Skip to content

Comments

chore(deps): bump ajv in /core#10714

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/core/multi-73726a8ab8
Open

chore(deps): bump ajv in /core#10714
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/core/multi-73726a8ab8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 22, 2026
edited by cubic-dev-ai bot
Loading

Bumps and ajv. These dependencies needed to be updated together.
Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Continue Tasks: ❌ 7 failed — View all

Summary by cubic

Upgrade transitive ajv packages in /core to pick up security fixes and better tree-shaking. No application code changes.

  • Dependencies
    • ajv 8.17.1 → 8.18.0 (via @modelcontextprotocol/sdk and ajv-formats)
    • ajv 6.12.6 → 6.14.0
    • Includes ReDoS mitigation for $data pattern (CVE-2025-69873), Infinity/NaN serialization fix, and marks package as side-effect free for tree-shaking.

Written for commit f113da2. Summary will update on new commits.

@dependabot
chore(deps): bump ajv in /core
f113da2 
Bumps  and [ajv](https://github.com/ajv-validator/ajv). These dependencies needed to be updated together.

Updates `ajv` from 8.17.1 to 8.18.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: indirect
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 22, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 22, 2026 06:48
@dependabot dependabot bot requested review from sestinj and removed request for a team February 22, 2026 06:48
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 22, 2026
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Feb 22, 2026
@haystack-code-reviewer-pr-hook
Copy link

haystack-code-reviewer-pr-hook bot commented Feb 22, 2026

Try Haystack Code Reviewer

Want AI-powered code review for this PR? Get instant analysis, interactive visualizations, and actionable insights.

Review this PR with Haystack

@dosubot
Copy link

dosubot bot commented Feb 22, 2026

Related Documentation

Checked 0 published document(s) in 1 knowledge base(s). No updates required.

How did I do? Any feedback?  Join Discord

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 22, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@sestinj sestinj Awaiting requested review from sestinj sestinj is a code owner automatically assigned from continuedev/continue-code-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

Issues and PRs
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants