MLE-12345 Merging master into develop #303
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Finish up 3.9.0
docs bug fixes
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.16.2...v1.16.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ri-1.16.5 Bump nokogiri from 1.16.2 to 1.16.5 in /docs
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.2.6...v3.2.8) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…/braces-3.0.3 Bump braces from 3.0.2 to 3.0.3 in /server
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…-3.0.3 Bump braces from 3.0.2 to 3.0.3
…3.2.8 Bump rexml from 3.2.6 to 3.2.8 in /docs
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.5 to 4.4.1. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.5...v4.4.1) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.8 to 3.3.6. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.2.8...v3.3.6) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…3.3.6 Bump rexml from 3.2.8 to 3.3.6 in /docs
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8. - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) --- updated-dependencies: - dependency-name: micromatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…atch-4.0.8 Bump micromatch from 4.0.5 to 4.0.8
…ml-parser-4.4.1 Bump fast-xml-parser from 4.3.5 to 4.4.1
Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](ruby/webrick@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.1 to 5.95.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.76.1...v5.95.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…k-1.8.2 Bump webrick from 1.8.1 to 1.8.2 in /docs
Also updates the docker base image in the test app.
Fixes a high vulnerability.
…k-5.95.0 Bump webpack from 5.76.1 to 5.95.0
Revert the webpack upgrade - It appears that updating webpack > 5.76.1 requires updating "@types/node" to "18.0+". However, that it causing type violations. So, upgrading webpack will require a significant effort. Update a handful of trivial upgrades.
Bump the version to 3.9.1 and update the changelog.
While trying to build VSIX, I discovered that I had forgotten that the version of the '@types/vscode' can't be greater than the engines.vscode that is defined at the top of the package.json file. Therefore reverted that dependency version.
Revert one of the upgrades.
Bumps [rexml](https://github.com/ruby/rexml) from 3.3.6 to 3.3.9. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.3.6...v3.3.9) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…3.3.9 Bump rexml from 3.3.6 to 3.3.9 in /docs
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.5 to 1.18.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.16.5...v1.18.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ri-1.18.4 Bump nokogiri from 1.16.5 to 1.18.4 in /docs
Bumps [uri](https://github.com/ruby/uri) from 0.13.0 to 0.13.2. - [Release notes](https://github.com/ruby/uri/releases) - [Commits](ruby/uri@v0.13.0...v0.13.2) --- updated-dependencies: - dependency-name: uri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…13.2 Bump uri from 0.13.0 to 0.13.2 in /docs
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.18.4 to 1.18.8. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.4...v1.18.8) --- updated-dependencies: - dependency-name: nokogiri dependency-version: 1.18.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ri-1.18.8 Bump nokogiri from 1.18.4 to 1.18.8 in /docs
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.3. - [Commits](https://github.com/mafintosh/tar-fs/commits) --- updated-dependencies: - dependency-name: tar-fs dependency-version: 2.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…-2.1.3 Bump tar-fs from 2.1.1 to 2.1.3
--- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ata-4.0.4 Bump form-data from 4.0.0 to 4.0.4
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.3 to 2.1.4. - [Commits](mafintosh/tar-fs@v2.1.3...v2.1.4) --- updated-dependencies: - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…-2.1.4 Bump tar-fs from 2.1.3 to 2.1.4
There was a problem hiding this comment.
Pull Request Overview
This PR merges master into develop to incorporate vulnerability fixes and dependency updates. The changes primarily address security concerns by updating package versions and fixing documentation references.
Key changes:
- Updated dependencies to address known vulnerabilities (fast-xml-parser, path-to-regexp)
- Updated Docker image reference to use the official Progress repository
- Fixed documentation image and link paths
Reviewed Changes
Copilot reviewed 5 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| test-app/docker-compose.yaml | Updates MarkLogic Docker image to use progressofficial repository |
| package.json | Version bump to 3.9.1, updates vulnerable dependencies, and reorganizes dependency comments |
| docs/serverStatusView.md | Fixes image path and internal documentation link to use relative paths |
| docs/debugging-support/remoteRequests.md | Corrects image path to use relative reference |
| CHANGELOG.md | Adds release notes for version 3.9.1 |
Files not reviewed (1)
- server/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| marklogic: | ||
| image: "marklogicdb/marklogic-db:11.1.0-centos-1.1.0" | ||
| image: "progressofficial/marklogic-db:latest" |
There was a problem hiding this comment.
Using the 'latest' tag in Docker images is not recommended for production or reproducible builds. Consider pinning to a specific version tag (e.g., '11.1.0-centos-1.1.0' or a newer specific version) to ensure consistency across deployments and avoid unexpected breaking changes.
Suggested change
| image: "progressofficial/marklogic-db:latest" | |
| image: "progressofficial/marklogic-db:11.1.0-centos-1.1.0" |
| "webpack": "Something with version 5.80.0 is breaking the integration tests (and other things?).", | ||
| "webpackProblem": "Something with version 5.95.0 is breaking the integration tests (and other things?).", | ||
| "webpackFix": "I believe this will require upgrading the @types/node and will not be trivial.", | ||
| "@types/vscode": "This needs to match the value at the top of this file in 'engines.vscode`", |
There was a problem hiding this comment.
Corrected typo: 'engines.vscode`' should be 'engines.vscode'.
Suggested change
| "@types/vscode": "This needs to match the value at the top of this file in 'engines.vscode`", | |
| "@types/vscode": "This needs to match the value at the top of this file in 'engines.vscode'", |
| are currently in "connected" mode - see | ||
| [Attach - Attach & step through remote requests](remoteRequests.md) for more | ||
| information. Then, the view and lists are updated anytime there is a change to | ||
| [Attach - Attach & step through remote requests](debugging-support/remoteRequests.html) |
There was a problem hiding this comment.
The link uses '.html' extension but Markdown files typically use '.md' extension in source repositories. If this documentation is processed by a static site generator that converts .md to .html, this is correct. Otherwise, it should be 'debugging-support/remoteRequests.md'.
Suggested change
| [Attach - Attach & step through remote requests](debugging-support/remoteRequests.html) | |
| [Attach - Attach & step through remote requests](debugging-support/remoteRequests.md) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Getting some vulnerability fixes on develop