You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: No HIGH or CRITICAL vulnerabilities were found. Dependabot alert access was unavailable (403), but npm audit confirms no high/critical issues exist.
Updated Direct/Key Dependencies
Package
Previous
Updated
Type
@babel/core + ecosystem
7.29.0
7.29.7
patch
@babel/preset-env
7.29.2
7.29.7
patch
js-yaml
4.1.1
4.2.0
patch
ajv
8.18.0
8.20.0
patch
jest + ecosystem
30.3.0
30.4.2
patch
babel-jest
30.3.0
30.4.1
patch
eslint
10.2.1
10.5.0
patch
@typescript-eslint/* + typescript-eslint
8.58.2
8.61.1
patch
ts-jest
29.4.9
29.4.11
patch
@commitlint/cli + config-conventional
20.5.0
20.5.3
patch
@eslint/compat
2.0.5
2.1.0
minor
globals
17.5.0
17.6.0
patch
@types/node
25.6.0
25.9.4
patch
acorn
8.16.0
8.17.0
patch
Various transitive deps
—
—
patch
Skipped (Major Version Bumps — Breaking Changes)
Package
Current
Latest
Reason
@babel/core
7.x
8.x
Major
chalk
4.x
5.x
ESM-only in v5
commander
12.x
15.x
Major
execa
5.x
9.x
ESM-only in v9
eslint-plugin-security
3.x
4.x
Major
typescript
5.x
6.x
Major
@commitlint/*
20.x
21.x
Major
Vulnerability Summary
CRITICAL: 0 found
HIGH: 0 found
MODERATE: 19 noted (all in test-only Jest/Babel chain, require major upgrades)
All tests pass (3045/3046; 1 pre-existing DNS-flaky test confirmed failing on main too)
No breaking changes detected
Only package-lock.json changed (all updates within existing semver ranges)
Generated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.json
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 27937225151 -n agent -D /tmp/agent-27937225151
# Create a new branch
git checkout -b deps/safe-updates-2026-06-22-00f377f5a2bf1270 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-27937225151/aw-deps-safe-updates-2026-06-22.patch
# Push the branch and create the pull request
git push origin deps/safe-updates-2026-06-22-00f377f5a2bf1270
gh pr create --title '[Deps] Safe dependency updates (2026-06-22)' --base main --head deps/safe-updates-2026-06-22-00f377f5a2bf1270 --repo github/gh-aw-firewall
Automated Safe Dependency Updates
This PR contains safe patch-level dependency updates verified to:
@babel/coreSecurity Fix Included
@babel/coreUpdated Direct/Key Dependencies
@babel/core+ ecosystem@babel/preset-envjs-yamlajvjest+ ecosystembabel-jesteslint@typescript-eslint/*+typescript-eslintts-jest@commitlint/cli+config-conventional@eslint/compatglobals@types/nodeacornSkipped (Major Version Bumps — Breaking Changes)
@babel/corechalkcommanderexecaeslint-plugin-securitytypescript@commitlint/*Vulnerability Summary
@babel/core)Verification
npm updateapplied all in-range updatespackage-lock.jsonchanged (all updates within existing semver ranges)Generated by Dependency Security Monitor Workflow
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
package-lock.jsonThe push was rejected because GitHub Actions does not have
workflowspermission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.Create the pull request manually