[Deps] Safe dependency updates (2026-03-17)

[github-actions]

Automated Safe Dependency Updates

This PR contains safe patch-level and minor dependency updates that have been verified to:

• ✅ Pass all tests (1113/1116 pass; 3 failures are pre-existing environment permission issues unrelated to these updates)
• ✅ No breaking changes (all updates within semver ranges defined in package.json)
• ✅ No security regressions

Updated Dependencies

Package	Previous	Updated	Type
@babel/preset-env	7.29.0	7.29.2	patch
@commitlint/cli	20.4.3	20.5.0	minor
@commitlint/config-conventional	20.4.3	20.5.0	minor
@types/node	25.4.0	25.5.0	patch
@typescript-eslint/eslint-plugin	8.57.0	8.57.1	patch
@typescript-eslint/parser	8.57.0	8.57.1	patch
typescript-eslint	8.57.0	8.57.1	patch

Security Notes

npm audit shows 4 moderate vulnerabilities in markdownlint-cli2 (transitive: js-yaml, markdown-it). No HIGH or CRITICAL vulnerabilities were found. The moderate vulnerabilities require a major version bump of markdownlint-cli2 (0.17.x → 0.21.x) which is outside the safe patch update scope for this automated run.

Skipped Updates (require manual review)

Package	Current	Latest	Reason
chalk	4.1.2	5.6.2	Major (CJS→ESM)
commander	12.1.0	14.0.3	Major
execa	5.1.1	9.6.1	Major
eslint-plugin-security	3.0.1	4.0.0	Major
markdownlint-cli2	0.17.2	0.21.0	Minor (fixes moderate CVEs, needs testing)

---

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	86.05%	86.16%	📈 +0.11%
Statements	85.97%	86.09%	📈 +0.12%
Functions	86.13%	86.13%	➡️ +0.00%
Branches	79.21%	79.28%	📈 +0.07%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	87.4% → 87.9% (+0.49%)	86.8% → 87.2% (+0.46%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: Last 2 closed PRs: "[Deps] Safe dependency updates (2026-03-15)" ([Deps] Safe dependency updates (2026-03-15) #1313), "[Deps] Safe dependency updates (2026-03-14)" ([Deps] Safe dependency updates (2026-03-14) #1297)
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File Write: /tmp/gh-aw/agent/smoke-test-claude-23208130322.txt created
• ✅ Bash Tool: File contents verified

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1327

[github-actions]

Smoke Test Status

• GitHub MCP (last 2 merged PRs): ✅ fix: route GHEC Copilot proxy to copilot-api subdomain; fix: fix awf-runner timeout detection and no-docker test timeouts
• Safe Inputs GH CLI (safeinputs-gh pr list ...): ❌ tool unavailable in this runner
• Playwright title contains "GitHub": ✅
• Tavily search returned at least one result: ❌ Tavily MCP not available
• File write /tmp/gh-aw/agent/smoke-test-codex-23208130360.txt: ✅
• Bash cat verification: ✅
• Discussion query/comment: ❌ required discussion-query tool unavailable
• Build (npm ci && npm run build): ✅
• Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex

Warning

⚠️ Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• ab.chatgpt.com
• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"
    - "registry.npmjs.org"

See Network Configuration for more information.

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	passed	✅ PASS
Go	env	✅	passed	✅ PASS
Go	uuid	✅	passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #1327 · ◷

[github-actions]

Smoke Test Results

Test	Status
GitHub MCP (last 2 merged PRs)	✅
Playwright (github.com title contains "GitHub")	✅
File write (smoke-test-copilot-23208130392.txt)	✅
Bash verification (cat file)	✅

Last 2 merged PRs:

• fix: fix awf-runner timeout detection and no-docker test timeouts #1332: fix: fix awf-runner timeout detection and no-docker test timeouts
• fix: route GHEC Copilot proxy to copilot-api subdomain #1331: fix: route GHEC Copilot proxy to copilot-api subdomain

Authors: @Copilot · Assignees: @lpcox @Copilot

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1327

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.