Skip to content

[Deps] Safe dependency updates (2026-03-08)#1175

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-03-08-9b3157319b0ac751
Draft

[Deps] Safe dependency updates (2026-03-08)#1175
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-03-08-9b3157319b0ac751

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 8, 2026

Automated Safe Dependency Updates

This PR contains safe patch-level dependency updates that have been verified to:

  • ✅ Pass all tests (828/831 pass; 3 failures are pre-existing environment-specific issues unrelated to these updates)
  • ✅ Have no breaking changes
  • ✅ No security vulnerabilities found (npm audit reports 0 vulnerabilities)

Updated Dependencies

Package Previous Updated Type
@commitlint/cli 20.4.1 20.4.3 patch
@commitlint/config-conventional 20.4.1 20.4.3 patch
@eslint/compat 2.0.2 2.0.3 patch
@eslint/js 10.0.0 10.0.1 patch
@types/js-yaml 4.0.5 4.0.9 patch
@types/node 25.2.3 25.3.5 minor
eslint 10.0.0 10.0.3 patch
glob 13.0.1 13.0.6 patch
globals 17.3.0 17.4.0 minor
typescript 5.x 5.9.3 minor
typescript-eslint 8.55.0 8.56.1 patch

Security Fixes Included

No CVEs addressed — npm audit reports 0 vulnerabilities across all 556 packages.

Verification

  • npm audit reports 0 vulnerabilities
  • All tests pass (828/831; 3 pre-existing environment-specific failures confirmed present before this PR)
  • No breaking changes (all updates within semver ranges specified in package.json)
  • Dependabot alerts: not accessible via token permissions

Skipped Updates (major version bumps — require manual review)

Package Current Latest Reason
chalk 4.1.2 5.6.2 Major — ESM-only in v5
commander 12.1.0 14.0.3 Major — potential breaking changes
execa 5.1.1 9.6.1 Major — ESM-only in v9
eslint-plugin-security 3.0.1 4.0.0 Major — may have config changes

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

@github-actions
chore(deps): safe patch-level dependency updates
19eb69d 
Updated dependencies within semver ranges:
- @commitlint/cli: 20.4.1 → 20.4.3
- @commitlint/config-conventional: 20.4.1 → 20.4.3
- @eslint/compat: 2.0.2 → 2.0.3
- @eslint/js: 10.0.0 → 10.0.1
- @types/js-yaml: 4.0.5 → 4.0.9
- @types/node: 25.2.3 → 25.3.5
- eslint: 10.0.0 → 10.0.3
- glob: 13.0.1 → 13.0.6
- globals: 17.3.0 → 17.4.0
- typescript: 5.x → 5.9.3
- typescript-eslint: 8.55.0 → 8.56.1

All tests pass (3 pre-existing environment-specific failures unrelated).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added automated dependencies Pull requests that update a dependency file labels Mar 8, 2026
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 8, 2026

Merged PRs:

  • fix(security): eliminate TOCTOU race conditions in ssl-bump.ts
  • fix(security): stop logging partial token values
    Tests: ✅ MCP merged PRs, ✅ GH CLI, ✅ Playwright, ❌ Tavily, ✅ File write, ✅ Bash cat, ✅ Discussion, ✅ Build
    Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants