[Deps] Safe dependency updates (2026-03-02)

[github-actions]

Automated Safe Dependency Updates

This PR contains security fixes and safe patch-level dependency updates verified to pass all tests with no breaking changes.

Security Fixes

Package	Previous	Updated	Advisory
minimatch	10.0.0-10.2.2	10.2.3+	GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74
ajv	<6.14.0 / <8.18.0	8.18.0+	GHSA-2g4f-4pwh-qvx6

Updated Dependencies

Package	Previous	Updated	Type
@commitlint/cli	20.4.1	20.4.2	patch
@commitlint/config-conventional	20.4.1	20.4.2	patch
@types/node	25.2.3	25.3.3	patch
@typescript-eslint/eslint-plugin	8.55.0	8.56.1	patch
@typescript-eslint/parser	8.55.0	8.56.1	patch
eslint	10.0.0	10.0.2	patch
glob	13.0.1	13.0.6	patch
globals	17.3.0	17.4.0	patch
typescript-eslint	8.55.0	8.56.1	patch

Verification

• npm audit shows 0 vulnerabilities after update
• All tests pass (3 pre-existing failures in docker-manager.test.ts unrelated to these changes)
• No breaking changes detected

Notes

Security vulnerabilities fixed via npm audit fix. All other updates are patch-level with no breaking changes. Closes #1100.

---

Generated by Dependency Security Monitor Workflow

AI generated by Dependency Security Monitor

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.03%	82.18%	📈 +0.15%
Statements	82.01%	82.15%	📈 +0.14%
Functions	82.50%	82.50%	➡️ +0.00%
Branches	74.20%	74.29%	📈 +0.09%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.1% → 83.7% (+0.56%)	82.4% → 83.0% (+0.54%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

Updates the repository’s Node dev-tooling dependencies to address known security advisories (notably minimatch and ajv) and apply patch-level upgrades in the linting/commit tooling chain.

Changes:

• Bump commitlint, ESLint, glob/globals, and TypeScript-ESLint packages.
• Update package-lock.json to pick up patched minimatch and ajv versions and refresh related transitive dependencies.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updates devDependency version ranges for commitlint/ESLint/glob/globals/TS-ESLint toolchain.
package-lock.json	Locks updated direct + transitive versions (including patched minimatch/ajv) produced by the dependency update.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🦀 Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: ✅ PASS

Generated by Build Test Rust for issue #1114

[github-actions]

Build Test: Node.js Results

Project	Install	Tests	Status
clsx	✅	All passed	PASS
execa	✅	All passed	PASS
p-limit	✅	All passed	PASS

Overall: ✅ PASS

Generated by Build Test Node.js for issue #1114

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: ✅ PASS

Run outputs

hello-world:

Hello, World!
```

**json-parse:**
```
{
  "Name": "AWF Test",
  "Version": 1,
  "Success": true
}
Name: AWF Test, Success: True

Generated by Build Test .NET for issue #1114

[github-actions]

Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

Generated by Build Test Deno for issue #1114

[github-actions]

Go Build Test Results ✅

Project	Download	Tests	Status
color	✅	PASS	PASS
env	✅	PASS	PASS
uuid	✅	PASS	PASS

Overall: PASS

Generated by Build Test Go for issue #1114

[github-actions]

Smoke Test Results — run 22603148592

✅ GitHub MCP — Last 2 merged PRs:

• fix: add explicit execute directive to smoke-codex to prevent noop #1078 "fix: add explicit execute directive to smoke-codex to prevent noop" by @Copilot
• fix(deps): resolve high-severity rollup vulnerability in docs-site #1069 "fix(deps): resolve high-severity rollup vulnerability in docs-site" by @Copilot

✅ Playwright — github.com title contains "GitHub"
✅ File Write — /tmp/gh-aw/agent/smoke-test-copilot-22603148592.txt created
✅ Bash — file content verified

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1114

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS 🎉

Generated by Build Test C++ for issue #1114

[github-actions]

Merged PRs: fix: add explicit execute directive to smoke-codex to prevent noop; fix(deps): resolve high-severity rollup vulnerability in docs-site
PR list: chore(deps): bump the all-npm-dependencies group across 1 directory with 13 updates; feat: add configurable tmpfs mount for GH_AW_SETUP_DIR with comprehensive healthcheck
Tests: GitHub MCP ✅, safeinputs-gh ✅, Playwright ✅, Tavily ❌ (tool missing)
Tests: File write ✅, Bash cat ✅, Discussion comment ✅, Build ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1114

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

Generated by Build Test Java for issue #1114

[github-actions]

🧪 Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: ✅ PASS

Bun v1.3.10 — all tests passed successfully.

Generated by Build Test Bun for issue #1114

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.12	Python 3.12.3	❌ NO
Node.js	v24.13.1	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Result: FAILED — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot for issue #1114

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: PR fix: add explicit execute directive to smoke-codex to prevent noop #1078 "fix: add explicit execute directive to smoke-codex to prevent noop", PR fix(deps): resolve high-severity rollup vulnerability in docs-site #1069 "fix(deps): resolve high-severity rollup vulnerability in docs-site"
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File Write: /tmp/gh-aw/agent/smoke-test-claude-22603148562.txt created
• ✅ Bash: File verified via cat

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1114