Skip to content

Bump the uuid test fixture version to 100.0.0#1279

Merged
rzhao271 merged 3 commits into
mainfrom
copilot/upgrade-test-uuid-package
Jun 1, 2026
Merged

Bump the uuid test fixture version to 100.0.0#1279
rzhao271 merged 3 commits into
mainfrom
copilot/upgrade-test-uuid-package

Conversation

Copilot AI commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

The test fixture under src/test/fixtures/uuid was using a real-looking uuid package/version, which can be misidentified by dependency scanners as an actual vulnerable dependency. This updates the fixture to a clearly non-real version and aligns the fixture assertions with that change.

  • Fixture manifest

    • Updated src/test/fixtures/uuid/package.json to use version: "100.0.0".
  • Fixture-based test expectations

    • Adjusted the ManifestProcessor tests in src/test/package.test.ts that intentionally read and assert the fixture version.
  • Result

    • Keeps the fixture semantics unchanged while reducing false-positive Dependabot alerts triggered by the test data.
{
  "name": "uuid",
  "publisher": "joaomoreno",
  "version": "100.0.0",
  "engines": { "vscode": "*" }
}
Original prompt

There seems to be test uuid package under src/test/fixtures. Upgrade its version to 100.0.0 to avoid being identified as false positive dependabot alert.

Created from VS Code.

Copilot AI changed the title [WIP] Update test uuid package version to 100.0.0 Bump the uuid test fixture version to 100.0.0 Jun 1, 2026
Copilot AI requested a review from rzhao271 June 1, 2026 18:45
@rzhao271 rzhao271 added this to the 1.124.0 milestone Jun 1, 2026
@rzhao271
rzhao271 marked this pull request as ready for review June 1, 2026 18:49
@rzhao271
rzhao271 enabled auto-merge (squash) June 1, 2026 18:49
@rzhao271
rzhao271 merged commit df1a68e into main Jun 1, 2026
5 checks passed
@rzhao271
rzhao271 deleted the copilot/upgrade-test-uuid-package branch June 1, 2026 18:50
adrianstephens pushed a commit to adrianstephens/vscode-vsce that referenced this pull request Jun 3, 2026
* Initial plan

* test: bump uuid fixture version

* chore: remove temporary validation logs

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Mopsgamer added a commit to Mopsgamer/vscode-vsce that referenced this pull request Jul 14, 2026
commit 616527c
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jun 17 15:33:56 2026 -0700

    chore(deps): bump form-data from 4.0.4 to 4.0.6 (microsoft#1288)

    Bumps [form-data](https://github.com/form-data/form-data) from 4.0.4 to 4.0.6.
    - [Release notes](https://github.com/form-data/form-data/releases)
    - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
    - [Commits](form-data/form-data@v4.0.4...v4.0.6)

    ---
    updated-dependencies:
    - dependency-name: form-data
      dependency-version: 4.0.6
      dependency-type: direct:production
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit b4de287
Merge: 17bf3e3 55504fe
Author: Benjamin Christopher Simmonds <44439583+benibenj@users.noreply.github.com>
Date:   Wed Jun 17 23:28:47 2026 +0200

    Merge pull request microsoft#1287 from microsoft/dependabot/npm_and_yarn/markdown-it-14.2.0

    chore(deps): bump markdown-it from 14.1.1 to 14.2.0

commit 55504fe
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jun 17 21:25:48 2026 +0000

    chore(deps): bump markdown-it from 14.1.1 to 14.2.0

    Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 14.1.1 to 14.2.0.
    - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
    - [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

    ---
    updated-dependencies:
    - dependency-name: markdown-it
      dependency-version: 14.2.0
      dependency-type: direct:production
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 17bf3e3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Jun 15 16:46:02 2026 +0000

    chore(deps): bump tmp from 0.2.6 to 0.2.7 (microsoft#1284)

    Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.6 to 0.2.7.
    - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
    - [Commits](raszi/node-tmp@v0.2.6...v0.2.7)

    ---
    updated-dependencies:
    - dependency-name: tmp
      dependency-version: 0.2.7
      dependency-type: direct:production
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit f7501f2
Author: Raymond Zhao <7199958+rzhao271@users.noreply.github.com>
Date:   Wed Jun 3 11:41:14 2026 -0700

    fix: skip APIScan (microsoft#1283)

commit 7cd3244
Author: Raymond Zhao <7199958+rzhao271@users.noreply.github.com>
Date:   Wed Jun 3 10:41:25 2026 -0700

    chore: bump CI to Node 22 and fix build (microsoft#1282)

commit df1a68e
Author: Copilot <198982749+Copilot@users.noreply.github.com>
Date:   Mon Jun 1 20:50:50 2026 +0200

    Bump the `uuid` test fixture version to `100.0.0` (microsoft#1279)

    * Initial plan

    * test: bump uuid fixture version

    * chore: remove temporary validation logs

    ---------

    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

commit 3a5786e
Merge: 54dce87 4954e08
Author: Benjamin Christopher Simmonds <44439583+benibenj@users.noreply.github.com>
Date:   Thu May 28 14:57:39 2026 +0200

    Merge pull request microsoft#1278 from microsoft/dependabot/npm_and_yarn/tmp-0.2.6

    Bump tmp from 0.2.4 to 0.2.6

commit 4954e08
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 28 03:03:20 2026 +0000

    Bump tmp from 0.2.4 to 0.2.6

    Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.4 to 0.2.6.
    - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
    - [Commits](raszi/node-tmp@v0.2.4...v0.2.6)

    ---
    updated-dependencies:
    - dependency-name: tmp
      dependency-version: 0.2.6
      dependency-type: direct:production
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 54dce87
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 22 19:09:50 2026 +0000

    Bump qs from 6.14.2 to 6.15.2 (microsoft#1277)

    Bumps [qs](https://github.com/ljharb/qs) from 6.14.2 to 6.15.2.
    - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
    - [Commits](ljharb/qs@v6.14.2...v6.15.2)

    ---
    updated-dependencies:
    - dependency-name: qs
      dependency-version: 6.15.2
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 86fc2d6
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu May 21 14:33:54 2026 -0700

    Bump uuid and @azure/msal-node (microsoft#1276)

    Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependency [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js). These dependencies need to be updated together.

    Removes `uuid`

    Updates `@azure/msal-node` from 5.1.2 to 5.2.2
    - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases)
    - [Commits](AzureAD/microsoft-authentication-library-for-js@msal-node-v5.1.2...msal-node-v5.2.2)

    ---
    updated-dependencies:
    - dependency-name: uuid
      dependency-version:
      dependency-type: indirect
    - dependency-name: "@azure/msal-node"
      dependency-version: 5.2.2
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 4699582
Author: Copilot <198982749+Copilot@users.noreply.github.com>
Date:   Wed May 13 17:11:35 2026 -0700

    Run npm audit fix and update lockfile (microsoft#1274)

    Agent-Logs-Url: https://github.com/microsoft/vscode-vsce/sessions/f2316742-5e81-44c7-ad59-2785c896ae92

    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>

commit e003a0a
Merge: 7a3c1c7 74ab7a9
Author: Benjamin Christopher Simmonds <44439583+benibenj@users.noreply.github.com>
Date:   Mon May 11 10:18:39 2026 +0200

    Merge pull request microsoft#1272 from microsoft/dependabot/npm_and_yarn/fast-uri-3.1.2

    Bump fast-uri from 3.0.6 to 3.1.2

commit 74ab7a9
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 8 22:03:21 2026 +0000

    Bump fast-uri from 3.0.6 to 3.1.2

    Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.6 to 3.1.2.
    - [Release notes](https://github.com/fastify/fast-uri/releases)
    - [Commits](fastify/fast-uri@v3.0.6...v3.1.2)

    ---
    updated-dependencies:
    - dependency-name: fast-uri
      dependency-version: 3.1.2
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants