You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
✅ npm audit reports 0 vulnerabilities after update
Updated Dependencies
Package
Previous
Updated
Type
ajv
^8.18.0
^8.20.0
minor (prod)
commander
^12.0.0
^12.1.0
patch (prod)
js-yaml
^4.1.1
^4.2.0
minor (prod)
@babel/core
^7.29.0
^7.29.7
patch (dev)
@babel/preset-env
^7.29.0
^7.29.7
patch (dev)
@commitlint/cli
^20.4.1
^20.5.3
patch (dev)
@commitlint/config-conventional
^20.4.1
^20.5.3
patch (dev)
@eslint/compat
^2.0.5
^2.1.0
minor (dev)
@eslint/js
^10.0.0
^10.0.1
patch (dev)
@types/js-yaml
^4.0.5
^4.0.9
patch (dev)
@types/node
^25.6.0
^25.9.3
patch (dev)
esbuild
^0.25.0
^0.25.12
patch (dev)
eslint
^10.2.1
^10.4.1
minor (dev)
glob
^13.0.1
^13.0.6
patch (dev)
globals
^17.5.0
^17.6.0
minor (dev)
jest
^30.2.0
^30.4.2
minor (dev)
ts-jest
^29.4.9
^29.4.11
patch (dev)
typescript
^5.0.0
^5.9.3
minor (dev)
typescript-eslint
^8.58.2
^8.61.0
patch (dev)
Security Fixes Included
GHSA-jxxr-4gwj-5jf2 (brace-expansion): Large numeric range defeats documented max DoS protection (CVSS 6.5 / MODERATE). Fixed by transitively updating through dependent packages.
Skipped Updates (major version bumps — require manual review)
Package
Current
Latest
Reason
chalk
4.1.2
5.6.2
Major — ESM-only in v5
commander
12.x
15.x
Major — breaking API changes
execa
5.x
9.x
Major — ESM-only in v6+
typescript
5.x
6.x
Major — potential breaking changes
eslint-plugin-security
3.x
4.x
Major
@commitlint/*
20.x
21.x
Major
Verification
All tests pass (2518/2519 — pre-existing DNS resolution test failure, unrelated)
No breaking changes detected
npm audit reports 0 vulnerabilities
Generated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.json
package.json
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 27400963795 -n agent -D /tmp/agent-27400963795
# Create a new branch
git checkout -b deps/safe-dependency-updates-2026-06-12-9e738b1493198b6f main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-27400963795/aw-deps-safe-dependency-updates-2026-06-12.patch
# Push the branch and create the pull request
git push origin deps/safe-dependency-updates-2026-06-12-9e738b1493198b6f
gh pr create --title '[Deps] Safe dependency updates (2026-06-12)' --base main --head deps/safe-dependency-updates-2026-06-12-9e738b1493198b6f --repo github/gh-aw-firewall
Automated Safe Dependency Updates
This PR contains safe patch/minor-level dependency updates within existing semver ranges, verified to:
npm auditreports 0 vulnerabilities after updateUpdated Dependencies
ajvcommanderjs-yaml@babel/core@babel/preset-env@commitlint/cli@commitlint/config-conventional@eslint/compat@eslint/js@types/js-yaml@types/nodeesbuildeslintglobglobalsjestts-jesttypescripttypescript-eslintSecurity Fixes Included
brace-expansion): Large numeric range defeats documentedmaxDoS protection (CVSS 6.5 / MODERATE). Fixed by transitively updating through dependent packages.Skipped Updates (major version bumps — require manual review)
chalkcommanderexecatypescripteslint-plugin-security@commitlint/*Verification
npm auditreports 0 vulnerabilitiesGenerated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.jsonpackage.jsonCreate the pull request manually