Update VS Code Dependencies

[gfs]

This pull request updates several dependencies in the DevSkim-VSCode-Plugin/package-lock.json file to newer versions, adds new package variants, and introduces peer dependency flags to improve compatibility and package management. The most significant changes are grouped below.

Dependency Upgrades and Replacements:

• Upgraded glob and minimatch dependencies for the VS Code extension, including replacing brace-expansion with @isaacs/brace-expansion and updating related sub-dependencies and license information. [1] [2]
• Added new dependencies: @isaacs/balanced-match and @isaacs/brace-expansion to support updated glob and minimatch packages.
• Updated versions for several packages: js-yaml (both direct and nested), tar-fs, and their integrity hashes to the latest releases. [1] [2] [3]

Peer Dependency Adjustments:

• Marked several packages (@typescript-eslint/parser, acorn, eslint, typescript) as peer dependencies to improve compatibility and package management. [1] [2] [3] [4]

Documentation:

• Updated Changelog.md to reflect the new version (1.0.67) and document the dependency updates for the VS Code extension.

[Copilot]

Pull Request Overview

This pull request updates dependencies in the VS Code extension's package-lock.json file, including version upgrades for several packages and the addition of new @isaacs/* packages. While the dependency updates generally appear reasonable, there are critical issues with peer dependency flags that need to be addressed.

Key Changes

• Added new dependencies @isaacs/balanced-match and @isaacs/brace-expansion to replace the older brace-expansion package
• Updated versions for glob, minimatch, js-yaml, and tar-fs packages with new integrity hashes
• Marked several packages with "peer": true flag, which is incorrect for packages explicitly listed as devDependencies

Reviewed Changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File	Description
DevSkim-VSCode-Plugin/package-lock.json	Updates dependency versions and adds new @isaacs scoped packages. Contains incorrect "peer": true flags for packages that are direct devDependencies.
Changelog.md	Documents the dependency updates for version 1.0.67 released on 2025-11-18.

Files not reviewed (1)

• DevSkim-VSCode-Plugin/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The @typescript-eslint/parser package is marked with "peer": true, but it's explicitly listed as a devDependency in package.json (line 331). Packages that are direct dependencies (including devDependencies) should not have the "peer": true flag. This flag should only be present for packages that are installed solely to satisfy peer dependency requirements of other packages, not for packages that are directly declared as dependencies.

Suggested change

"peer": true,

[Copilot]

The eslint package is marked with "peer": true, but it's explicitly listed as a devDependency in package.json (line 334). Packages that are direct dependencies (including devDependencies) should not have the "peer": true flag. This flag should only be present for packages that are installed solely to satisfy peer dependency requirements of other packages, not for packages that are directly declared as dependencies.

Suggested change

"peer": true,

[Copilot]

The typescript package is marked with "peer": true, but it's explicitly listed as a devDependency in package.json (line 336). Packages that are direct dependencies (including devDependencies) should not have the "peer": true flag. This flag should only be present for packages that are installed solely to satisfy peer dependency requirements of other packages, not for packages that are directly declared as dependencies.

Suggested change

"peer": true,