Skip to content

build: lock file maintenance (main)#32946

Open
angular-robot wants to merge 1 commit intoangular:mainfrom
angular-robot:ng-renovate/main-lock-file-maintenance
Open

build: lock file maintenance (main)#32946
angular-robot wants to merge 1 commit intoangular:mainfrom
angular-robot:ng-renovate/main-lock-file-maintenance

Conversation

@angular-robot
Copy link
Copy Markdown
Contributor

@angular-robot angular-robot commented Apr 7, 2026
edited
Loading

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

  • If you want to rebase/retry this PR, check this box

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only] labels Apr 7, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates numerous dependencies in pnpm-lock.yaml. Several security concerns were identified regarding suspicious package versions and the removal of deprecation warnings for vulnerable packages. Specifically, lodash@4.18.1 and express-rate-limit@8.3.2 appear to be non-standard or potentially malicious versions. Additionally, the removal of the deprecation notice for @xmldom/xmldom@0.8.12 is problematic as that version contains known critical vulnerabilities.

@angular-robot
build: lock file maintenance
f6fddfb 
See associated pull request for more information.
@angular-robot angular-robot force-pushed the ng-renovate/main-lock-file-maintenance branch from 90957bd to f6fddfb Compare April 7, 2026 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgp1130 dgp1130 dgp1130 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@angular-robot @dgp1130