chore(deps): fix vulnerability #2391
Conversation
fix sonarqube issues
fix sonarqube issues
vaibhavbhalla2505
requested review from
a team,
Surbhi-sharma1,
Swati0077,
akshatdubeysf,
rashisf and
yeshamavani
as code owners
There was a problem hiding this comment.
Pull request overview
This pull request addresses issue #2388 by updating dependencies, documentation, and applying code style improvements. The primary changes involve downgrading @types/moment to a specific version, refactoring JWT secret handling in test files to use environment variables, updating class declarations for consistent formatting, and bumping service version numbers.
- Standardized test authentication by moving hardcoded JWT secrets to environment variables
- Applied consistent code formatting to class declarations across multiple provider files
- Updated package dependencies including Node.js versions and type definitions
Reviewed changes
Copilot reviewed 157 out of 168 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| services/video-conferencing-service/package.json | Downgraded @types/moment version |
| services/scheduler-service/src/tests/* | Moved JWT secrets to environment variables in test files |
| services/authentication-service/src/providers/* | Reformatted class declarations for consistency |
| packages/core/package.json | Updated @types/moment version |
| package.json | Updated lerna version and added qs override |
| .github/workflows/*.yml | Updated Node.js version in CI workflows |
| README.md | Added new LoopBack extension entries |
Files not reviewed (2)
- sandbox/chat-notification-pubnub-example/facade/package-lock.json: Language not supported
- sandbox/chat-notification-socketio-example/facade/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '22.x' | ||
| node-version: '20.x' |
There was a problem hiding this comment.
Downgrading from Node.js 22.x to 20.x in the release workflow could cause inconsistencies if the codebase relies on Node.js 22 features. Ensure all Node.js 22-specific features have been removed or that this downgrade is intentional and documented.
| node-version: '20.x' | |
| node-version: '22.x' |
| running command... | ||
| $ sl (-v|--version|version) | ||
| @sourceloop/cli/12.2.0 linux-x64 node-v22.21.1 | ||
| @sourceloop/cli/12.2.0 darwin-arm64 node-v22.17.1 |
There was a problem hiding this comment.
The platform change from 'linux-x64' to 'darwin-arm64' and node version from 'v22.21.1' to 'v22.17.1' in the README suggests this was modified on a specific developer's machine. Documentation examples should use consistent, generic platform information or be regenerated in CI to avoid confusion.
| @sourceloop/cli/12.2.0 darwin-arm64 node-v22.17.1 | |
| @sourceloop/cli/12.2.0 <platform> node-<version> |
|
Description
This pull request introduces several dependency and documentation updates, along with minor code style improvements and expanded TypeScript build artifacts. The most notable changes include updating Node.js and package dependencies, expanding the documentation for LoopBack extensions, and refactoring class declarations for consistency.
Fixes #2388
Type of change
Please delete options that are not relevant.
Checklist: