Skip to content

Remove customNPMRegistry overrides from pipeline templates and apply lockfile audit remediations#124

Closed
Copilot wants to merge 2 commits into
mainfrom
copilot/remove-customnpmregistry-override
Closed

Remove customNPMRegistry overrides from pipeline templates and apply lockfile audit remediations#124
Copilot wants to merge 2 commits into
mainfrom
copilot/remove-customnpmregistry-override

Conversation

Copilot AI commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR removes deprecated/explicit npm registry overrides from Azure pipeline templates and applies npm audit fix updates to reduce dependency risk in the lockfile.

  • Pipeline template cleanup

    • Removed customNPMRegistry: '' from:
      • build/azure-pipeline.pr.yml
      • build/azure-pipeline.pre-release.yml
    • Leaves template defaults in control of npm registry behavior.

  • Dependency audit remediation

    • Ran npm audit fix, updating vulnerable transitive packages in package-lock.json (no direct dependency API changes).
    • Includes lockfile-level upgrades such as form-data, hasown, js-yaml, mocha, and tar where resolvable.
# before
parameters:
  customNPMRegistry: ''
  l10nSourcePaths: ./src

# after
parameters:
  l10nSourcePaths: ./src
Original prompt

Remove customnpmregistry override from pipeline templates. Also run npm audit fix. Create a PR.

Created from VS Code.

Copilot AI changed the title [WIP] Remove customnpmregistry override from pipeline templates and run npm audit fix Remove customNPMRegistry overrides from pipeline templates and apply lockfile audit remediations Jun 19, 2026
Copilot AI requested a review from rzhao271 June 19, 2026 20:55
@rzhao271 rzhao271 added this to the 1.126.0 milestone Jun 19, 2026
@rzhao271 rzhao271 marked this pull request as ready for review June 19, 2026 20:57
@rzhao271 rzhao271 enabled auto-merge (squash) June 19, 2026 20:57
@rzhao271

rzhao271 commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

@copilot Replace postinstall downloads with new devDependencies.

Copilot AI commented Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

@copilot Replace postinstall downloads with new devDependencies.

I can make this change, but I need the exact package names/versions you want for the replacement. Should I switch to @types/vscode + @vscode/pyodide, or a different dependency set?

Copilot AI requested a review from rzhao271 June 19, 2026 21:16
@rzhao271 rzhao271 closed this Jun 19, 2026
auto-merge was automatically disabled June 19, 2026 21:25

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rzhao271 rzhao271 Awaiting requested review from rzhao271

Assignees

@rzhao271 rzhao271

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

1.126.0

Development

Successfully merging this pull request may close these issues.

2 participants

@rzhao271