Override uuid package to 11.1.1#4449
Draft
nickrolfe wants to merge 1 commit into
Draft
Conversation
The vulnerable uuid@8.3.2 was pulled in transitively by @azure/msal-node. Force the resolution to 11.1.1 via an npm override. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: c9765432-b317-4939-8e5c-33df6b815f5f
Contributor
Author
|
msal-node imports import { v4 } from 'uuid'; |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR mitigates a reported vulnerability by forcing the uuid package version used by the extensions/ql-vscode dependency tree, replacing the previously transitively-installed uuid@8.3.2 (via @azure/msal-node) with uuid@11.1.1 using npm overrides.
Changes:
- Add an npm
overridesentry to forceuuid@11.1.1. - Update
package-lock.jsonto remove the nesteduuid@8.3.2instance and recorduuid@11.1.1in the resolved dependency graph.
Show a summary per file
| File | Description |
|---|---|
| extensions/ql-vscode/package.json | Adds an npm override to force uuid@11.1.1. |
| extensions/ql-vscode/package-lock.json | Reflects the resolved dependency graph after applying the override (removes nested uuid@8.3.2, adds uuid@11.1.1). |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Files not reviewed (1)
- extensions/ql-vscode/package-lock.json: Generated file
- Files reviewed: 1/2 changed files
- Comments generated: 2
- Review effort level: Low
| "@hpcc-js/wasm": "2.30.0" | ||
| } | ||
| }, | ||
| "uuid": "11.1.1" |
Comment on lines
455
to
457
| "node": ">=16" | ||
| } | ||
| }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The vulnerable uuid@8.3.2 was pulled in transitively by @azure/msal-node.
Force the resolution to 11.1.1 via an npm override.
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
Copilot-Session: c9765432-b317-4939-8e5c-33df6b815f5f