From 9f1572da94cda7fe506802f87fe2c42572a5ed5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 04:07:25 +0000 Subject: [PATCH 1/6] Bump minimatch and azure-pipelines-task-lib Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.5 and updates ancestor dependency [azure-pipelines-task-lib](https://github.com/Microsoft/azure-pipelines-task-lib). These dependencies need to be updated together. Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5) Updates `azure-pipelines-task-lib` from 5.2.2 to 5.2.7 - [Commits](https://github.com/Microsoft/azure-pipelines-task-lib/commits) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect - dependency-name: azure-pipelines-task-lib dependency-version: 5.2.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../package-lock.json | 513 +++++++++++++----- .../PublishAIEvaluationReport/package.json | 2 +- 2 files changed, 371 insertions(+), 144 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package-lock.json b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package-lock.json index c9d11eddd89..b7309e6cc4c 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package-lock.json +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package-lock.json @@ -5,7 +5,42 @@ "packages": { "": { "dependencies": { - "azure-pipelines-task-lib": "^5.0.0" + "azure-pipelines-task-lib": "^5.2.7" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha1-dhnC6yGyVIP20WdUi0z9WnSIw9U=", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha1-W9Jir5Tp0lvR5xsF3u1Eh2oiLos=", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha1-6Vc36LtnRt3t9pxVaVNJTxlv5po=", + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" } }, "node_modules/adm-zip": { @@ -30,17 +65,17 @@ } }, "node_modules/azure-pipelines-task-lib": { - "version": "5.2.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/azure-pipelines-task-lib/-/azure-pipelines-task-lib-5.2.2.tgz", - "integrity": "sha1-YSyHtfztrtNI6Gbgoq6Y997dpyk=", + "version": "5.2.7", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/azure-pipelines-task-lib/-/azure-pipelines-task-lib-5.2.7.tgz", + "integrity": "sha1-pY9MlvwgHQQKkQ7iINpX6lthWlg=", "license": "MIT", "dependencies": { "adm-zip": "^0.5.10", - "minimatch": "3.0.5", + "minimatch": "^3.1.5", "nodejs-file-downloader": "^4.11.1", "q": "^1.5.1", "semver": "^5.7.2", - "shelljs": "^0.8.5", + "shelljs": "^0.10.0", "uuid": "^3.0.1" } }, @@ -60,12 +95,38 @@ "concat-map": "0.0.1" } }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/braces/-/braces-3.0.3.tgz", + "integrity": "sha1-SQMy9AkZRSJy1VqEgK3AxEE1h4k=", + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", "license": "MIT" }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha1-ilj+ePANzXDDcEUXWd+/rwPo7p8=", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/debug": { "version": "4.4.3", "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/debug/-/debug-4.4.3.tgz", @@ -83,6 +144,66 @@ } } }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/execa/-/execa-5.1.1.tgz", + "integrity": "sha1-+ArZy/Qpj3vR1MlVXCHpN0HEEd0=", + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/fast-glob": { + "version": "3.3.3", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha1-0G1YXOjbqQoWsFBcVDw8z7OuuBg=", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.8" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fastq": { + "version": "1.20.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/fastq/-/fastq-1.20.1.tgz", + "integrity": "sha1-ynUKENySW8ixiDn9ID4+9LPO1nU=", + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha1-RCZdPKwH4+p9wkdRY4BkN1SgUpI=", + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/follow-redirects": { "version": "1.15.11", "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/follow-redirects/-/follow-redirects-1.15.11.tgz", @@ -103,63 +224,28 @@ } } }, - "node_modules/fs.realpath": { - "version": "1.0.0", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", - "license": "ISC" - }, - "node_modules/function-bind": { - "version": "1.1.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/function-bind/-/function-bind-1.1.2.tgz", - "integrity": "sha1-LALYZNl/PqbIgwxGTL0Rq26rehw=", + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha1-omLY7vZ6ztV8KFKtYWdSakPL97c=", "license": "MIT", - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/glob": { - "version": "7.2.3", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/glob/-/glob-7.2.3.tgz", - "integrity": "sha1-uN8PuAK7+o6JvR2Ti04WV47UTys=", - "license": "ISC", - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, "engines": { - "node": "*" + "node": ">=10" }, "funding": { - "url": "https://github.com/sponsors/isaacs" + "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/glob/node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha1-Gc0ZS/0+Qo8EmnCBfAONiatL41s=", + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha1-hpgyxYA0/mikCTwX3BXoNA2EAcQ=", "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, - "node_modules/hasown": { - "version": "2.0.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/hasown/-/hasown-2.0.2.tgz", - "integrity": "sha1-AD6vkb563DcuhOxZ3DclLO24AAM=", - "license": "MIT", - "dependencies": { - "function-bind": "^1.1.2" + "is-glob": "^4.0.1" }, "engines": { - "node": ">= 0.4" + "node": ">= 6" } }, "node_modules/https-proxy-agent": { @@ -175,44 +261,89 @@ "node": ">= 6" } }, - "node_modules/inflight": { - "version": "1.0.6", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", - "license": "ISC", + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha1-3JH8ukLk0G5Kuu0zs+ejwC9RTqA=", + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha1-ZPYeQsu7LuwgcanawLKLoeZdUIQ=", + "license": "MIT", "dependencies": { - "once": "^1.3.0", - "wrappy": "1" + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha1-dTU0W4lnNNX4DE0GxQlVUnoU8Ss=", + "license": "MIT", + "engines": { + "node": ">=0.12.0" } }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha1-D6LGT5MpF8NDOg3tVTY6rjdBa3w=", + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha1-+sHj1TuXrVqdCunO8jifWBClwHc=", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", "license": "ISC" }, - "node_modules/interpret": { - "version": "1.4.0", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/interpret/-/interpret-1.4.0.tgz", - "integrity": "sha1-Zlq4vE2iendKQFhOgS4+D6RbGh4=", + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha1-UoI2KaFN0AyXcPtq1H3GMQ8sH2A=", + "license": "MIT" + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha1-Q2iJL4hekHRVpv19xVwMnUBJkK4=", "license": "MIT", "engines": { - "node": ">= 0.10" + "node": ">= 8" } }, - "node_modules/is-core-module": { - "version": "2.16.1", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/is-core-module/-/is-core-module-2.16.1.tgz", - "integrity": "sha1-KpiAGoSfQ+Kt1kT7trxiKbGaTvQ=", + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha1-1m+hjzpHB2eJMgubGvMr2G2fogI=", "license": "MIT", "dependencies": { - "hasown": "^2.0.2" + "braces": "^3.0.3", + "picomatch": "^2.3.1" }, "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" + "node": ">=8.6" } }, "node_modules/mime-db": { @@ -236,10 +367,19 @@ "node": ">= 0.6" } }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha1-ftLCzMyvhNP/y3pptXcR/CCDQBs=", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/minimatch": { - "version": "3.0.5", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-3.0.5.tgz", - "integrity": "sha1-TajxKQ7g8PjoPWDKafjxNAaGBKM=", + "version": "3.1.5", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha1-WAyI+NVEXyvWqo88re+g3nn71p4=", "license": "ISC", "dependencies": { "brace-expansion": "^1.1.7" @@ -266,29 +406,53 @@ "sanitize-filename": "^1.6.3" } }, - "node_modules/once": { - "version": "1.4.0", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/once/-/once-1.4.0.tgz", - "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "license": "ISC", + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha1-t+zR5e1T2o43pV4cImnguX7XSOo=", + "license": "MIT", "dependencies": { - "wrappy": "1" + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" } }, - "node_modules/path-is-absolute": { - "version": "1.0.1", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha1-0Oluu1awdHbfHdnEgG5SN5hcpF4=", "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, "engines": { - "node": ">=0.10.0" + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/path-parse": { - "version": "1.0.7", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/path-parse/-/path-parse-1.0.7.tgz", - "integrity": "sha1-+8EUtgykKzDZ2vWFjkvWi77bZzU=", - "license": "MIT" + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha1-WB9q3mWMu6ZaDTOA3ndTKVBU83U=", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha1-O6ODNzNkbZ0+SZWUbBNlpn+wekI=", + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } }, "node_modules/q": { "version": "1.5.1", @@ -300,35 +464,57 @@ "teleport": ">=0.2.0" } }, - "node_modules/rechoir": { - "version": "0.6.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/rechoir/-/rechoir-0.6.2.tgz", - "integrity": "sha1-hSBLVNuoLVdC4oyWdW70OvUOM4Q=", - "dependencies": { - "resolve": "^1.1.6" - }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha1-SSkii7xyTfrEPg77BYyve2z7YkM=", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/reusify": { + "version": "1.1.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha1-D+E7lSLhRz9RtVjueW4I8R+bSJ8=", + "license": "MIT", "engines": { - "node": ">= 0.10" + "iojs": ">=1.0.0", + "node": ">=0.10.0" } }, - "node_modules/resolve": { - "version": "1.22.11", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/resolve/-/resolve-1.22.11.tgz", - "integrity": "sha1-qthXzh/7i/qbCxrCnxFWOD9owmI=", + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha1-ZtE2jae9+SHrnZW9GpIp5/IaQ+4=", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], "license": "MIT", "dependencies": { - "is-core-module": "^2.16.1", - "path-parse": "^1.0.7", - "supports-preserve-symlinks-flag": "^1.0.0" - }, - "bin": { - "resolve": "bin/resolve" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" + "queue-microtask": "^1.2.2" } }, "node_modules/sanitize-filename": { @@ -349,33 +535,65 @@ "semver": "bin/semver" } }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha1-zNCvT4g1+9wmW4JGGq8MNmY/NOo=", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha1-rhbxZE2HPsrYQ7AwexQzYtTEIXI=", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/shelljs": { - "version": "0.8.5", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/shelljs/-/shelljs-0.8.5.tgz", - "integrity": "sha1-3gVUCNg2G+1mxmnS8ABTjO2O4gw=", + "version": "0.10.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/shelljs/-/shelljs-0.10.0.tgz", + "integrity": "sha1-47uumbDz8MxdzgW0ajRvriCQ6IM=", "license": "BSD-3-Clause", "dependencies": { - "glob": "^7.0.0", - "interpret": "^1.0.0", - "rechoir": "^0.6.2" - }, - "bin": { - "shjs": "bin/shjs" + "execa": "^5.1.1", + "fast-glob": "^3.3.2" }, "engines": { - "node": ">=4" + "node": ">=18" } }, - "node_modules/supports-preserve-symlinks-flag": { - "version": "1.0.0", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", - "integrity": "sha1-btpL00SjyUrqN21MwxvHcxEDngk=", + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha1-qaF2f4r4QVURTqq9c/mSc8j1mtk=", + "license": "ISC" + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha1-ibhS+y/L6Tb29LMYevsKEsGrWK0=", "license": "MIT", "engines": { - "node": ">= 0.4" + "node": ">=6" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha1-FkjESq58jZiKMmAY7XL1tN0DkuQ=", + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" }, - "funding": { - "url": "https://github.com/sponsors/ljharb" + "engines": { + "node": ">=8.0" } }, "node_modules/truncate-utf8-bytes": { @@ -402,11 +620,20 @@ "uuid": "bin/uuid" } }, - "node_modules/wrappy": { - "version": "1.0.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "license": "ISC" + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/which/-/which-2.0.2.tgz", + "integrity": "sha1-fGqN0KY2oDJ+ELWckobu6T8/UbE=", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } } } } diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package.json b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package.json index b95320698be..0b59ee00da9 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package.json +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport/package.json @@ -1,6 +1,6 @@ { "type": "module", "dependencies": { - "azure-pipelines-task-lib": "^5.0.0" + "azure-pipelines-task-lib": "^5.2.7" } } From 45a566389bae0cc99d8be1c284177a5516002ea9 Mon Sep 17 00:00:00 2001 From: Ilona Tomkowicz Date: Mon, 9 Mar 2026 13:43:05 +0100 Subject: [PATCH 2/6] Fix npm E401: clear auth token via CLI flags (highest precedence) The previous fix using NPM_CONFIG_USERCONFIG/GLOBALCONFIG env vars only overrides user-level and global-level .npmrc files, but npm has additional config sources (parent directory .npmrc walk-up, builtin npm config, and agent-level env vars) that can still provide stale auth tokens. Use CLI flags to explicitly set the auth token to empty for the public dotnet-public-npm feed. CLI flags have the highest precedence in npm's config hierarchy, overriding all other sources. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../TypeScript/azure-devops-report/build.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 index 80c6ee709ea..91e4efb3578 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 @@ -21,16 +21,16 @@ if ($null -eq $PackageVersion) Write-Host "Using version $PackageVersion" -# Some CI agents have stale npm auth tokens in user or global .npmrc files -# (e.g. C:\Users\cloudtest\.npmrc) that cause E401 errors against the public -# dotnet-public-npm feed. Override both config paths so npm ignores stale -# agent-level credentials and accesses the public feed anonymously. -$env:NPM_CONFIG_USERCONFIG = "$env:TEMP\no-user-npmrc" -$env:NPM_CONFIG_GLOBALCONFIG = "$env:TEMP\no-global-npmrc" +# Some CI agents have stale npm auth tokens in multiple config sources (user-level +# .npmrc, global .npmrc, parent directory .npmrc files, or builtin npm config). +# The dotnet-public-npm feed is public and needs no auth. Force anonymous access +# by clearing the auth token via CLI flags (highest precedence in npm config). +$npmPublicRegistry = "//pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/" +$npmNoAuth = "--${npmPublicRegistry}:_authToken=" # Write-Information "Building Report Publishing task" Set-Location $PSScriptRoot/tasks/PublishAIEvaluationReport -npm ci --omit=dev +npm ci --omit=dev $npmNoAuth # Copy task files to dist folder New-Item -ItemType Directory -Path ./dist -Force copy-item -Path ./task.json -Destination ./dist/ -Force @@ -46,7 +46,7 @@ remove-item -Path ./dist/node_modules/resolve/test -Recurse -Force -ErrorAction # Write-Information "Building Extension Package" Set-Location $PSScriptRoot -npm ci +npm ci $npmNoAuth npx tsc -b npx vite build From 42c03a2ed9eac320a1814e6662fb3c364b28cd6d Mon Sep 17 00:00:00 2001 From: Ilona Tomkowicz Date: Mon, 9 Mar 2026 16:00:34 +0100 Subject: [PATCH 3/6] Fix npm E401: inject empty auth tokens into project .npmrc The previous CLI flag approach was silently ignored because npm's argument parser (nopt) does not support scoped registry auth as CLI arguments. New approach: append empty _authToken entries (both specific and broad scope) directly into each project .npmrc before running npm ci. Project- level config has higher precedence than user/global/builtin configs, so this overrides stale tokens regardless of where they live on the agent. Also adds npm config list output for diagnostics. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../TypeScript/azure-devops-report/build.ps1 | 36 ++++++++++++++----- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 index 91e4efb3578..b36f3b05ab9 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 @@ -21,16 +21,35 @@ if ($null -eq $PackageVersion) Write-Host "Using version $PackageVersion" -# Some CI agents have stale npm auth tokens in multiple config sources (user-level -# .npmrc, global .npmrc, parent directory .npmrc files, or builtin npm config). -# The dotnet-public-npm feed is public and needs no auth. Force anonymous access -# by clearing the auth token via CLI flags (highest precedence in npm config). -$npmPublicRegistry = "//pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/" -$npmNoAuth = "--${npmPublicRegistry}:_authToken=" +# Some CI agents have stale npm auth tokens in various config sources that cause +# E401 errors against the public dotnet-public-npm feed. Diagnose where tokens +# come from, then neutralize them by injecting an empty _authToken into each +# project .npmrc (project-level config overrides user/global/builtin). +$registryScope = "//pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/" +$broadScope = "//pkgs.dev.azure.com/" + +function Clear-NpmAuth { + param([string]$NpmrcPath) + # Append empty auth token lines to the project .npmrc so they override + # any stale tokens found in user, global, or builtin npm config. + $lines = @( + "${registryScope}:_authToken=" + "${broadScope}:_authToken=" + "${broadScope}:username=" + "${broadScope}:_password=" + "always-auth=false" + ) + Add-Content -Path $NpmrcPath -Value ($lines -join "`n") + Write-Host "Patched $NpmrcPath to clear stale auth tokens" + Write-Host "--- npm config list ---" + npm config list + Write-Host "--- end npm config list ---" +} # Write-Information "Building Report Publishing task" Set-Location $PSScriptRoot/tasks/PublishAIEvaluationReport -npm ci --omit=dev $npmNoAuth +Clear-NpmAuth -NpmrcPath ./.npmrc +npm ci --omit=dev # Copy task files to dist folder New-Item -ItemType Directory -Path ./dist -Force copy-item -Path ./task.json -Destination ./dist/ -Force @@ -46,7 +65,8 @@ remove-item -Path ./dist/node_modules/resolve/test -Recurse -Force -ErrorAction # Write-Information "Building Extension Package" Set-Location $PSScriptRoot -npm ci $npmNoAuth +Clear-NpmAuth -NpmrcPath ./.npmrc +npm ci npx tsc -b npx vite build From c2cad44f41e55c138c74f37db8a6b7438ef8f40e Mon Sep 17 00:00:00 2001 From: Ilona Tomkowicz Date: Mon, 9 Mar 2026 17:14:11 +0100 Subject: [PATCH 4/6] Revert build.ps1 to main's env var approach (fix E401) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous commits on this branch wrote empty _authToken= entries into the project .npmrc. npm treats an empty token as invalid credentials (not 'no credentials'), so it sends the empty token and gets E401. Revert to main's approach: set NPM_CONFIG_USERCONFIG and NPM_CONFIG_GLOBALCONFIG env vars pointing to non-existent files. This makes npm skip user/global config (where stale tokens live) and access the public feed anonymously — which is what actually works. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../TypeScript/azure-devops-report/build.ps1 | 34 ++++--------------- 1 file changed, 7 insertions(+), 27 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 index b36f3b05ab9..0bf817b7d0a 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 @@ -21,34 +21,15 @@ if ($null -eq $PackageVersion) Write-Host "Using version $PackageVersion" -# Some CI agents have stale npm auth tokens in various config sources that cause -# E401 errors against the public dotnet-public-npm feed. Diagnose where tokens -# come from, then neutralize them by injecting an empty _authToken into each -# project .npmrc (project-level config overrides user/global/builtin). -$registryScope = "//pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/" -$broadScope = "//pkgs.dev.azure.com/" - -function Clear-NpmAuth { - param([string]$NpmrcPath) - # Append empty auth token lines to the project .npmrc so they override - # any stale tokens found in user, global, or builtin npm config. - $lines = @( - "${registryScope}:_authToken=" - "${broadScope}:_authToken=" - "${broadScope}:username=" - "${broadScope}:_password=" - "always-auth=false" - ) - Add-Content -Path $NpmrcPath -Value ($lines -join "`n") - Write-Host "Patched $NpmrcPath to clear stale auth tokens" - Write-Host "--- npm config list ---" - npm config list - Write-Host "--- end npm config list ---" -} +# Some CI agents have stale npm auth tokens in user or global .npmrc files +# (e.g. C:\Users\cloudtest\.npmrc) that cause E401 errors against the public +# dotnet-public-npm feed. Override both config paths so npm ignores stale +# agent-level credentials and accesses the public feed anonymously. +$env:NPM_CONFIG_USERCONFIG = "$env:TEMP\no-user-npmrc" +$env:NPM_CONFIG_GLOBALCONFIG = "$env:TEMP\no-global-npmrc" # Write-Information "Building Report Publishing task" Set-Location $PSScriptRoot/tasks/PublishAIEvaluationReport -Clear-NpmAuth -NpmrcPath ./.npmrc npm ci --omit=dev # Copy task files to dist folder New-Item -ItemType Directory -Path ./dist -Force @@ -65,7 +46,6 @@ remove-item -Path ./dist/node_modules/resolve/test -Recurse -Force -ErrorAction # Write-Information "Building Extension Package" Set-Location $PSScriptRoot -Clear-NpmAuth -NpmrcPath ./.npmrc npm ci npx tsc -b npx vite build @@ -82,4 +62,4 @@ if ($true -eq $IncludeTestPackage) { # Build Preview version of the extension for testing npx tfx-cli extension create --overrides-file $PSScriptRoot/override.json --output-path $OutputPath -} \ No newline at end of file +} From f3534abe5f2f85098206091a32d99dd2b6e41710 Mon Sep 17 00:00:00 2001 From: Ilona Tomkowicz Date: Thu, 12 Mar 2026 09:19:40 +0100 Subject: [PATCH 5/6] Revert npm auth workarounds from PRs #7364, #7366, #7376 The workarounds bypassed the custom .npmrc that sets the AzDO dotnet-public-npm feed, which is required for SFI compliance. The actual fix is to run scripts/UpdateNpmDependencies.ps1 to ingest new upstream npm package versions into the feed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../TypeScript/azure-devops-report/build.ps1 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 index 0bf817b7d0a..a2480dcdfe1 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 @@ -21,13 +21,6 @@ if ($null -eq $PackageVersion) Write-Host "Using version $PackageVersion" -# Some CI agents have stale npm auth tokens in user or global .npmrc files -# (e.g. C:\Users\cloudtest\.npmrc) that cause E401 errors against the public -# dotnet-public-npm feed. Override both config paths so npm ignores stale -# agent-level credentials and accesses the public feed anonymously. -$env:NPM_CONFIG_USERCONFIG = "$env:TEMP\no-user-npmrc" -$env:NPM_CONFIG_GLOBALCONFIG = "$env:TEMP\no-global-npmrc" - # Write-Information "Building Report Publishing task" Set-Location $PSScriptRoot/tasks/PublishAIEvaluationReport npm ci --omit=dev From 8eab69705d82d63250ade4d5f258a488143c7c24 Mon Sep 17 00:00:00 2001 From: Ilona Tomkowicz Date: Thu, 12 Mar 2026 09:32:32 +0100 Subject: [PATCH 6/6] Try committing audit fix changes. --- .../TypeScript/package-lock.json | 88 ++++++++++--------- 1 file changed, 46 insertions(+), 42 deletions(-) diff --git a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/package-lock.json b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/package-lock.json index c92a784cf98..dcde883686f 100644 --- a/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/package-lock.json +++ b/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/package-lock.json @@ -2660,29 +2660,6 @@ "url": "https://github.com/sponsors/nzakas" } }, - "node_modules/@isaacs/balanced-match": { - "version": "4.0.1", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz", - "integrity": "sha1-MIHa28NGBmG3UedZHX+upd853Sk=", - "dev": true, - "license": "MIT", - "engines": { - "node": "20 || >=22" - } - }, - "node_modules/@isaacs/brace-expansion": { - "version": "5.0.0", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz", - "integrity": "sha1-Sz2rq32OdaQpQUqWvWe/TB0T4PM=", - "dev": true, - "license": "MIT", - "dependencies": { - "@isaacs/balanced-match": "^4.0.1" - }, - "engines": { - "node": "20 || >=22" - } - }, "node_modules/@isaacs/cliui": { "version": "8.0.2", "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@isaacs/cliui/-/cliui-8.0.2.tgz", @@ -3422,12 +3399,13 @@ } }, "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { - "version": "9.0.5", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-9.0.5.tgz", - "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", + "version": "9.0.9", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-9.0.9.tgz", + "integrity": "sha1-mwy5/LeAh/b9fqur4lEcTT1gV04=", "dev": true, + "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^2.0.2" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -3535,10 +3513,11 @@ } }, "node_modules/ajv": { - "version": "6.12.6", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/ajv/-/ajv-6.12.6.tgz", - "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "version": "6.14.0", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/ajv/-/ajv-6.14.0.tgz", + "integrity": "sha1-/QZ3E+IoIQY267CMYL03Zdbb5zo=", "dev": true, + "license": "MIT", "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -5208,17 +5187,40 @@ "node": ">=10.13.0" } }, + "node_modules/glob/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha1-v7EGYv7tgZaixi58aOF3IMJ0F5o=", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/glob/node_modules/brace-expansion": { + "version": "5.0.4", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/brace-expansion/-/brace-expansion-5.0.4.tgz", + "integrity": "sha1-YU2q7NCmiPZgu7yQmodIw9gNQzY=", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/glob/node_modules/minimatch": { - "version": "10.1.1", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-10.1.1.tgz", - "integrity": "sha1-5uYbmwwdyrEWtafRRY6LaunnOlU=", + "version": "10.2.4", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-10.2.4.tgz", + "integrity": "sha1-Rls6zL0CGLgoH1MB4nztxpf5b94=", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { - "@isaacs/brace-expansion": "^5.0.0" + "brace-expansion": "^5.0.2" }, "engines": { - "node": "20 || >=22" + "node": "18 || 20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -6895,10 +6897,11 @@ "dev": true }, "node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "version": "3.1.5", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha1-WAyI+NVEXyvWqo88re+g3nn71p4=", "dev": true, + "license": "ISC", "dependencies": { "brace-expansion": "^1.1.7" }, @@ -8765,10 +8768,11 @@ } }, "node_modules/underscore": { - "version": "1.13.7", - "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/underscore/-/underscore-1.13.7.tgz", - "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==", - "dev": true + "version": "1.13.8", + "resolved": "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/underscore/-/underscore-1.13.8.tgz", + "integrity": "sha1-qTohGGwEnb8OhHSW26cre9jB6Ss=", + "dev": true, + "license": "MIT" }, "node_modules/undici-types": { "version": "6.21.0",