npm パッケージについて脆弱性パッチを適用および内部の細かな改善を実施#4896
Merged
rnakagawa16 merged 6 commits intomainfrom Mar 23, 2026
Hidden character warning
The head ref may contain hidden characters: "feature/\u8106\u5f31\u6027\u30d1\u30c3\u30c1\u3092\u9069\u7528"
Merged
Conversation
Prototype Pollution via parse() in NodeJS flatted - GHSA-rf6f-7fwh-wjgh
Closed
Contributor
There was a problem hiding this comment.
Pull request overview
npm パッケージの脆弱性対応と依存関係の整合性改善を目的に、サンプルフロントエンド群の依存関係(主に eslint 系)を更新し、不要な依存を削除するPRです。
Changes:
- 脆弱性対応を含む依存関係更新(minimatch / ajv / flatted などの間接依存も更新)
- eslint を 9.39.4 へアップグレード(関連する eslint パッケージも追従)
- AzureADB2C サンプルで未使用の
@heroicons/vueを削除し、@vitest/eslint-pluginを他サンプルと同一パッチへ更新
Reviewed changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| samples/ExternalIDSampleForSPA/auth-frontend/package-lock.json | eslint 9.39.4 反映+関連依存(minimatch/flatted 等)の更新と整合性調整 |
| samples/ExternalIDSampleForSPA/auth-frontend/app/package.json | eslint を 9.39.4 に更新 |
| samples/Dressca/dressca-frontend/package-lock.json | eslint 9.39.4 反映+関連依存(minimatch/flatted 等)の更新と整合性調整 |
| samples/Dressca/dressca-frontend/consumer/package.json | eslint を 9.39.4 に更新 |
| samples/Dressca/dressca-frontend/admin/package.json | eslint を 9.39.4 に更新 |
| samples/AzureADB2CAuth/auth-frontend/package-lock.json | eslint 9.39.4 反映、@vitest/eslint-plugin 更新、@heroicons/vue 削除を lock に反映 |
| samples/AzureADB2CAuth/auth-frontend/app/package.json | eslint を 9.39.4 に更新、@vitest/eslint-plugin を 1.6.12 に更新、@heroicons/vue を削除 |
Files not reviewed (3)
- samples/AzureADB2CAuth/auth-frontend/package-lock.json: Language not supported
- samples/Dressca/dressca-frontend/package-lock.json: Language not supported
- samples/ExternalIDSampleForSPA/auth-frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
以下動作確認実施しました。
マージします。 |
rnakagawa16
approved these changes
Mar 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
この Pull request で実施したこと
確認事項
この Pull request では実施していないこと
なし
Issues や Discussions 、関連する Web サイトなどへのリンク