Skip to content

Bump ajv#573

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-73726a8ab8
Open

Bump ajv#573
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-73726a8ab8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 22, 2026
edited
Loading

Bumps and ajv. These dependencies needed to be updated together.
Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 22, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Feb 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mcclowes-com Ready Ready Preview, Comment Mar 25, 2026 4:53pm

Request Review

@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 22, 2026

🤖 Claude PR Summary

null

Generated by Claude

@dependabot @mcclowes
Bump ajv
cd54e49 
Bumps  and [ajv](https://github.com/ajv-validator/ajv). These dependencies needed to be updated together.

Updates `ajv` from 8.17.1 to 8.18.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: indirect
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcclowes mcclowes force-pushed the dependabot/npm_and_yarn/multi-73726a8ab8 branch from 0bbdd3a to cd54e49 Compare March 25, 2026 16:20
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 25, 2026

🤖 Claude PR Summary

Pull Request Analysis

Overview

This PR updates the ajv (Another JSON Schema Validator) package across multiple dependency locations in the project's lock file. This is a dependency version bump with no application code changes.

Key Changes

Version Updates:

  1. Main ajv package: 8.17.18.18.0 (minor version bump)
  2. ajv in nested dependencies: 6.12.66.14.0 (patch version bump)
    • file-loader/node_modules/ajv
    • null-loader/node_modules/ajv
    • url-loader/node_modules/ajv

Files Modified

  • package-lock.json only - No source code or package.json changes

Notable Patterns & Concerns

Positive:

  • Consistent version updates across all instances
  • Minor/patch version bumps suggest backward compatibility
  • All integrity hashes properly updated

⚠️ Points to Consider:

  1. Multiple ajv versions coexist: The project uses both v8.x (main) and v6.x (in loader dependencies), indicating potential transitive dependency constraints
  2. No package.json change: Suggests this is from running npm update or npm install rather than an explicit version requirement change
  3. Testing recommended: Even minor version updates of validation libraries should be tested, especially if custom JSON schemas are used

Recommendation

Verify that all JSON schema validations still pass correctly, particularly if the application heavily relies on ajv for data validation.

Generated by Claude

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants