Skip to content

fix: update ajv to 6.14.0 to address security vulnerabilities#221

Merged
mdjermanovic merged 1 commit intomainfrom
fix/update-ajv
Feb 21, 2026
Merged

fix: update ajv to 6.14.0 to address security vulnerabilities#221
mdjermanovic merged 1 commit intomainfrom
fix/update-ajv

Conversation

@lumirlumir
Copy link
Member

@lumirlumir lumirlumir commented Feb 21, 2026

Prerequisites checklist

AI acknowledgment

  • I did not use AI to generate this PR.
  • (If the above is not checked) I have reviewed the AI-generated content before submitting.

What is the purpose of this pull request?

This PR updates ajv to address the security vulnerabilities mentioned in #216.

The new backported ajv version, v6.14.0, was released about 7 hours ago. (It looks like 6.13.x doesn’t exist, and it was bumped from 6.12.x to 6.14.x.)

https://www.npmjs.com/package/ajv?activeTab=versions

image

Related PR: ajv-validator/ajv#2588 (comment)

Related GitHub Advisory Database update: github/advisory-database#6991

What changes did you make? (Give an overview)

This PR updates ajv to address the security vulnerabilities mentioned in #216.

Related Issues

Fixes: #216

Is there anything you'd like reviewers to focus on?

@eslint-github-bot eslint-github-bot bot added the bug Something isn't working label Feb 21, 2026
@eslint-github-bot eslint-github-bot bot mentioned this pull request Feb 21, 2026
Closed
@eslintbot eslintbot added this to Triage Feb 21, 2026
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage Feb 21, 2026
@lumirlumir lumirlumir marked this pull request as ready for review February 21, 2026 01:38
Copilot AI review requested due to automatic review settings February 21, 2026 01:38
Copilot AI reviewed Feb 21, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the ajv runtime dependency in @eslint/eslintrc to pick up the 6.14.0 backport that addresses the vulnerability referenced in issue #216.

Changes:

  • Bumped ajv from ^6.12.4 to ^6.14.0 in dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@lumirlumir lumirlumir mentioned this pull request Feb 21, 2026
Closed
1 task
mdjermanovic
mdjermanovic approved these changes Feb 21, 2026
View reviewed changes
Copy link
Member

@mdjermanovic mdjermanovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! (same comment as eslint/eslint#20537 (comment))

@mdjermanovic mdjermanovic merged commit 9139140 into main Feb 21, 2026
26 checks passed
@mdjermanovic mdjermanovic deleted the fix/update-ajv branch February 21, 2026 17:13
@github-project-automation github-project-automation bot moved this from Needs Triage to Complete in Triage Feb 21, 2026
@eslintbot eslintbot mentioned this pull request Feb 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mdjermanovic mdjermanovic mdjermanovic approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

Triage
Status: Complete

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

High level vulnerability in ajv@6.12.x

3 participants

@lumirlumir @mdjermanovic