Open
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [tar](https://github.com/isaacs/node-tar). Updates `tar` from 7.4.3 to 7.5.3 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.3) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
- Updates rails and related gems to address bug fixes and security vulnerabilities.
- updates puma from 7.1.0 to 7.2.0
…ue/570-2026-01-dependency-audit
- bumps the bootsnap gem version to the latest release. - ensures optimal precompilation and caching of ruby code.
- upgrades faraday-follow_redirects, faraday-retry, js-routes, net-http, puma-metrics, sentry-rails, and sorbet-runtime gems.
- updates development dependencies in Gemfile.lock - upgrades various gems to their latest versions - keeps runtime dependencies unchanged
- upgrades the 'm' gem to the latest version
- upgrades mocha to the latest version
- updates vcr gem to the latest version.
- bumps the addressable gem to version 2.8.8 - updates the public_suffix gem to version 7.0.2 - aligns dependencies with security audit recommendations
- updates faraday gem to the latest patch version.
- bumps eslint and related dependencies to latest versions
- Refactors dependency update process in Makefile. - Simplifies update process by introducing separate update commands.
- centralise common presence checks to cut duplication - reduce reliance on lodash-specific predicates
- Use native language features and shared helpers for checks - Replace collection helpers with filter/sort and indexing - Remove unnecessary utility imports across UI and data layers - Preserve existing behaviour and output messages - Shrink bundle footprint and simplify dependency audit
- Apply latest patch to resolve audit warnings - Improve security posture for a core utility dependency - Keep lockfile aligned with updated version range - Expect no functional behaviour changes
- Update HTML sanitisation library to latest patch - Pick up upstream security and bug fixes
- Update UI component library to latest patch release - Reduce audit noise and align with upstream bug fixes
- Address dependency audit findings and keep tooling current - Pull in bug fixes and compatibility improvements - Raise minimum version to ensure consistent builds - Low risk; remains within 0.13.x semver range
- Upgrade mapping plugin to pull upstream fixes and improvements - Reduce maintenance risk as part of dependency audit
- Pull in upstream bug fixes and minor improvements - Maintain API compatibility; no app code changes required
- Replace detailed section with concise accreditation paragraph - Maintain 'accredited-statistics' anchor on the new paragraph - Remove external 'read more' link and redundant heading - Align wording with OSR guidance and 2018 review details - Improve clarity and consistency across English and Welsh
…yarn-bb754c2437' into issue/570-2026-01-dependency-audit
- Replace lodash utility with a native method for keys - Reduce third-party dependency surface for maintainability
- Update @stylistic/eslint-plugin to 5.8.0 for rule fixes - Align transitive utils and types with plugin version - Improve linting consistency; no runtime impact
- Update Node.js type definitions to 22.19.x for TS accuracy - Refresh lockfile; align undici-types and ESLint/TS types
- Align transitive Sentry plugins to the same version - Pick up bug fixes and compatibility improvements - Affect build tooling only; no runtime behaviour change
- Address known vulnerabilities and bug fixes in upstream - Stay on latest 2.x; no breaking API expected
- Upgrade yarn bundler to pick up bug fixes and security updates - Expand platform coverage (e.g., OpenBSD, musl variants) - Affect build pipeline only; no application behaviour changes
- Update Sentry Vite integration to latest patch - Align bundler core and babel annotate to 4.9.1 - Impact build-time only; no runtime behaviour change
- Align type definitions with latest Node 22 patch - Improve TypeScript tooling; no runtime behaviour impact
- Update environment variable loader to latest patch - Expect no behaviour change; refresh lockfile
- Modernises sass embedding for compatibility and bug fixes. - Updates transitive dependencies; removes obsolete buffer builder. - Improves platform coverage with generic fallbacks. - Adds optional file watcher dependencies. - Refreshes lockfile as part of dependency audit.
- upgrades terser to the latest version for improved performance - ensures compatibility with the latest javascript features - resolves potential security vulnerabilities from older versions
- Bump postcss-preset-env from 10.1.5 to 10.6.1 - Refresh transitive @csstools plugins to latest versions - Add new CSS polyfills (e.g., alpha/contrast/system-ui support) - Update autoprefixer and browserslist baselines - Ensure access to recent bug fixes and CSS features - Regenerate lockfile; no runtime behaviour changes expected
- Upgrade TypeScript ESLint suite to 8.55 and refresh lock - Address peer dependency ranges; reduce audit warnings - Remove an unused transitive package; bump utility libs - Prepare for ESLint 9 compatibility; no runtime behaviour change
- Address dependency audit findings for dev tooling - Improve build plugin compatibility with Vite 5 - Pull in picomatch transitively; no runtime impact - Keep lockfile consistent with updated dependency
- Update localisation library to latest 8.x bugfix release - Keep parity with Vue 2.7; no breaking changes expected - Refresh lockfile; no application code modified
- Update routing library to latest 3.x for stability - Address dependency audit by pulling in patched fixes - Reduce potential security risk and maintenance overhead - Expect no app code changes (semver-compatible) Relates to #570
- Upgrade state management library to latest 3.x release - Address dependency audit by pulling in fixes and patches - Avoid breaking changes; no code changes expected - Refresh lockfile to sync resolved versions
- Upgrade UI library to pick up bug and security fixes - Stay within same major to avoid breaking changes - Refresh lockfile for deterministic installs
- Pick up bug fixes and minor improvements - Align lockfile; no code changes expected - Aid dependency audit and reduce maintenance risk
- Update design system dependency to latest major release - Gain security fixes and new features from upstream - Note potential breaking changes; run UI regression checks - Align with dependency audit and supportability goals - Include no application code changes
- Update dev lint environment globals to latest patch - Gain bug fixes and newer recognised global names - Keep eslint compatibility and quiet audit noise - Refresh lockfile for reproducible installs
- Address dependency audit and keep libs current - Pull in bug fixes and accessibility improvements - Requires no app code changes
- Remove unused glob to prune obsolete transitive deps - Reduce lockfile churn by dropping unreferenced packages - Minimise security surface and maintenance overhead
- Upgrade runtime polyfills to a maintained release - Pick up security patches and numerous bug fixes - Improves compatibility with modern browsers and tooling
bogdanadrianmarc
approved these changes
Feb 11, 2026
Contributor
bogdanadrianmarc
left a comment
bogdanadrianmarc
left a comment
There was a problem hiding this comment.
Not sure if a changelog entry already exists on this or not, otherwise changes look good to me!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit and update dependencies and reduce Lodash usage with focused utility helpers to improve maintainability, performance, and bundle size. Streamline developer workflows and tighten UI logic by preferring native APIs.
Specific to ticket #570
What's changed: