From ba0424751b18e53dac8e49421f134810eb851122 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 06:26:57 +0000 Subject: [PATCH 1/2] chore(deps): bump ajv from 8.10.0 to 8.18.0 in /agent-service Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.10.0 to 8.18.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](https://github.com/ajv-validator/ajv/compare/v8.10.0...v8.18.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- agent-service/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-service/package.json b/agent-service/package.json index 608981e0a45..7ab06a1e618 100644 --- a/agent-service/package.json +++ b/agent-service/package.json @@ -18,7 +18,7 @@ "@ai-sdk/openai": "2.0.79", "@elysiajs/cors": "1.4.0", "ai": "5.0.108", - "ajv": "8.10.0", + "ajv": "8.18.0", "dagre": "0.8.5", "elysia": "1.4.18", "pino": "10.3.1", From 6937b20bb2130db9f6d2ce41f24b79e1e6a5b7a7 Mon Sep 17 00:00:00 2001 From: Xinyuan Lin Date: Wed, 6 May 2026 00:03:53 -0700 Subject: [PATCH 2/2] chore(deps): sync bun.lock and LICENSE-binary for ajv 8.18.0 Dependabot bumped agent-service/package.json but didn't regenerate the bun lockfile, causing `bun install --frozen-lockfile` in the agent-service CI job to fail with "lockfile had changes, but lockfile is frozen". Also bumps the LICENSE-binary entry from ajv@8.17.1 to ajv@8.18.0 to satisfy the per-module bundled-package license drift check (ajv is a direct dep, so it can't be skipped via --ignore-transitive-version). --- agent-service/LICENSE-binary | 2 +- agent-service/bun.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agent-service/LICENSE-binary b/agent-service/LICENSE-binary index 60c33ca64d4..ba6237424a5 100644 --- a/agent-service/LICENSE-binary +++ b/agent-service/LICENSE-binary @@ -235,7 +235,7 @@ Agent service npm packages: - @tokenizer/token@0.3.0 - @types/bun@1.3.3 - @types/node@24.10.1 - - ajv@8.17.1 + - ajv@8.18.0 - atomic-sleep@1.0.0 - bun-types@1.3.3 - cookie@1.1.1 diff --git a/agent-service/bun.lock b/agent-service/bun.lock index 8a1953f46b2..3650dabffa4 100644 --- a/agent-service/bun.lock +++ b/agent-service/bun.lock @@ -8,7 +8,7 @@ "@ai-sdk/openai": "2.0.79", "@elysiajs/cors": "1.4.0", "ai": "5.0.108", - "ajv": "8.10.0", + "ajv": "8.18.0", "dagre": "0.8.5", "elysia": "1.4.18", "pino": "10.3.1", @@ -112,7 +112,7 @@ "ai": ["ai@5.0.108", "", { "dependencies": { "@ai-sdk/gateway": "2.0.18", "@ai-sdk/provider": "2.0.0", "@ai-sdk/provider-utils": "3.0.18", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-Jex3Lb7V41NNpuqJHKgrwoU6BCLHdI1Pg4qb4GJH4jRIDRXUBySJErHjyN4oTCwbiYCeb/8II9EnqSRPq9EifA=="], - "ajv": ["ajv@8.17.1", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g=="], + "ajv": ["ajv@8.18.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A=="], "atomic-sleep": ["atomic-sleep@1.0.0", "", {}, "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ=="],