Add dependency overrides to resolve security vulnerabilities

[IsmaelMartinez]

Summary

Added npm dependency overrides to the docs-site package to enforce specific versions of transitive dependencies and resolve security vulnerabilities.

Key Changes

• Added overrides configuration to package.json to enforce minimum versions of vulnerable dependencies
• Pinned minimatch to version >=10.2.1 to address security issues
• Enforced schema-utils version ^4.0.0 for file-loader, url-loader, and null-loader to ensure compatible and secure versions of their dependencies

Details

The overrides configuration ensures that regardless of what versions these loaders request, they will use the specified versions of schema-utils. This approach prevents dependency conflicts while maintaining security standards without requiring updates to the loader packages themselves.

https://claude.ai/code/session_01EhHyBQRnZde6WRs2o6S1eZ

[gemini-code-assist]

Summary of Changes

Hello @IsmaelMartinez, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the security posture of the docs-site package by introducing npm dependency overrides. It specifically targets and enforces minimum secure versions for minimatch and schema-utils, which are transitive dependencies of various loaders. This strategy effectively mitigates known security vulnerabilities without requiring direct modifications to the loader packages themselves, ensuring both security and dependency compatibility.

Highlights

• Dependency Overrides Introduced: Added an overrides configuration to the package.json file within the docs-site package to manage and enforce specific versions of transitive dependencies.
• Minimatch Version Pinned: Pinned the minimatch dependency to version >=10.2.1 to resolve identified security vulnerabilities.
• Schema-Utils Version Enforced: Enforced schema-utils version ^4.0.0 for file-loader, url-loader, and null-loader to ensure compatible and secure versions of their sub-dependencies.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs-site/package.json
  • Added an overrides section to enforce specific versions of minimatch and schema-utils for file-loader, url-loader, and null-loader.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

✅ Changelog entry generated and committed to this PR:

Add dependency overrides to resolve security vulnerabilities - by @IsmaelMartinez (#2200)

The file .changelog/pr-2200.txt will be included when you merge this PR.

You can edit it directly in this PR if needed.

[gemini-code-assist]

Code Review

This pull request adds dependency overrides to resolve security vulnerabilities, which is a good practice. I've suggested a simplification to the overrides configuration in package.json to make it more concise and robust for future dependency updates.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📦 PR Snap Build Artifacts

✅ Snap builds successful! Download artifacts:

🐧 Linux Snap Packages

x86_64 (107.67 MB)

• teams-for-linux-snap-x64

arm64 (104.58 MB)

• teams-for-linux-snap-arm64

armv7l (98.81 MB)

• teams-for-linux-snap-armv7l

---

📝 Note: Other package formats (.deb, .rpm, .AppImage, .dmg, .exe) are built in the main workflow

View workflow run

[github-actions]

📦 PR Build Artifacts

✅ Build successful! Download artifacts:

🐧 Linux

x86_64 (435.54 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage

• teams-for-linux-linux-x64

arm64 (426.73 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage

• teams-for-linux-linux-arm64

armv7l (404.81 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage

• teams-for-linux-linux-armv7l

🍎 macOS

x86_64 (125.26 MB) - Contains: .dmg

• teams-for-linux-macos-x64

🪟 Windows

x86_64 (105.72 MB) - Contains: .exe installer

• teams-for-linux-windows-x64

---

📝 Note: Snap packages (.snap) are built in a separate workflow

View workflow run

🕐 Last updated: 2026-02-19 23:06 UTC