You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All vulnerabilities are in dev-only dependencies (linting/testing toolchain) with no production firewall impact. npm audit now reports 0 vulnerabilities.
Verification
npm audit reports 0 vulnerabilities after update
Test suite passes (204/205 suites pass; 1 pre-existing failure in agent-volumes-dns-preresolution.test.ts unrelated to these updates)
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.json
package.json
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 28637156883 -n agent -D /tmp/agent-28637156883
# Create a new branch
git checkout -b deps/safe-updates-2026-07-03-11610adbf549f84b main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-28637156883/aw-deps-safe-updates-2026-07-03.patch
# Push the branch and create the pull request
git push origin deps/safe-updates-2026-07-03-11610adbf549f84b
gh pr create --title '[Deps] Safe dependency updates (2026-07-03)' --base main --head deps/safe-updates-2026-07-03-11610adbf549f84b --repo github/gh-aw-firewall
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
Automated Safe Dependency Updates
This PR contains safe dependency updates that have been verified to:
Updated Dependencies
markdownlint-cli2@typescript-eslint/eslint-plugin@typescript-eslint/parsertypescript-eslintjs-yaml(transitive via@istanbuljs/load-nyc-config)Security Fixes Included
js-yamlviamarkdownlint-cli2markdown-itviamarkdownlint-cli2js-yamlvia@istanbuljs/load-nyc-configAll vulnerabilities are in dev-only dependencies (linting/testing toolchain) with no production firewall impact.
npm auditnow reports 0 vulnerabilities.Verification
npm auditreports 0 vulnerabilities after updateagent-volumes-dns-preresolution.test.tsunrelated to these updates)Notes
markdownlint-cli20.21.0 → 0.23.0 is technically a minor bump but resolves both outstanding MODERATE CVEs tracked in [Deps] Safe dependency updates (2026-07-01) #5741 and [Deps] Safe dependency updates (2026-07-02) #5802.Generated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.jsonpackage.jsonCreate the pull request manually
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.