Skip to content

chore(deps): bump ajv from 8.17.1 to 8.18.0#5709

Open
dependabot[bot] wants to merge 1 commit intounstablefrom
dependabot/npm_and_yarn/ajv-8.18.0
Open

chore(deps): bump ajv from 8.17.1 to 8.18.0#5709
dependabot[bot] wants to merge 1 commit intounstablefrom
dependabot/npm_and_yarn/ajv-8.18.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 17, 2026
edited
Loading

Bumps ajv from 8.17.1 to 8.18.0.

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 17, 2026
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Mar 1, 2026

@dependabot rebase

@rtibbles rtibbles requested a review from rtibblesbot March 1, 2026 08:47
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 90c3622 to 48c1d37 Compare March 1, 2026 08:48
rtibblesbot
rtibblesbot reviewed Mar 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rtibblesbot rtibblesbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Update Review

Package: ajv 8.17.1 → 8.18.0
Semver risk: Minor
Dependency type: Production
CI status: Contributor check fails (expected for bot PRs); substantive checks (frontend tests, linting, build) still in progress

Changelog Analysis

Sources consulted:

Breaking changes: None.

Security fixes:

Other notable changes:

  • Tree-shaking support via "sideEffects": false in package.json
  • Fix: Infinity and NaN values no longer serialize incorrectly to null (#2482)

Compatibility Assessment

  • Breaking changes: none
  • Peer dependency changes: none
  • Code changes required: none
  • Lockfile changes: ajv 8.17.1 → 8.18.0 and transitive dep fast-uri 3.0.6 → 3.1.0 — expected
  • Target branch: unstable (default branch) — correct

Recommendation

APPROVE once CI completes — minor bump with no breaking changes and a security fix (CVE-2025-69873). The Infinity/NaN serialization fix is a correctness improvement. Recommend merging promptly given the CVE.

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

  • Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
  • Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
  • Architecture: duplicated concerns, minimal interfaces, composition over inheritance
  • Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
  • Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
  • Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
  • Checked CI status and linked issue acceptance criteria
  • For UI changes: inspected screenshots for layout, visual completeness, and consistency

rtibblesbot
rtibblesbot approved these changes Mar 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rtibblesbot rtibblesbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor dependency bump (ajv 8.17.1 → 8.18.0) with a security fix (CVE-2025-69873 ReDoS mitigation), no breaking changes.

CI: frontend tests, linting, and build still in progress; path checks and message build passing. Target branch unstable is correct (repo default).

Lockfile changes are expected: ajv 8.17.1 → 8.18.0, transitive fast-uri 3.0.6 → 3.1.0, ajv 6.12.6 → 6.14.0.

1 prior finding(s) resolved.

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Compared the current PR state against findings from a prior review:

  • Retrieved prior bot reviews deterministically via the GitHub API
  • Classified each prior finding as RESOLVED, UNADDRESSED, ACKNOWLEDGED, or CONTESTED
  • Only raised NEW findings for newly introduced code
  • Reviewed the pull request diff checking for correctness, design, architecture, testing, completeness, and adherence to DRY/SRP principles
  • Checked CI status and linked issue acceptance criteria

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 48c1d37 to fa11e34 Compare March 3, 2026 16:58
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from fa11e34 to dd4f187 Compare March 11, 2026 20:50
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Apr 16, 2026

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from dd4f187 to 3a84374 Compare April 16, 2026 16:08
@rtibbles
Copy link
Copy Markdown
Member

rtibbles commented Apr 16, 2026

@dependabot rebase

@dependabot
chore(deps): bump ajv from 8.17.1 to 8.18.0
637aaac 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.17.1 to 8.18.0.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ajv-8.18.0 branch from 3a84374 to 637aaac Compare April 16, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rtibblesbot rtibblesbot rtibblesbot approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rtibbles @rtibblesbot