Skip to content

fix: update AgentOps npm toolchain#56

Merged
ootakazuhiko merged 2 commits into
mainfrom
codex/catalog-sprint-226-deps-54
Jul 12, 2026
Merged

fix: update AgentOps npm toolchain#56
ootakazuhiko merged 2 commits into
mainfrom
codex/catalog-sprint-226-deps-54

Conversation

@ootakazuhiko

Copy link
Copy Markdown
Collaborator

Summary

  • update direct npm toolchain dependencies to current secure releases
  • refresh transitive lockfile entries to clear 10 audit findings
  • align the declared Node baseline and Book QA runtime to Node 22 required by markdownlint-cli 0.49
  • keep the unrelated Faraday / latest-http-server transitive warning tracked in [P2][Build] Faraday / whatwg-encoding warningを整理する #55

Changes

  • glob: ^10.3.10 → ^13.0.6
  • markdownlint-cli: ^0.47.0 → ^0.49.0
  • engines.node: 20 || >=22 → >=22.0.0
  • Book QA setup-node: 20 → 22
  • package-lock security refresh

Verification

  • npm ci
  • npm test
  • npm audit --audit-level=moderate (0 vulnerabilities)
  • docs Jekyll build + top-page smoke
  • git diff --check

Residual warning: whatwg-encoding 2.0.0 is transitive through latest http-server 14.1.1; Jekyll Faraday retry warning is also tracked in #55.

Closes #54

Copilot AI review requested due to automatic review settings July 12, 2026 08:57
@ootakazuhiko

Copy link
Copy Markdown
Collaborator Author

@codex review

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

npm ツールチェーンの監査指摘(npm audit)解消と、markdownlint-cli の要件に合わせた Node.js ベースライン更新を目的としたPRです。依存更新により脆弱性・deprecated 警告の低減と、CI/QA 実行環境の整合を図ります。

Changes:

  • glob / markdownlint-cli を現行のセキュアなリリースへ更新し、lockfile を更新
  • engines.node を Node 22 系へ引き上げ
  • Book QA workflow の Node 実行バージョンを 22 に更新

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
package.json Node エンジン要件と direct/dev dependency の更新
package-lock.json 依存解決結果の更新(audit 解消を目的としたトランジティブ更新含む)
.github/workflows/book-qa.yml QA ジョブの Node バージョンを 22 に更新

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json
@ootakazuhiko
ootakazuhiko requested a review from Copilot July 12, 2026 09:03
@ootakazuhiko

Copy link
Copy Markdown
Collaborator Author

@codex review latest commit a759ea9

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Keep them coming!

Reviewed commit: a759ea9cdb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/book-qa.yml
@ootakazuhiko
ootakazuhiko merged commit 9f7d4ea into main Jul 12, 2026
4 checks passed
@ootakazuhiko
ootakazuhiko deleted the codex/catalog-sprint-226-deps-54 branch July 12, 2026 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[P1][Dependencies] npm audit 10件とdeprecated toolchainを解消する

2 participants