From e38f3abaa86e4fcc915580bf8b7b70c570743978 Mon Sep 17 00:00:00 2001 From: Raanan Weber Date: Fri, 10 Jul 2026 15:55:35 +0200 Subject: [PATCH 1/3] chore(deps): pin deps to versions at least 7 days old Downgrade four transitive/direct deps whose locked versions were published less than 7 days ago to the newest versions published on or before the 7-day cutoff, per company policy: - baseline-browser-mapping 2.10.42 -> 2.10.41 - electron-to-chromium 1.5.387 -> 1.5.385 - tsx 4.23.0 -> 4.22.5 - webpack 5.108.4 -> 5.108.3 Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --- package-lock.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 427569197..27b61681c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4745,9 +4745,9 @@ } }, "node_modules/baseline-browser-mapping": { - "version": "2.10.42", - "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.42.tgz", - "integrity": "sha512-c/jurFrDLyui7o1J86yLkRu4LMsTYcBohveus7/I2Hzdn9KIP2bdJPTue/lR1KH46enoPbD77GKeSYNdyPoD3Q==", + "version": "2.10.41", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.41.tgz", + "integrity": "sha512-WwS7MHhqGHHlaVsqRZnhvCEMS0owDX+SxRlve7JkuH7My1Ara3ZriTmCQupPfYjxMZ8I/tgxtJYr2t7taHaH4A==", "license": "Apache-2.0", "bin": { "baseline-browser-mapping": "dist/cli.cjs" @@ -5714,9 +5714,9 @@ "license": "MIT" }, "node_modules/electron-to-chromium": { - "version": "1.5.387", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.387.tgz", - "integrity": "sha512-TaxwufTFDufvPEoXdhwVrA3UdFWBeWGkYoJ1K8ldF1xe6gKfth6iRNS5lTQ5JPNOHdGQm8PT1QYKUqFLCiUefQ==", + "version": "1.5.385", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.385.tgz", + "integrity": "sha512-78sa/M08MNAYHQfjoWMvOlKQqZ0ElhSm/L5HNUc96VZ3b+KvDVnngFm8sYQy0XrhTRgAhggHr5abA7yTvRdo4Q==", "license": "ISC" }, "node_modules/emoji-regex": { @@ -13641,9 +13641,9 @@ "license": "0BSD" }, "node_modules/tsx": { - "version": "4.23.0", - "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.23.0.tgz", - "integrity": "sha512-eUdUIaCr963q2h5u3+QwvYp0+eqPvn+egeqZUm0hwERCqqx1E3kK5ehbGCvqSE5MQAULr67ww0cA3jKc3YkM1w==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.22.5.tgz", + "integrity": "sha512-F7JnSfPl5ASt6LqwWyUQ3T8BwN3q0eQEbFMYa2iRWaVQmmudo0d7fRmwM4O002gsvW1bs0yBYioutsAjqLJMvQ==", "dev": true, "license": "MIT", "dependencies": { @@ -14514,9 +14514,9 @@ "license": "Apache-2.0" }, "node_modules/webpack": { - "version": "5.108.4", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.108.4.tgz", - "integrity": "sha512-yur8LyJoeiWh47dErD+Ok7vlbmDsJ3UbbRPAoxbGJ54WpE2y5yVo5G/inUzujnYgw3tPmBRdn+G7PoxXaYC33w==", + "version": "5.108.3", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.108.3.tgz", + "integrity": "sha512-hOpaCHmQVVY66IVTjofnH14IgSdmod2aquSGHGuYig/OIdWge01Hk2Wt988DZcwXumFUT4+FvJY5N+ikl8o/ww==", "devOptional": true, "license": "MIT", "dependencies": { From bb8fe3d446b31883a12fd3e207071c012206c5f1 Mon Sep 17 00:00:00 2001 From: Raanan Weber Date: Fri, 10 Jul 2026 16:11:43 +0200 Subject: [PATCH 2/3] chore(deps): enforce 7-day min release age and npm >= 11.10 Add an .npmrc with min-release-age=7 so npm only installs package versions published at least 7 days ago (npm 11.10.0+ feature), and engine-strict=true to enforce the engines requirement. Require npm >= 11.10.0 in package.json engines, since older npm silently ignores min-release-age. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --- .npmrc | 6 ++++++ package.json | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 000000000..b625ea83d --- /dev/null +++ b/.npmrc @@ -0,0 +1,6 @@ +# Company policy: only install package versions published at least 7 days ago. +# Requires npm >= 11.10.0 (older npm silently ignores this setting). +min-release-age=7 + +# Enforce the "engines" requirement in package.json (e.g. the npm version). +engine-strict=true diff --git a/package.json b/package.json index a852b9e67..b833d13c4 100644 --- a/package.json +++ b/package.json @@ -79,5 +79,8 @@ }, "overrides": { "postcss": "^8.5.10" + }, + "engines": { + "npm": ">=11.10.0" } } From 5e69a300fb57e320531b3441ec888e31dc11a5db Mon Sep 17 00:00:00 2001 From: Raanan Weber Date: Fri, 10 Jul 2026 16:19:39 +0200 Subject: [PATCH 3/3] ci: bump Node to 24.x so npm >= 11.10.0 is available npm ci was failing with EBADENGINE because Node 22.x ships npm 10.x, below the engines requirement (npm >= 11.10.0) needed for the min-release-age dependency-cooldown policy. Node 24.x bundles npm 11.16+, satisfying the requirement. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 3f1911ca3..321e7760f 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -12,7 +12,7 @@ pool: vmImage: ubuntu-latest variables: - NODE_VERSION: 22.x + NODE_VERSION: 24.x NPM_CONFIG_CACHE: $(Pipeline.Workspace)/.npm DOCS_ZIP: $(Build.ArtifactStagingDirectory)/docs.zip SNAPSHOT_BASE_URL: https://snapshots-cvgtc2eugrd3cgfd.z01.azurefd.net