[Deps] Safe dependency updates (2026-03-09)

[github-actions]

Automated Safe Dependency Updates

This PR contains safe patch and minor semver-compatible dependency updates that have been verified to:

• ✅ Pass all tests (828/831 tests pass; 3 pre-existing failures unrelated to these changes)
• ✅ No breaking changes (all updates within declared semver ranges)
• ✅ No new security vulnerabilities (npm audit confirms 0 vulnerabilities)

Updated Dependencies

Package	Previous	Updated	Type
@commitlint/cli	20.4.1	20.4.3	patch
@commitlint/config-conventional	20.4.1	20.4.3	patch
@eslint/compat	2.0.2	2.0.3	patch
@types/node	25.2.3	25.3.5	minor
@typescript-eslint/eslint-plugin	8.55.0	8.56.1	minor
@typescript-eslint/parser	8.55.0	8.56.1	minor
eslint	10.0.0	10.0.3	patch
glob	13.0.1	13.0.6	patch
globals	17.3.0	17.4.0	minor
typescript-eslint	8.55.0	8.56.1	minor

Security Fixes Included

None required — npm audit reports 0 vulnerabilities across all 556 packages.

Updates Skipped (Major Version Changes)

Package	Current	Latest	Reason
chalk	4.1.2	5.6.2	Major version; ESM-only in v5
commander	12.1.0	14.0.3	Major version; potential breaking changes
eslint-plugin-security	3.0.1	4.0.0	Major version
execa	5.1.1	9.6.1	Major version; ESM-only in v6+

Verification

• All pre-existing tests pass (828/831; 3 pre-existing failures confirmed unchanged)
• npm audit shows 0 vulnerabilities after update
• No breaking changes detected

---

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

[github-actions]

PRs: fix(security): eliminate TOCTOU race conditions in ssl-bump.ts | fix(security): stop logging partial token values
GitHub MCP ✅; safeinputs-gh ✅; Playwright ✅; Tavily ❌
File write ✅; Bash cat ✅; Discussion comment ✅; Build ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.37%	82.51%	📈 +0.14%
Statements	82.27%	82.41%	📈 +0.14%
Functions	82.60%	82.60%	➡️ +0.00%
Branches	74.21%	74.30%	📈 +0.09%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.4% → 84.0% (+0.54%)	82.8% → 83.3% (+0.52%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS

Generated by Build Test C++ for issue #1179

[github-actions]

PR titles:
fix(ci): resolve integration test suite failures on main
fix(security): eliminate TOCTOU race conditions in ssl-bump.ts
Tests: GitHub MCP ✅ | safeinputs-gh ✅ | Playwright ✅ | Tavily ❌ | File write ✅ | Bash cat ✅ | Discussion ✅ | Build ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1179

[github-actions]

Smoke Test Results — Run 22929871344

Test	Result
GitHub MCP: #1151 fix(ci): resolve integration test suite failures	✅
GitHub MCP: #1159 fix(security): eliminate TOCTOU race conditions	✅
Playwright: github.com title contains "GitHub"	✅
File write + bash verify	✅

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1179

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.12	Python 3.12.3	❌ NO
Node.js	v24.14.0	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Result: FAILED — Python and Node.js versions differ between host and chroot environments. The smoke-chroot label was not applied.

Tested by Smoke Chroot for issue #1179

[github-actions]

Build Test: Deno

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

Generated by Build Test Deno for issue #1179

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

All Maven projects compiled and tests passed successfully.

Generated by Build Test Java for issue #1179

[Mossaka]

Closing in favor of an aggregated dependency update PR that combines all pending updates. This reduces PR noise and CI load.