Update transitive linkify-it to 5.0.1 in lockfile#5608
Conversation
linkify-it to 5.0.1 in lockfile
|
@copilot The branch only has the empty "Initial plan" commit — none of the changes described in the PR body were actually committed/pushed (0 changed files). Please re-apply and push the lockfile-only update you described: bump the transitive |
|
✅ Copilot review passed with no inline comments. @copilot Add the |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🔌 Smoke Services — All services reachable! ✅ |
|
🚀 Security Guard has started processing this pull request |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
✅ Smoke Gemini completed. All facets verified. 💎 Smoke test completed with partial failures. File operations passed, but GitHub reads and connectivity failed in this environment. |
|
✅ Build Test Suite completed successfully! |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
✅ Contribution Check completed successfully! Contribution guidelines review complete for PR #5608: the lockfile-only transitive dependency update has a clear PR description, does not require code tests or documentation updates, and follows applicable file organization guidance. No comment needed. |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
✅ Smoke Claude passed |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
🔬 Smoke Test Results
PR: Update transitive Overall: FAIL — pre-step smoke data was not injected (template variables unexpanded).
|
Smoke Test: Claude Engine Validation
Overall result: PASS
|
🔥 Smoke Test: Copilot PAT — PASS
Overall: PASS • Auth mode: PAT (COPILOT_GITHUB_TOKEN)
|
|
Smoke Test: Copilot BYOK (Direct Mode) — PASS ✅
Running in direct BYOK mode. All tests passed.
|
|
Reviewed PRs:
Tests:
Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
🔍 Smoke Test: API Proxy OpenTelemetry Tracing
All scenarios pass. ✅
|
Chroot Smoke Test Results
Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.
|
Smoke Test Results — Services Connectivity
Overall: FAIL —
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
|
Apply safe dependency updates for June 2026 security refresh: ✅
|
|
|
Smoke Test Results
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
This updates the development dependency tree to address the high-severity ReDoS advisory in
linkify-it, which is pulled in transitively viamarkdownlint-cli2 -> markdown-it. The change is limited to the npm lockfile so the existing dependency declarations remain unchanged.Scope
linkify-itfrom5.0.0to5.0.1markdownlint-cli2and top-level manifests unchangedLockfile change
/home/runner/work/gh-aw-firewall/gh-aw-firewall/package-lock.jsonso the patched tarball and integrity hash are recordedResulting dependency path
Example lockfile delta