You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR contains safe patch-level dependency updates that have been verified to:
✅ Pass all tests (pre-existing DNS IP test failure unrelated to these changes)
✅ Have no breaking changes
✅ No security vulnerabilities in updated packages
Updated Dependencies
Package
Previous
Updated
Type
@typescript-eslint/eslint-plugin
8.62.0
8.62.1
patch
@typescript-eslint/parser
8.62.0
8.62.1
patch
typescript-eslint
8.62.0
8.62.1
patch
Security Fixes Included
None — these are routine patch updates with no CVE fixes.
Vulnerability Assessment Summary
npm audit found no HIGH or CRITICAL vulnerabilities. There are 3 MODERATE vulnerabilities in dev dependencies (via markdownlint-cli2 → js-yaml and markdown-it). These are tracked below but not addressed in this PR as the fix requires a pre-1.0 minor bump (0.21.0 → 0.23.0) that may introduce breaking changes to linting rules.
Severity
Count
Action
CRITICAL
0
—
HIGH
0
—
MODERATE
3
Tracked (dev-only, no production impact)
LOW
0
—
Moderate vulnerabilities (dev dependencies only, no production impact):
GHSA-h67p-54hq-rp68 — js-yaml quadratic-complexity DoS (CVSS 5.3), via markdownlint-cli2
GHSA-6v5v-wf23-fmfq — markdown-it quadratic-complexity DoS (CVSS 5.3), via markdownlint-cli2
Major Updates Skipped (require manual review)
The following packages have major version updates available but were skipped to avoid unintended breaking changes:
Package
Current
Latest
Reason Skipped
@babel/core
7.29.7
8.0.1
Major version
@commitlint/cli
20.5.3
21.2.0
Major version
chalk
4.1.2
5.6.2
Major version (ESM only)
commander
12.1.0
15.0.0
Major version
execa
5.1.1
9.6.1
Major version (ESM only)
typescript
5.9.3
6.0.3
Major version
markdownlint-cli2
0.21.0
0.23.0
Pre-1.0 minor (breaking)
Verification
All tests pass (3386/3387 — 1 pre-existing DNS IP resolution failure unrelated to these changes)
No breaking changes detected
Build (tsc) passes
Generated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.json
package.json
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 28500434889 -n agent -D /tmp/agent-28500434889
# Create a new branch
git checkout -b deps/safe-updates-2026-07-01-0986312ca43893b9 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-28500434889/aw-deps-safe-updates-2026-07-01.patch
# Push the branch and create the pull request
git push origin deps/safe-updates-2026-07-01-0986312ca43893b9
gh pr create --title '[Deps] Safe dependency updates (2026-07-01)' --base main --head deps/safe-updates-2026-07-01-0986312ca43893b9 --repo github/gh-aw-firewall
Automated Safe Dependency Updates
This PR contains safe patch-level dependency updates that have been verified to:
Updated Dependencies
@typescript-eslint/eslint-plugin@typescript-eslint/parsertypescript-eslintSecurity Fixes Included
None — these are routine patch updates with no CVE fixes.
Vulnerability Assessment Summary
npm auditfound no HIGH or CRITICAL vulnerabilities. There are 3 MODERATE vulnerabilities in dev dependencies (viamarkdownlint-cli2→js-yamlandmarkdown-it). These are tracked below but not addressed in this PR as the fix requires a pre-1.0 minor bump (0.21.0→0.23.0) that may introduce breaking changes to linting rules.Moderate vulnerabilities (dev dependencies only, no production impact):
GHSA-h67p-54hq-rp68— js-yaml quadratic-complexity DoS (CVSS 5.3), viamarkdownlint-cli2GHSA-6v5v-wf23-fmfq— markdown-it quadratic-complexity DoS (CVSS 5.3), viamarkdownlint-cli2Major Updates Skipped (require manual review)
The following packages have major version updates available but were skipped to avoid unintended breaking changes:
@babel/core@commitlint/clichalkcommanderexecatypescriptmarkdownlint-cli2Verification
tsc) passesGenerated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.jsonpackage.jsonCreate the pull request manually