Automated Safe Dependency Updates
This PR contains safe dependency updates (within existing semver ranges) that have been verified to:
- ✅ Pass all tests (2420/2421 pass; 1 pre-existing flaky DNS IP test unrelated to these changes)
- ✅ Have no breaking changes (all updates respect existing
^ semver constraints)
- ✅ Resolve a known security vulnerability (GHSA-jxxr-4gwj-5jf2)
- ✅
npm audit reports 0 vulnerabilities after update (was 1 moderate)
Updated Dependencies
| Package |
Previous |
Updated |
Type |
ajv |
8.18.0 |
8.20.0 |
minor (prod) |
js-yaml |
4.1.1 |
4.2.0 |
minor (prod) |
@babel/core |
7.29.0 |
7.29.7 |
patch (dev) |
@babel/preset-env |
7.29.2 |
7.29.7 |
patch (dev) |
@commitlint/cli |
20.5.0 |
20.5.3 |
patch (dev) |
@commitlint/config-conventional |
20.5.0 |
20.5.3 |
patch (dev) |
@eslint/compat |
2.0.5 |
2.1.0 |
minor (dev) |
@eslint/js |
10.0.0 |
10.0.1 |
patch (dev) |
@types/js-yaml |
4.0.5 |
4.0.9 |
patch (dev) |
@types/node |
25.6.0 |
25.9.2 |
minor (dev) |
babel-jest |
30.3.0 |
30.4.1 |
minor (dev) |
esbuild |
0.25.x |
0.25.12 |
patch (dev) |
eslint |
10.2.1 |
10.4.1 |
minor (dev) |
glob |
13.0.1 |
13.0.6 |
patch (dev) |
globals |
17.5.0 |
17.6.0 |
minor (dev) |
jest |
30.3.0 |
30.4.2 |
minor (dev) |
ts-jest |
29.4.9 |
29.4.11 |
patch (dev) |
typescript |
5.x |
5.9.3 |
patch (dev) |
typescript-eslint |
8.58.2 |
8.60.1 |
minor (dev) |
@typescript-eslint/eslint-plugin |
8.58.2 |
8.60.1 |
minor (dev) |
@typescript-eslint/parser |
8.58.2 |
8.60.1 |
minor (dev) |
Security Fixes Included
- GHSA-jxxr-4gwj-5jf2 (MODERATE, CVSS 6.5):
brace-expansion large numeric range DoS — resolved as a transitive fix via the updated dependency tree. npm audit now reports 0 vulnerabilities.
Packages Skipped (major version jumps requiring manual review)
| Package |
Current |
Latest |
Reason |
chalk |
4.1.2 |
5.6.2 |
Major — ESM-only in v5 |
commander |
12.1.0 |
15.0.0 |
Major — API changes |
execa |
5.1.1 |
9.6.1 |
Major — ESM-only in v6+ |
esbuild |
0.25.12 |
0.28.0 |
Minor outside range — requires review |
eslint-plugin-security |
3.0.1 |
4.0.0 |
Major |
markdownlint-cli2 |
0.21.0 |
0.22.1 |
Minor outside range |
@commitlint/* |
20.5.3 |
21.0.2 |
Major |
typescript |
5.9.3 |
6.0.3 |
Major — breaking changes |
Verification
Generated by Dependency Security Monitor Workflow
To route changes like this to a review issue instead of blocking, configure protected-files: fallback-to-issue in your workflow configuration.
Generated by Dependency Security Monitor · sonnet46 1.7M · ◷
Automated Safe Dependency Updates
This PR contains safe dependency updates (within existing semver ranges) that have been verified to:
^semver constraints)npm auditreports 0 vulnerabilities after update (was 1 moderate)Updated Dependencies
ajvjs-yaml@babel/core@babel/preset-env@commitlint/cli@commitlint/config-conventional@eslint/compat@eslint/js@types/js-yaml@types/nodebabel-jestesbuildeslintglobglobalsjestts-jesttypescripttypescript-eslint@typescript-eslint/eslint-plugin@typescript-eslint/parserSecurity Fixes Included
brace-expansionlarge numeric range DoS — resolved as a transitive fix via the updated dependency tree.npm auditnow reports 0 vulnerabilities.Packages Skipped (major version jumps requiring manual review)
chalkcommanderexecaesbuildeslint-plugin-securitymarkdownlint-cli2@commitlint/*typescriptVerification
npm auditreports 0 vulnerabilitiesGenerated by Dependency Security Monitor Workflow
Warning
Protected Files
This was originally intended as a pull request, but the patch modifies protected files. These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
Click here to create the pull request once you have reviewed the changes
Protected files
package-lock.jsonpackage.jsonTo route changes like this to a review issue instead of blocking, configure
protected-files: fallback-to-issuein your workflow configuration.