Skip to content

chore(deps): bump ajv from 8.17.1 to 8.18.0#5709

Merged
rtibbles merged 1 commit into
unstablefrom
dependabot/npm_and_yarn/ajv-8.18.0
Apr 29, 2026
Merged

chore(deps): bump ajv from 8.17.1 to 8.18.0#5709
rtibbles merged 1 commit into
unstablefrom
dependabot/npm_and_yarn/ajv-8.18.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 17, 2026
edited
Loading

Bumps ajv from 8.17.1 to 8.18.0.

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 17, 2026
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Mar 1, 2026

@dependabot rebase

@rtibbles rtibbles requested a review from rtibblesbot March 1, 2026 08:47
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 90c3622 to 48c1d37 Compare March 1, 2026 08:48
rtibblesbot
rtibblesbot reviewed Mar 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rtibblesbot rtibblesbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Update Review

Package: ajv 8.17.1 → 8.18.0
Semver risk: Minor
Dependency type: Production
CI status: Contributor check fails (expected for bot PRs); substantive checks (frontend tests, linting, build) still in progress

Changelog Analysis

Sources consulted:

Breaking changes: None.

Security fixes:

Other notable changes:

  • Tree-shaking support via "sideEffects": false in package.json
  • Fix: Infinity and NaN values no longer serialize incorrectly to null (#2482)

Compatibility Assessment

  • Breaking changes: none
  • Peer dependency changes: none
  • Code changes required: none
  • Lockfile changes: ajv 8.17.1 → 8.18.0 and transitive dep fast-uri 3.0.6 → 3.1.0 — expected
  • Target branch: unstable (default branch) — correct

Recommendation

APPROVE once CI completes — minor bump with no breaking changes and a security fix (CVE-2025-69873). The Infinity/NaN serialization fix is a correctness improvement. Recommend merging promptly given the CVE.

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

  • Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
  • Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
  • Architecture: duplicated concerns, minimal interfaces, composition over inheritance
  • Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
  • Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
  • Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
  • Checked CI status and linked issue acceptance criteria
  • For UI changes: inspected screenshots for layout, visual completeness, and consistency

rtibblesbot
rtibblesbot approved these changes Mar 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rtibblesbot rtibblesbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor dependency bump (ajv 8.17.1 → 8.18.0) with a security fix (CVE-2025-69873 ReDoS mitigation), no breaking changes.

CI: frontend tests, linting, and build still in progress; path checks and message build passing. Target branch unstable is correct (repo default).

Lockfile changes are expected: ajv 8.17.1 → 8.18.0, transitive fast-uri 3.0.6 → 3.1.0, ajv 6.12.6 → 6.14.0.

1 prior finding(s) resolved.

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Compared the current PR state against findings from a prior review:

  • Retrieved prior bot reviews deterministically via the GitHub API
  • Classified each prior finding as RESOLVED, UNADDRESSED, ACKNOWLEDGED, or CONTESTED
  • Only raised NEW findings for newly introduced code
  • Reviewed the pull request diff checking for correctness, design, architecture, testing, completeness, and adherence to DRY/SRP principles
  • Checked CI status and linked issue acceptance criteria

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 48c1d37 to fa11e34 Compare March 3, 2026 16:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from fa11e34 to dd4f187 Compare March 11, 2026 20:50
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Apr 16, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from dd4f187 to 3a84374 Compare April 16, 2026 16:08
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Apr 16, 2026

@dependabot rebase

@dependabot
chore(deps): bump ajv from 8.17.1 to 8.18.0
637aaac 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.17.1 to 8.18.0.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 3a84374 to 637aaac Compare April 16, 2026 16:52
rtibbles
rtibbles approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@rtibbles rtibbles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No concerns from changelog.

@rtibbles rtibbles merged commit 69aded1 into unstable Apr 29, 2026
16 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/ajv-8.18.0 branch April 29, 2026 23:48
@rtibbles rtibbles mentioned this pull request May 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rtibbles rtibbles rtibbles approved these changes

+1 more reviewer

@rtibblesbot rtibblesbot rtibblesbot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rtibbles @rtibblesbot