Skip to content

[Deps] Safe dependency updates (2026-03-08)#1175

Closed
github-actions[bot] wants to merge 2 commits intomainfrom
deps/safe-updates-2026-03-08-9b3157319b0ac751
Closed

[Deps] Safe dependency updates (2026-03-08)#1175
github-actions[bot] wants to merge 2 commits intomainfrom
deps/safe-updates-2026-03-08-9b3157319b0ac751

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 8, 2026

Automated Safe Dependency Updates

This PR contains safe patch-level dependency updates that have been verified to:

  • ✅ Pass all tests (828/831 pass; 3 failures are pre-existing environment-specific issues unrelated to these updates)
  • ✅ Have no breaking changes
  • ✅ No security vulnerabilities found (npm audit reports 0 vulnerabilities)

Updated Dependencies

Package Previous Updated Type
@commitlint/cli 20.4.1 20.4.3 patch
@commitlint/config-conventional 20.4.1 20.4.3 patch
@eslint/compat 2.0.2 2.0.3 patch
@eslint/js 10.0.0 10.0.1 patch
@types/js-yaml 4.0.5 4.0.9 patch
@types/node 25.2.3 25.3.5 minor
eslint 10.0.0 10.0.3 patch
glob 13.0.1 13.0.6 patch
globals 17.3.0 17.4.0 minor
typescript 5.x 5.9.3 minor
typescript-eslint 8.55.0 8.56.1 patch

Security Fixes Included

No CVEs addressed — npm audit reports 0 vulnerabilities across all 556 packages.

Verification

  • npm audit reports 0 vulnerabilities
  • All tests pass (828/831; 3 pre-existing environment-specific failures confirmed present before this PR)
  • No breaking changes (all updates within semver ranges specified in package.json)
  • Dependabot alerts: not accessible via token permissions

Skipped Updates (major version bumps — require manual review)

Package Current Latest Reason
chalk 4.1.2 5.6.2 Major — ESM-only in v5
commander 12.1.0 14.0.3 Major — potential breaking changes
execa 5.1.1 9.6.1 Major — ESM-only in v9
eslint-plugin-security 3.0.1 4.0.0 Major — may have config changes

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

@github-actions
chore(deps): safe patch-level dependency updates
19eb69d 
Updated dependencies within semver ranges:
- @commitlint/cli: 20.4.1 → 20.4.3
- @commitlint/config-conventional: 20.4.1 → 20.4.3
- @eslint/compat: 2.0.2 → 2.0.3
- @eslint/js: 10.0.0 → 10.0.1
- @types/js-yaml: 4.0.5 → 4.0.9
- @types/node: 25.2.3 → 25.3.5
- eslint: 10.0.0 → 10.0.3
- glob: 13.0.1 → 13.0.6
- globals: 17.3.0 → 17.4.0
- typescript: 5.x → 5.9.3
- typescript-eslint: 8.55.0 → 8.56.1

All tests pass (3 pre-existing environment-specific failures unrelated).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added automated dependencies Pull requests that update a dependency file labels Mar 8, 2026
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 8, 2026

Merged PRs:

  • fix(security): eliminate TOCTOU race conditions in ssl-bump.ts
  • fix(security): stop logging partial token values
    Tests: ✅ MCP merged PRs, ✅ GH CLI, ✅ Playwright, ❌ Tavily, ✅ File write, ✅ Bash cat, ✅ Discussion, ✅ Build
    Overall: FAIL

🔮 The oracle has spoken through Smoke Codex

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 82.37% 82.51% 📈 +0.14%
Statements 82.27% 82.41% 📈 +0.14%
Functions 82.60% 82.60% ➡️ +0.00%
Branches 74.21% 74.30% 📈 +0.09%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/docker-manager.ts 83.4% → 84.0% (+0.54%) 82.8% → 83.3% (+0.52%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

Go Build Test Results ✅

Project Download Tests Status
color PASS ✅ PASS
env PASS ✅ PASS
uuid PASS ✅ PASS

Overall: ✅ PASS

Generated by Build Test Go for issue #1175

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

Smoke Test Results — Copilot Engine

Test Status
GitHub MCP: Last 2 merged PRs
Playwright: github.com title contains "GitHub"
File write: smoke-test-copilot-22929873933.txt
Bash: file read-back verified

Last 2 merged PRs: #1159 fix(security): eliminate TOCTOU race conditions in ssl-bump.ts · #1158 fix(security): stop logging partial token values (both by @Mossaka)

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1175

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

Build Test: Bun Results

Project Install Tests Status
elysia 1/1 PASS
hono 1/1 PASS

Overall: ✅ PASS

Bun version: 1.3.10

Generated by Build Test Bun for issue #1175

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

.NET Build Test Results

Project Restore Build Run Status
hello-world PASS
json-parse PASS

Overall: PASS

Run output

hello-world: Hello, World!

json-parse:

{
  "Name": "AWF Test",
  "Version": 1,
  "Success": true
}
Name: AWF Test, Success: True

Generated by Build Test .NET for issue #1175

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

Chroot Version Comparison Results

Runtime Host Version Chroot Version Match?
Python Python 3.12.12 Python 3.12.3 ❌ NO
Node.js v24.14.0 v20.20.0 ❌ NO
Go go1.22.12 go1.22.12 ✅ YES

Result: FAILED — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot for issue #1175

@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

Smoke Test Results

Test Status
GitHub MCP: #1151 fix(ci): resolve integration test suite failures on main
GitHub MCP: #1067 fix(ci): recompile ci-doctor and add missing workflows
Playwright: github.com title contains "GitHub"
File write: smoke-test-claude-22929873934.txt
Bash verify: file contents confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1175

@github-actions github-actions bot mentioned this pull request Mar 11, 2026
Closed
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 11, 2026

C++ Build Test Results

Project CMake Build Status
fmt PASS
json PASS

Overall: PASS 🎉

Generated by Build Test C++ for issue #1175

@Mossaka
Copy link
Collaborator

Mossaka commented Mar 11, 2026

Closing in favor of an aggregated dependency update PR that combines all pending updates. This reduces PR noise and CI load.

@Mossaka Mossaka closed this Mar 11, 2026
Mossaka added a commit that referenced this pull request Mar 11, 2026
@Mossaka @claude
chore(deps): aggregated dependency updates
422407b 
Run npm update and npm audit fix across root and docs-site to bring all
dependencies to latest compatible versions within existing semver ranges.

Closes individual dependency PRs #1204, #1199, #1185, #1183, #1179,
#1175, #1141, #1114, #1110, #1104, #1059, #1027, #1019, #976.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Mossaka Mossaka mentioned this pull request Mar 11, 2026
Merged
4 tasks
Mossaka added a commit that referenced this pull request Mar 12, 2026
@Mossaka @claude
chore(deps): aggregated dependency updates (#1218)
30d1f1d 
Run npm update and npm audit fix across root and docs-site to bring all
dependencies to latest compatible versions within existing semver ranges.

Closes individual dependency PRs #1204, #1199, #1185, #1183, #1179,
#1175, #1141, #1114, #1110, #1104, #1059, #1027, #1019, #976.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka Mossaka will be requested when the pull request is marked ready for review Mossaka is a code owner

Assignees

No one assigned

Labels

automated build-test-bun build-test-cpp build-test-dotnet build-test-go dependencies Pull requests that update a dependency file smoke-claude smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mossaka