chore(deps): update dependency ajv to ~8.18.0 [security] (main) - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
ajv (source)	~8.17.1 → ~8.18.0

GitHub Vulnerability Alerts

CVE-2025-69873

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.

---

Release Notes

ajv-validator/ajv (ajv)

v8.18.0

Compare Source

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in #​2480
• fix: #​2482 Infinity and NaN serialise to null by @​jasoniangreen in #​2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in #​2508
• fix: typos in schema-language.md by @​monteiro-renato in #​2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in #​2586

New Contributors

• @​josdejong made their first contribution in #​2480
• @​monteiro-renato made their first contribution in #​2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit bc00482

Command	Status	Duration	Result
nx run-many --target=test-e2e	✅ Succeeded	2m 3s	View ↗
nx run-many --tui=false --target=build --projec...	✅ Succeeded	1s	View ↗
nx run-many --target=build,build-swagger	✅ Succeeded	15m 22s	View ↗
nx affected --target=lint --configuration ci	✅ Succeeded	14m 14s	View ↗
nx affected --target=test --collectCoverage --c...	✅ Succeeded	4m 47s	View ↗
nx run ama-sdk-schematics:build-swagger	✅ Succeeded	2m 17s	View ↗
nx run-many --target=documentation	✅ Succeeded	1m 25s	View ↗
nx affected --target=package-github-action	✅ Succeeded	2m 8s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-20 03:42:25 UTC

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.16%. Comparing base (0508b63) to head (bc00482).
✅ All tests successful. No failed tests found.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[fpaul-1A]

the vulnerable dep is still there, we probably need to add it into overrides to remove it

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.