pawarprasad123 opened a new pull request, #667:
URL: https://github.com/apache/atlas/pull/667
## What changes were proposed in this pull request?
This PR updates direct and transitive npm dependencies in
`dashboard/package.json` and `docs/package.json` (including `overrides` and
lockfiles) to align with upstream recommended releases. No application source
code changes are included.
## Changes
### dashboard/package.json
- Upgraded `axios` from 1.15.2 to 1.16.0 (direct dependency)
- Upgraded `@babel/preset-env` from 7.28.5 to 7.29.5
- Added overrides:
- `handlebars`: 4.7.9 (transitive via ts-jest)
- `axios`: 1.16.0
- `@babel/plugin-transform-modules-systemjs`: 7.29.4
### docs/package.json
- Upgraded `axios` from 1.15.2 to 1.16.0 (devDependency)
- Updated overrides:
- `shell-quote`: 1.7.3 → 1.8.4
- `axios`: 1.16.0
- `html-minifier`: 4.0.0 (unified transitive version)
- `tmp`: 0.2.6
- Existing patch-package patches retained:
- `docs/patches/html-minifier+4.0.0.patch`
- `docs/patches/http-proxy-middleware+0.19.1.patch`
## Dependency update overview
| Package | Module | Before | After | Where used in Atlas | Impact |
|---------|--------|--------|-------|---------------------|--------|
| axios | dashboard | 1.15.2 | 1.16.0 | `fetchApi.ts`, API layer | Low — no
API renames; fetchApi tests pass |
| axios | docs | 1.15.2 | 1.16.0 | `TeamList/index.js` | Low — simple GET
usage |
| handlebars | dashboard | 4.7.8 (transitive) | 4.7.9 | ts-jest CLI only;
not in app source | None |
| @babel/preset-env | dashboard | 7.28.5 | 7.29.5 | Jest/Babel test pipeline
| None |
| @babel/plugin-transform-modules-systemjs | dashboard | 7.28.5 | 7.29.4 |
Transitive via preset-env | None |
| shell-quote | docs | 1.7.3 | 1.8.4 | docz → react-dev-utils (dev tooling)
| None |
| html-minifier | docs | 3.5.21 / 4.0.0 | 4.0.0 + patch | docz docs build |
Low — build-time only |
| http-proxy-middleware | docs | 0.19.1 | 0.19.1 + patch | docz dev server |
None for dashboard |
| tmp | docs | 0.0.33 | 0.2.6 | patch-package postinstall | None |
## Why axios appears twice in package.json
- **Direct dependency** — our code imports axios directly.
- **Override** — ensures all nested/transitive axios copies resolve to the
same version (1.16.0).
## Verification
- [x] Dashboard production build passes
- [x] fetchApi unit tests pass (38 tests)
- [x] Docs `npm install` applies existing patches successfully
- [x] No application source code changes required
## Files changed
- dashboard/package.json
- dashboard/package-lock.json
- docs/package.json
- docs/package-lock.json
## How was this patch tested?
manual test, build pass
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
