Skip to content

[Deps] Safe dependency updates (2026-07-03) #5853

Description

@github-actions

Automated Safe Dependency Updates

This PR contains safe dependency updates that have been verified to:

  • ✅ Pass all tests (pre-existing unrelated test failure excluded)
  • ✅ Resolve all 3 MODERATE security vulnerabilities
  • ✅ No breaking changes

Updated Dependencies

Package Previous Updated Type
markdownlint-cli2 0.21.0 0.23.0 minor (fixes security vulns)
@typescript-eslint/eslint-plugin 8.62.0 8.62.1 patch
@typescript-eslint/parser 8.62.0 8.62.1 patch
typescript-eslint 8.62.0 8.62.1 patch
js-yaml (transitive via @istanbuljs/load-nyc-config) patched npm audit fix

Security Fixes Included

GHSA Package Severity CVSS
GHSA-h67p-54hq-rp68 js-yaml via markdownlint-cli2 MODERATE 5.3
GHSA-6v5v-wf23-fmfq markdown-it via markdownlint-cli2 MODERATE 5.3
(transitive) js-yaml via @istanbuljs/load-nyc-config MODERATE 5.3

All vulnerabilities are in dev-only dependencies (linting/testing toolchain) with no production firewall impact. npm audit now reports 0 vulnerabilities.

Verification

  • npm audit reports 0 vulnerabilities after update
  • Test suite passes (204/205 suites pass; 1 pre-existing failure in agent-volumes-dns-preresolution.test.ts unrelated to these updates)
  • TypeScript build succeeds
  • ESLint passes

Notes


Generated by Dependency Security Monitor Workflow


Warning

Protected Files — Push Permission Denied

This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.

Protected files
  • package-lock.json
  • package.json

The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.

Create the pull request manually
# Download the patch from the workflow run
gh run download 28637156883 -n agent -D /tmp/agent-28637156883

# Create a new branch
git checkout -b deps/safe-updates-2026-07-03-11610adbf549f84b main

# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-28637156883/aw-deps-safe-updates-2026-07-03.patch

# Push the branch and create the pull request
git push origin deps/safe-updates-2026-07-03-11610adbf549f84b
gh pr create --title '[Deps] Safe dependency updates (2026-07-03)' --base main --head deps/safe-updates-2026-07-03-11610adbf549f84b --repo github/gh-aw-firewall

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Dependency Security Monitor · 119.4 AIC · ⊞ 7.3K ·

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions