Skip to content

build: lock file maintenance (21.2.x)#32947

Open
angular-robot wants to merge 1 commit intoangular:21.2.xfrom
angular-robot:ng-renovate/21.2.x-lock-file-maintenance
Open

build: lock file maintenance (21.2.x)#32947
angular-robot wants to merge 1 commit intoangular:21.2.xfrom
angular-robot:ng-renovate/21.2.x-lock-file-maintenance

Conversation

@angular-robot
Copy link
Copy Markdown
Contributor

@angular-robot angular-robot commented Apr 7, 2026
edited by alan-agius4
Loading

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

  • If you want to rebase/retry this PR, check this box

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only] labels Apr 7, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates a wide range of dependencies in the pnpm-lock.yaml file, including minor and patch version bumps for packages such as @types/node, browserslist, hono, and lru-cache. However, several critical issues were identified in the feedback. Specifically, the removal of the deprecation notice for @xmldom/xmldom@0.8.12 is a security concern as that version contains known vulnerabilities. Additionally, the update to lodash@4.18.1 is highly suspicious because it exceeds the official stable versioning, indicating a potential supply chain risk. Finally, the inclusion of resolve@2.0.0-next.6 introduces an unstable pre-release version that could lead to unpredictable module resolution behavior.

@angular-robot
build: lock file maintenance
00c5798 
See associated pull request for more information.
@angular-robot angular-robot force-pushed the ng-renovate/21.2.x-lock-file-maintenance branch from c41550a to 00c5798 Compare April 7, 2026 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@angular-robot @alan-agius4