Skip to content

Comments

Enforce fast-json-patch@3.1.1 via dependency overrides for all 3 portals#1253

Open
manodyaSenevirathne wants to merge 1 commit intowso2:mainfrom
manodyaSenevirathne:bump/fast-json-patch
Open

Enforce fast-json-patch@3.1.1 via dependency overrides for all 3 portals#1253
manodyaSenevirathne wants to merge 1 commit intowso2:mainfrom
manodyaSenevirathne:bump/fast-json-patch

Conversation

@manodyaSenevirathne
Copy link

@manodyaSenevirathne manodyaSenevirathne commented Feb 23, 2026
edited by coderabbitai bot
Loading

Purpose

$Subject

Related issue

wso2/api-manager#4605

Summary by CodeRabbit

  • Chores
    • Updated internal dependency management to ensure consistent package resolution across the platform.

@coderabbitai
Copy link

coderabbitai bot commented Feb 23, 2026
edited
Loading

Walkthrough

Adds fast-json-patch version override (^3.1.1) to three package.json files across different portals (admin, devportal, publisher). This pins a transitive dependency's version for consistent resolution without altering runtime behavior or scripts.

Changes

Cohort / File(s) Summary
Dependency Overrides
portals/admin/src/main/webapp/package.json, portals/devportal/src/main/webapp/package.json, portals/publisher/src/main/webapp/package.json		 Added fast-json-patch override with version constraint ^3.1.1 to pin transitive dependency resolution across portals. Admin portal introduces new "overrides" section; devportal and publisher add entry to existing overrides.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Three portals secured, one patch pinned tight,
Fast-json hops now in versions just right,
No conflicts will boil, no chaos will spread,
Dependencies nested, all orderly fed!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and specifically summarizes the main change: enforcing fast-json-patch@3.1.1 via dependency overrides across all three portals, which is exactly what the changeset implements.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

coderabbitai[bot]
coderabbitai bot reviewed Feb 23, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
portals/publisher/src/main/webapp/package.json (1)

181-181: Consider pinning an exact version rather than a caret range for a security override.

The PR title says "Enforce fast-json-patch@3.1.1", but ^3.1.1 resolves to >=3.1.1 <4.0.0. Since this override exists specifically to exclude a vulnerable version (CVE-2021-4279), an exact version pin ("3.1.1") is more explicit about intent and prevents an unexpected 3.x release from being silently resolved. Currently this is functionally equivalent since 3.1.1 is the latest release, but the inconsistency with the PR title is worth addressing.

♻️ Proposed change (all three portals) 
-        "fast-json-patch": "^3.1.1",
+        "fast-json-patch": "3.1.1",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@portals/publisher/src/main/webapp/package.json` at line 181, The dependency
entry for fast-json-patch currently uses a caret range ("^3.1.1") which allows
any 3.x release; change it to an exact version string ("3.1.1") in package.json
to match the PR intent and prevent future 3.x updates from being pulled silently
— update the "fast-json-patch" dependency key in the package.json files for all
three portals (the entry currently showing ^3.1.1) to use "3.1.1" exactly.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@portals/publisher/src/main/webapp/package.json`:
- Line 181: The dependency entry for fast-json-patch currently uses a caret
range ("^3.1.1") which allows any 3.x release; change it to an exact version
string ("3.1.1") in package.json to match the PR intent and prevent future 3.x
updates from being pulled silently — update the "fast-json-patch" dependency key
in the package.json files for all three portals (the entry currently showing
^3.1.1) to use "3.1.1" exactly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@lasanthaS lasanthaS Awaiting requested review from lasanthaS lasanthaS is a code owner

@Krishanx92 Krishanx92 Awaiting requested review from Krishanx92 Krishanx92 is a code owner

@tharikaGitHub tharikaGitHub Awaiting requested review from tharikaGitHub tharikaGitHub is a code owner

@piyumaldk piyumaldk Awaiting requested review from piyumaldk piyumaldk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@manodyaSenevirathne