Skip to content

Comments

[Beta] Merge [Main] into beta - prepare for beta release#2705

Merged
MSNev merged 3 commits intobetafrom
MSNev/BetaRelease
Feb 20, 2026
Merged

[Beta] Merge [Main] into beta - prepare for beta release#2705
MSNev merged 3 commits intobetafrom
MSNev/BetaRelease

Conversation

@MSNev
Copy link
Collaborator

@MSNev MSNev commented Feb 20, 2026

No description provided.

@MSNev MSNev added this to the 3.4.0-beta milestone Feb 20, 2026
@MSNev MSNev requested a review from a team as a code owner February 20, 2026 21:18
Copilot AI review requested due to automatic review settings February 20, 2026 21:18
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the beta branch in preparation for a beta release by syncing configuration/package versions and refreshing Rush-managed dependency lockfiles.

Changes:

  • Bump applicationinsights-web-config and related config JSON versions to 1.0.6.
  • Enable zipPayload feature opt-in (mode: 3) in config and add it to the test config.
  • Update Rush shrinkwrap / common dependency preferences, including pinning glob and upgrading a number of tooling dependencies.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tools/config/test-config.json Updates test config version and adds zipPayload opt-in configuration.
tools/config/package.json Bumps applicationinsights-web-config package version to 1.0.6.
tools/config/config.json Bumps config version and switches zipPayload.mode to enabled (3).
common/config/rush/npm-shrinkwrap.json Updates lockfile with new/changed dependency resolutions (notably eslint/tooling and glob).
common/config/rush/common-versions.json Adds a preferred version pin for glob (7.2.3).
Files not reviewed (1)
  • common/config/rush/npm-shrinkwrap.json: Language not supported

* instead of the latest version.
*/
// "some-library": "1.2.3"
"glob": "7.2.3",
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinning glob to 7.2.3 introduces a deprecated version that the package itself flags as containing widely publicized security vulnerabilities. If possible, prefer upgrading glob to a currently supported major (and adjust any dependent tooling accordingly), or document why the repo must remain on 7.2.3 and how vulnerability risk is mitigated.

Suggested change
"glob": "7.2.3",
"glob": "^10.3.10",

Copilot uses AI. Check for mistakes.
Comment on lines 3787 to 3793
"node_modules/glob": {
"version": "8.1.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz",
"integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==",
"version": "7.2.3",
"resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
"integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
"deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
"dependencies": {
"fs.realpath": "^1.0.0",
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The resolved glob dependency is 7.2.3 and includes a deprecation notice warning about widely publicized security vulnerabilities. If this is being forced via overrides/preferredVersions, consider upgrading to a supported glob major (or otherwise justify/mitigate keeping 7.2.3).

Copilot uses AI. Check for mistakes.
@MSNev MSNev enabled auto-merge February 20, 2026 21:28
@MSNev MSNev merged commit b933c83 into beta Feb 20, 2026
13 checks passed
@MSNev MSNev deleted the MSNev/BetaRelease branch February 20, 2026 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants