Skip to content

Comments

[Deps] Safe dependency updates 2026-02-24#1019

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-02-24-a6860f35f40e6cf4
Draft

[Deps] Safe dependency updates 2026-02-24#1019
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-02-24-a6860f35f40e6cf4

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 24, 2026

Automated Safe Dependency Updates

This PR contains safe patch/minor dependency updates that have been verified to:

  • ✅ Pass all tests (same pass rate as baseline: 792/795)
  • ✅ Have no breaking changes
  • ✅ Resolve the moderate ajv ReDoS vulnerability (GHSA-2g4f-4pwh-qvx6) in transitive deps

Updated Dependencies

Package Previous Updated Type
@commitlint/cli 20.4.1 20.4.2 patch
@commitlint/config-conventional 20.4.1 20.4.2 patch
@eslint/compat bump latest in range patch
@eslint/js bump latest in range patch
@types/js-yaml 4.0.5 4.0.9 patch
@types/node 25.2.3 25.3.0 minor
eslint 10.0.0 10.0.2 patch
glob 13.0.1 13.0.6 patch
globals bump latest in range patch
typescript bump 5.9.3 minor
typescript-eslint 8.55.0 8.56.1 minor

Security Fixes Included

Vulnerability Summary

  • CRITICAL: 0 found
  • HIGH: 0 found
  • MODERATE: 1 found (ajv ReDoS — addressed by this update), no issue created (below HIGH threshold)
  • LOW: 0 found

Verification

  • All tests pass (same 3 pre-existing failures, unrelated to these updates)
  • No breaking changes detected
  • npm audit shows 0 vulnerabilities after update

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

@Copilot @github-actions
chore(deps): safe dependency updates 2026-02-24
9f34a29 
Updated packages within their semver ranges:
- @commitlint/cli: 20.4.1 → 20.4.2
- @commitlint/config-conventional: 20.4.1 → 20.4.2
- @eslint/compat: bump
- @eslint/js: bump
- @types/js-yaml: bump
- @types/node: 25.2.3 → 25.3.0
- eslint: 10.0.0 → 10.0.2
- glob: 13.0.1 → 13.0.6
- globals: bump
- typescript: bump
- typescript-eslint: 8.55.0 → 8.56.1

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added automated dependencies Pull requests that update a dependency file labels Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants