fix(dev-deps): update dev-deps for audit fix#426
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates JavaScript dev-dependencies (and regenerates package-lock.json) to address npm audit findings in the project’s development/test/documentation toolchain.
Changes:
- Bump dev dependencies including
mocha,sinon, andvitepress. - Regenerate
package-lock.jsonto reflect updated transitive dependencies and metadata (e.g., license fields).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates selected dev dependency versions (notably mocha to a beta). |
| package-lock.json | Lockfile refresh for the new dev dependency graph (includes new Node engine constraints for updated tooling). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "jsdoc-to-markdown": "^9.1.3", | ||
| "mocha": "11.7.5", | ||
| "jsdoc-to-markdown": "9.1.3", | ||
| "mocha": "12.0.0-beta-9.2", |
There was a problem hiding this comment.
mocha is being upgraded to a beta (12.0.0-beta-9.2). In the lockfile this version declares engines.node as ^20.19.0 || >=22.12.0, which is a much higher (and very specific) minimum than this repo’s current engines.node: >=16.0.0 and the docs that state Node >=16. Please either (a) keep Mocha on a stable release compatible with the intended Node support range, or (b) explicitly bump the project’s supported Node version(s) (engines + documentation/CI) so the constraints are consistent.
| "mocha": "12.0.0-beta-9.2", | |
| "mocha": "10.8.2", |
There was a problem hiding this comment.
We should update the docs, stating that the builds require at least node 16+, while tests require node 22+
Summary
This updates all dev-dependencies to resolve any occurring audit issues.
Linked issue(s)
none
Involved parts of the project
Dev-Dependencies, mostly test infrastructure
Added tests?
none
OAuth2 standard
none
Reproduction
npm install && npm audit