Is upgrading via npm worse now than it used to be, or are there things that can be done to help you when you're needing to upgrade a project? Can CoPilot help with knowing what the security risks are before upgrading? And what is a peer dependency error?