Skip to content

[Deps] Safe dependency updates (2026-03-15)#1313

Closed
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-03-15-df70e49eb276c8f1
Closed

[Deps] Safe dependency updates (2026-03-15)#1313
github-actions[bot] wants to merge 1 commit intomainfrom
deps/safe-updates-2026-03-15-df70e49eb276c8f1

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 15, 2026

Automated Safe Dependency Updates

This PR contains safe patch-level dependency updates that have been verified to:

  • ✅ Pass all existing tests (pre-existing failures unrelated to these changes)
  • ✅ Have no breaking changes
  • ✅ Stay within semver ranges defined in package.json

Updated Dependencies

Package Previous Updated Type
@commitlint/cli 20.4.3 20.4.4 patch
@commitlint/config-conventional 20.4.3 20.4.4 patch
@types/node 25.4.0 25.5.0 minor

Security Fixes Included

None — these are routine maintenance updates. No HIGH or CRITICAL vulnerabilities were found in the current audit.

Note on MODERATE vulnerabilities: markdownlint-cli2 (dev dependency) has transitive moderate CVEs in js-yaml and markdown-it. The fix requires a breaking major version bump (0.17.20.21.0) which is excluded from this safe-update PR. These vulnerabilities only affect the markdown linting dev toolchain — not the production firewall runtime.

Vulnerability Summary

  • CRITICAL: 0 found
  • HIGH: 0 found
  • MODERATE: 4 noted (dev-only, in markdownlint-cli2 transitive deps — fix requires major bump)
  • LOW: 0 found

Verification

  • npm test passes (1096/1099 — 3 pre-existing failures unrelated to these updates)
  • No breaking changes detected
  • Only package-lock.json modified (no package.json changes needed)

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

@github-actions
chore(deps): update patch-level dependencies
7f0002f 
- @commitlint/cli: 20.4.3 → 20.4.4
- @commitlint/config-conventional: 20.4.3 → 20.4.4
- @types/node: 25.4.0 → 25.5.0

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added automated dependencies Pull requests that update a dependency file labels Mar 15, 2026
@Mossaka Mossaka closed this Mar 17, 2026
This was referenced Mar 17, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka Mossaka will be requested when the pull request is marked ready for review Mossaka is a code owner

Assignees

No one assigned

Labels

automated dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mossaka