deps: upgrade dependencies to patch security vulnerabilities#273
deps: upgrade dependencies to patch security vulnerabilities#273
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates dependency sets and lockfiles across the monorepo (workspace packages, playground, perf-test, and example apps) to pick up patched versions for known vulnerabilities and modernize parts of the build tooling.
Changes:
- Bumps multiple dependencies in the playground and example apps via
yarn.lockupdates (e.g., Next, ESLint-related packages, esbuild/rollup toolchain). - Migrates Rollup minification from
rollup-plugin-terserto@rollup/plugin-terserin@thorvg/webcanvasand@thorvg/lottie-player. - Refreshes dev tooling versions in workspace packages (Rollup plugins, Vitest, TypeDoc, etc.) and normalizes workspace glob formatting.
Reviewed changes
Copilot reviewed 7 out of 13 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pnpm-workspace.yaml | Normalizes workspace package glob formatting. |
| playground/yarn.lock | Updates locked dependency graph for the playground (security/patch bumps). |
| playground/package.json | Minor dependency list reordering (no functional change intended). |
| perf-test/package.json | Updates dev dependency versions (notably ESLint major bump). |
| packages/webcanvas/rollup.config.js | Switches terser plugin import to @rollup/plugin-terser. |
| packages/webcanvas/package.json | Updates build/test/tooling deps; adds @rollup/plugin-terser and bumps related tooling. |
| packages/lottie-player/rollup.config.js | Switches terser plugin import to @rollup/plugin-terser. |
| packages/lottie-player/package.json | Updates build tooling deps; adds @rollup/plugin-terser and removes old terser plugin dependency. |
| examples/vue/yarn.lock | Updates locked dependency graph for the Vue example (security/patch bumps). |
| examples/svelte/yarn.lock | Updates locked dependency graph for the Svelte example (security/patch bumps). |
| examples/react/yarn.lock | Updates locked dependency graph for the React example (security/patch bumps). |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 16 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 16 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 14 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
🚀 Playground preview deployment ready! 🎮 Playground: https://thorvg-playground-8r9sjj0gh-thorvg-web.vercel.app |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 15 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
🚀 Playground preview deployment ready! 🎮 Playground: https://thorvg-playground-nad9lvehi-thorvg-web.vercel.app |
|
🚀 Perf Test preview deployment ready! 📊 Perf Test: https://thorvg-perf-test-59ojco3wv-thorvg-web.vercel.app |
No description provided.