wtgodbe
added
area-infrastructure
Contributor
|
Hey @dotnet/aspnet-build, looks like this PR is something you want to take a look at. |
TypeScript bumped 5.0.2 -> 5.9.3 in the npm update. Under TS 5.9 the FunctionalTests sources surface type errors that, with noEmitOnError, cause the language service to skip emit; ts-jest then throws "Unable to process ... outDir is neither '' or '.'". Diagnostics are already checked separately via 'tsc --noEmit', so the jest transform should emit regardless of type errors. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
wtgodbe
force-pushed
the
infrastructure/update-npm-packages-release-8.0-2026-06-10
branch
from
d219466 to
9548ae7
Compare
…unctionalTests) yarn classic (v1) fatally rejects a resolution whose version falls outside the range its only requester declares: semver-regex 3.1.4 vs the requested ^2.0.0 (from find-versions/bin-version), and http-cache-semantics 4.1.1 vs the exact 3.8.1 (from cacheable-request/got@8). These are pre-existing, deeply-nested, test-only puppeteer download-tooling deps that were already on the branch; they cannot be force-bumped under yarn v1 without major breaking bumps of got@8/bin-wrapper. Restore the natural (pristine) resolution to unblock 'Run restore.sh'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Jun 11, 2026
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.