Conversation
Bumps [openai](https://github.com/openai/openai-node) from 6.17.0 to 6.19.0. - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.17.0...v6.19.0) --- updated-dependencies: - dependency-name: openai dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@csstools/css-syntax-patches-for-csstree](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-syntax-patches-for-csstree) from 1.0.26 to 1.0.27. - [Changelog](https://github.com/csstools/postcss-plugins/blob/main/packages/css-syntax-patches-for-csstree/CHANGELOG.md) - [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-syntax-patches-for-csstree) --- updated-dependencies: - dependency-name: "@csstools/css-syntax-patches-for-csstree" dependency-version: 1.0.27 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/css-syntax-patches-for-csstree-1.0.27' into securite
Bumps [@csstools/css-calc](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-calc) from 3.0.0 to 3.0.1. - [Changelog](https://github.com/csstools/postcss-plugins/blob/main/packages/css-calc/CHANGELOG.md) - [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-calc) --- updated-dependencies: - dependency-name: "@csstools/css-calc" dependency-version: 3.0.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/css-calc-3.0.1' into securite
Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 11.2.5 to 11.2.6. - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v11.2.5...v11.2.6) --- updated-dependencies: - dependency-name: lru-cache dependency-version: 11.2.6 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…e-11.2.6' into securite
Bumps [@exodus/bytes](https://github.com/ExodusOSS/bytes) from 1.12.0 to 1.14.0. - [Release notes](https://github.com/ExodusOSS/bytes/releases) - [Commits](ExodusOSS/bytes@v1.12.0...v1.14.0) --- updated-dependencies: - dependency-name: "@exodus/bytes" dependency-version: 1.14.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ytes-1.14.0' into securite
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…yarn-14dc0ebc5a' into securite
github-actions
bot
added
documentation
There was a problem hiding this comment.
Pull request overview
This PR appears to be a small dependency/security maintenance update, primarily bumping the openai npm dependency and refreshing the lockfile accordingly, with accompanying changelog entries.
Changes:
- Bump
openaifrom^6.17.0to^6.19.0inpackage.json. - Update
package-lock.jsonto reflect theopenaiupgrade and related transitive dependency updates. - Add multiple “Automated Security Batch Update” entries to
CHANGELOG.md.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| package.json | Updates openai dependency version. |
| package-lock.json | Lockfile refresh to align with updated dependencies. |
| CHANGELOG.md | Adds automated security update entries (currently duplicated/misplaced across releases). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - **2026-02-14 11:26 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:15 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
These timestamped "Automated Security Batch Update" entries appear under the 1.1.0 release (dated 2026-01-31) even though the entries are dated after the release, and there are duplicate timestamps (e.g., multiple 2026-02-11/2026-02-10 entries). Changelog entries should be deduplicated and recorded under the correct release (or an Unreleased section), ideally under a "Security" subsection rather than "Added".
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - **2026-02-14 11:26 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:15 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
These security batch update lines are duplicated across multiple release sections (including 1.2.0) with dates later than the section’s release date, which makes the changelog misleading. Please dedupe and move them to the appropriate version entry (or Unreleased), and consider using a dedicated "Security" section for dependency/security updates.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - **2026-02-14 11:26 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:15 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-12 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
This release section (1.0.0) is getting populated with dependency/security update entries dated in 2026, which doesn’t match the historical release timeline and is duplicated elsewhere. Please keep older releases immutable and move these entries to the current release/version where the dependency bump actually occurred (or to Unreleased).
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
|
@copilot open a new pull request to apply changes based on the comments in this thread |
1 similar comment
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Continue Tasks:▶️ 1 queued — View all