chore: update deps

[pumano]

This PR

• updates some dependencies. That fix 1 crit vuln / 3 high severity vulns just via bump of dependencies

Related Issues

Fixes #1234523

Notes

Follow-up Tasks

How to test

npm audit

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a comprehensive update of project dependencies, primarily motivated by the need to resolve identified security vulnerabilities. By upgrading various core and development packages, the project benefits from the latest features, bug fixes, and crucial security patches, ensuring a more robust and secure development environment.

Highlights

• Dependency Updates: Numerous dependencies across the project, including rollup, playwright, superagent, and supertest, have been updated to their latest versions.
• Vulnerability Resolution: These dependency updates address one critical and three high-severity vulnerabilities, significantly enhancing the project's security posture.
• Internal Package Version Bumps: Several internal @openfeature packages (angular-sdk, server-sdk, core, web-sdk) have received minor or major version updates, reflecting broader ecosystem changes.

Changelog

• package-lock.json
  • Major version updates for rollup (to 4.59.0), playwright (to 1.58.2), superagent (to 10.3.0), and supertest (to 7.2.2).
  • Updated various @rollup platform-specific binaries to 4.59.0.
  • Updated @types/supertest to 7.2.0.
  • Updated form-data to 4.0.5 and formidable to 3.5.4.
  • Added new dependencies @noble/hashes, @paralleldrive/cuid2, and @rollup/rollup-openbsd-x64.
  • Removed hexoid dependency.
  • Updated internal @openfeature package versions, including @openfeature/angular-sdk to 1.1.0 and @openfeature/core to 1.9.2.
  • Downgraded @angular/compiler-cli to 21.0.4.
• package.json
  • Updated the rollup development dependency to ^4.59.0.
• packages/angular/package.json
  • Updated the playwright development dependency to ^1.57.0.
• packages/nest/package.json
  • Updated @types/supertest to ^7.2.0 and supertest to ^7.2.0 in devDependencies.

Activity

• No specific activity (comments, reviews, or progress updates) were recorded in the provided context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates several dependencies, which, as you mentioned, resolves a number of vulnerabilities. The changes in package.json and package-lock.json files look consistent with a dependency update.

While reviewing, I noticed a potential issue in packages/nest/package.json that is not part of this diff but is relevant. The @openfeature/server-sdk dependency is pinned to version 1.18.0. However, this PR updates the @openfeature/server-sdk package in the monorepo to 1.20.2. To maintain consistency and ensure the nest package benefits from the latest updates, it would be advisable to change this pinned version to a workspace reference, like *, similar to how @openfeature/core is referenced in the same file. This would be a good follow-up improvement.