Conversation
There was a problem hiding this comment.
Pull request overview
Updates the project’s JavaScript tooling to address npm audit findings by upgrading Angular/dev tooling dependencies, adjusting Karma coverage configuration, and pinning vulnerable transitive packages via npm overrides.
Changes:
- Replace
karma-coverage-istanbul-reporterwithkarma-coverageand update Karma coverage configuration accordingly. - Upgrade Angular toolchain/test/lint dependencies (Angular 21.2.x, ESLint 10, Karma plugins, Puppeteer, Zone.js).
- Add
overridesto pin vulnerable transitive dependencies; update build/package scripts to copy README via Node instead ofcp.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| test/karma.conf.js | Switch coverage plugin/config from Istanbul reporter to karma-coverage. |
| package.json | Dependency upgrades + overrides for vulnerability remediation; script adjustments for README copy. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "fix:prettier": "prettier --write \"**/*.{ts,js,css,scss,md,html}\"", | ||
| "npm-pack": "cd dist/knowledgeowl-angular && npm pack", | ||
| "package": "npm run build && cp README.md dist/knowledgeowl-angular", | ||
| "package": "npm run build && node -e \"require('fs').copyFileSync('README.md','dist/knowledgeowl-angular/README.md')\"", |
There was a problem hiding this comment.
The build script already copies README into dist/knowledgeowl-angular, but the package script repeats the same copy step. Consider removing the duplicate copy from package to avoid unnecessary work and keep scripts easier to maintain.
| "package": "npm run build && node -e \"require('fs').copyFileSync('README.md','dist/knowledgeowl-angular/README.md')\"", | |
| "package": "npm run build", |
| "typescript-eslint": "^8.57.0", | ||
| "zone.js": "0.15.0" | ||
| "typescript-eslint": "^8.57.2", | ||
| "zone.js": "0.16.1" |
There was a problem hiding this comment.
After bumping zone.js to 0.16.1, the Karma config’s hardcoded reference to ../node_modules/zone.js/dist/zone.min.js will break because zone.js 0.16.x no longer ships a dist/ directory. Update the Karma files entry to the new bundle path (or remove it if it’s redundant with the import 'zone.js' in test.ts) so ng test doesn’t fail before executing specs.
| "zone.js": "0.16.1" | |
| "zone.js": "0.15.0" |
| "jasmine-core": "6.1.0", | ||
| "karma": "^6.4.4", | ||
| "karma-chrome-launcher": "3.1.0", | ||
| "karma-coverage-istanbul-reporter": "3.0.3", | ||
| "karma-jasmine": "4.0.1", | ||
| "karma-jasmine-html-reporter": "1.7.0", | ||
| "karma-chrome-launcher": "3.2.0", | ||
| "karma-coverage": "2.2.1", | ||
| "karma-jasmine": "5.1.0", |
There was a problem hiding this comment.
karma-jasmine@5.1.0 depends on jasmine-core@^4.1.0, so pinning jasmine-core to 6.1.0 results in two jasmine-core versions (Karma will still run against jasmine-core 4.x) and can cause a runtime/types mismatch with @types/jasmine@6. Align these versions (either keep jasmine-core/@types in the 4.x line, or add an override/resolution to force a single jasmine-core version and verify the suite passes).
No description provided.