[NREM][Space] Triage stale Dependabot PRs — 20+ open since early 2025

[numbers-official]

Summary

There are 20+ Dependabot dependency bump issues open in the repository, many dating back to early 2025 (over a year old). Several include major version bumps that may require significant migration effort:

Issue	Dependency	Upgrade
#3319	typescript	4.7.4 → 5.7.3
#3318	zone.js	0.11.4 → 0.15.0
#3320	swiper	8.4.7 → 11.2.2
#3315	@ngneat/transloco	2.22.0 → 6.0.4
#3316	@capacitor-community/bluetooth-le	6.0.1 → 7.0.0
#3260	@ionic/angular-toolkit	4.0.0 → 12.1.1

Risk

• Stale dependency updates accumulate security vulnerabilities
• The longer major bumps are deferred, the harder migration becomes
• Some of these may already be addressed by transitive dependencies or Angular 18 migration

Suggested Actions

1. Close issues for already-resolved bumps (e.g., Swiper was upgraded to 12 in commit 6cb38aae on 2026-02-26, but build(deps): bump swiper from 8.4.7 to 11.2.2 #3320 asks for 8→11)
2. Prioritize security-relevant bumps (webpack, express path-to-regexp, elliptic)
3. Batch compatible minor/patch bumps into a single PR
4. Create a migration plan for major bumps (TypeScript 5.x, zone.js 0.15, transloco 6.x)
5. Consider enabling Dependabot auto-merge for patch updates (as proposed in [Feature][High] Add dependency vulnerability scanning to CI pipeline #3384/Add dependency vulnerability scanning to CI pipeline #3388)

Evidence

• Issue list retrieved via gh api repos/numbersprotocol/capture-cam/issues?state=open
• Swiper upgrade already landed: commit 6cb38aae fix: upgrade Swiper 9→12

---

Generated by NREM Mode with Omni