Skip to content

Conversation

@angelcaz-msft
Copy link
Member

What

Updated axios to ^1.12.2 and playwright (including playwright-core) to ^1.55.1 across the entire repository by adding globalOverrides in common/config/rush/pnpm-config.json.

Why

To address security vulnerabilities found in older versions of axios (< 1.12.2) and playwright (1.55.0). These dependencies were being pulled in transitively by other packages, so globalOverrides was used to enforce the secure versions repository-wide.

image

How Tested

  • Ran rush update --full and rush update --full --variant stable to regenerate lockfiles.
  • Verified common/config/rush/pnpm-lock.yaml to ensure axios and playwright versions are updated and overrides are applied.
  • Validated that the build passes locally.

Process & policy checklist

  • I have updated the project documentation to reflect my changes if necessary.
  • I have read the CONTRIBUTING documentation.

Is this a breaking change?

  • This change causes current functionality to break.

@angelcaz-msft angelcaz-msft requested review from a team as code owners November 28, 2025 21:41
@angelcaz-msft angelcaz-msft added the does not need changelog Changes that does not affect the published package in any way do not need changelog entry label Nov 28, 2025
@github-actions
Copy link
Contributor

📦 Calling bundle size

Bundle Base Size (bytes) Current Size (bytes) Change Delta (bytes)
build.bundle.js 6767681 6767742 ⚠️ increased 61
580.bundle.js 12407925 12407925 ➖ unchanged 0

Total change: +61 B ⚠️

@github-actions
Copy link
Contributor

📦 Chat bundle size

Bundle Base Size (bytes) Current Size (bytes) Change Delta (bytes)
build.bundle.js 1793916 1793883 ⬇️ decreased -33
398.bundle.js 375829 375829 ➖ unchanged 0
450.bundle.js 4454 4454 ➖ unchanged 0
82.bundle.js 28161 28161 ➖ unchanged 0
91.bundle.js 4102 4102 ➖ unchanged 0

Total change: -33 B ⬇️

@github-actions
Copy link
Contributor

📦 CallWithChat bundle size

Bundle Base Size (bytes) Current Size (bytes) Change Delta (bytes)
build.bundle.js 7758336 7758397 ⚠️ increased 61
450.bundle.js 4470 4470 ➖ unchanged 0
580.bundle.js 12407938 12407938 ➖ unchanged 0
727.bundle.js 372564 372564 ➖ unchanged 0
82.bundle.js 28177 28177 ➖ unchanged 0
91.bundle.js 4118 4118 ➖ unchanged 0

Total change: +61 B ⚠️

@github-actions
Copy link
Contributor

@azure/communication-react jest test coverage for stable.

Lines Statements Functions Branches
Base 29739 / 47381
62.76%
29739 / 47381
62.76%
810 / 1491
54.32%
2394 / 3842
62.31%
Current 29740 / 47383
62.76%
29740 / 47383
62.76%
810 / 1491
54.32%
2394 / 3842
62.31%
Diff 1 / 2
0%
1 / 2
0%
0 / 0
0%
0 / 0
0%

@github-actions
Copy link
Contributor

@azure/communication-react jest test coverage for beta.

Lines Statements Functions Branches
Base 58580 / 95109
61.59%
58580 / 95109
61.59%
1180 / 2709
43.55%
3417 / 5799
58.92%
Current 58644 / 95117
61.65%
58644 / 95117
61.65%
1180 / 2709
43.55%
3406 / 5799
58.73%
Diff 64 / 8
0.06%
64 / 8
0.06%
0 / 0
0%
-11 / 0
-0.19%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

does not need changelog Changes that does not affect the published package in any way do not need changelog entry

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants