Problem
probot is at 12.2.8; latest is 14.3.2 (two majors behind). probot is
the core runtime dependency and pulls in much of the vulnerable
transitive tree flagged by npm audit (e.g. validator, ws).
Proposed change
Upgrade probot to ^14, address breaking API changes in index.js
and api/github/webhooks/index.js, and verify the app builds and the
Jest suite passes (100% coverage threshold). Validate a Vercel preview
deploy before merge.
Acceptance criteria
probot on ^14; code updated for breaking changes.- Tests pass at 100% coverage.
npm audit high/critical count drops.- Vercel preview deploy works.
Problem
probotis at 12.2.8; latest is 14.3.2 (two majors behind). probot isthe core runtime dependency and pulls in much of the vulnerable
transitive tree flagged by
npm audit(e.g.validator,ws).Proposed change
Upgrade
probotto^14, address breaking API changes inindex.jsand
api/github/webhooks/index.js, and verify the app builds and theJest suite passes (100% coverage threshold). Validate a Vercel preview
deploy before merge.
Acceptance criteria
proboton^14; code updated for breaking changes.npm audithigh/critical count drops.