Skip to content

chore: bump deps (ajv 8.20, ajv-formats 3, vitest 4.1.5, ref-parser, path-to-regexp)#2

Merged
kevinccbsg merged 1 commit into
mainfrom
chore/dep-updates-no-ts
May 8, 2026
Merged

chore: bump deps (ajv 8.20, ajv-formats 3, vitest 4.1.5, ref-parser, path-to-regexp)#2
kevinccbsg merged 1 commit into
mainfrom
chore/dep-updates-no-ts

Conversation

@kevinccbsg
Copy link
Copy Markdown
Member

@kevinccbsg kevinccbsg commented May 8, 2026

Summary

  • Bumps all outdated deps except TypeScript (TS 6 deferred to its own PR for isolated typing-fallout review).
  • Crosses ajv-formats v2 → v3. Only behavioral break in v3 is that date-time / time formats now require a timezone (RFC3339); this project has no such format strings or fixtures, so no impact.
  • Bumping ajv 8.18 → 8.20 also closes the high-severity fast-uri advisory (GHSA-q3j6-qgpj-74h6, GHSA-v39h-62p7-jpjc) pulled transitively. npm audit is now clean.
package from to
ajv ^8.18.0 ^8.20.0
ajv-formats ^2.1.1 ^3.0.1
@apidevtools/json-schema-ref-parser ^15.3.4 ^15.3.5
path-to-regexp ^8.4.0 ^8.4.2
vitest ^4.1.2 ^4.1.5
@vitest/coverage-v8 ^4.1.2 ^4.1.5

Lockfile regenerated via clean reinstall (rm -rf node_modules package-lock.json && npm install) to keep platform-specific optional deps intact for Linux CI.

Test plan

  • npm run build passes locally
  • npm run test:ci — 144/144 tests pass, coverage 91.62%
  • npm audit — 0 vulnerabilities
  • CI green on Node 20.x / 22.x / 24.x

🤖 Generated with Claude Code

@kevinccbsg @claude
chore: bump dependencies (ajv, ajv-formats, vitest, ref-parser, path-…
0e31627 
…to-regexp)

Bumps everything except TypeScript. Notably crosses the ajv-formats
v2 → v3 major (no impact: project does not use date-time format
strings, which is the only behavioral break in v3). Also closes the
fast-uri high-severity advisory transitively pulled in by ajv <8.20.

- ajv ^8.18.0 → ^8.20.0
- ajv-formats ^2.1.1 → ^3.0.1
- @apidevtools/json-schema-ref-parser ^15.3.4 → ^15.3.5
- path-to-regexp ^8.4.0 → ^8.4.2
- vitest ^4.1.2 → ^4.1.5
- @vitest/coverage-v8 ^4.1.2 → ^4.1.5

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@kevinccbsg kevinccbsg merged commit 3db04c5 into main May 8, 2026
3 checks passed
@kevinccbsg kevinccbsg deleted the chore/dep-updates-no-ts branch May 8, 2026 20:51
@kevinccbsg kevinccbsg mentioned this pull request May 8, 2026
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevinccbsg