chore(deps-dev): bump ajv from 6.12.6 to 6.14.0#171
Conversation
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.6 to 6.14.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
SonarQube reviewer guideSummary: Dependency updates for ajv package versions and cleanup of unused npm nested dependencies in package-lock.json. Review Focus: The ajv version bumps (6.12.6→6.14.0 and 8.17.1→8.18.0) across multiple locations should be verified for compatibility. The removal of ~600 lines of npm nested dependencies (wrap-ansi, cross-spawn, jackspeak, etc.) suggests a significant npm tooling change—verify this was intentional and didn't break npm functionality. Start review at:
|
|
This pull request has been marked stale because it has not seen any activity within two months. It will be closed within 15 days of being stale unless there is new activity. |
|
This pull request has been closed due to continued inactivity. If you are interested in finishing the proposed changes, then feel free to re-open this pull request or open a new one. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps ajv from 6.12.6 to 6.14.0.
Commits
e3af0a76.14.0b552ed6add regExp option to address $data exploit via a regular expression (CVE-2025...72f2286docs: update v7 info231e52bMerge pull request #1320 from philsturgeon/patch-1d3475fcAdd spectral, an AJV util from a sponsor413afe0docs: v7.0.0-beta.311e997bupdate readme for v7You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.