[Deps] Safe dependency updates (2026-05-03)

[github-actions]

Automated Safe Dependency Updates

This PR contains safe patch/minor dependency updates that have been verified to:

• ✅ Pass all tests (1727 passed; 2 pre-existing failures unrelated to these changes)
• ✅ No security vulnerabilities (npm audit reports 0 vulnerabilities)
• ✅ No breaking changes (all updates within semver-compatible ranges)

Updated Dependencies

Package	Previous	Updated	Type
@babel/preset-env	7.29.2	7.29.3	patch
@commitlint/cli	20.5.0	20.5.3	patch
@commitlint/config-conventional	20.5.0	20.5.3	patch
@typescript-eslint/eslint-plugin	8.58.2	8.59.1	patch
@typescript-eslint/parser	8.58.2	8.59.1	patch
ajv	8.18.0	8.20.0	minor
eslint	10.2.1	10.3.0	minor
globals	17.5.0	17.6.0	minor
typescript-eslint	8.58.2	8.59.1	patch

Security Assessment

• CRITICAL/HIGH vulnerabilities: 0 found — no security issues to report
• npm audit: Clean (0 vulnerabilities across 649 dependencies)
• Dependabot alerts: API access not available in this context

Skipped Updates (Major Version Bumps)

The following packages have major updates available but were skipped as they may contain breaking changes:

• chalk: 4.x → 5.x (ESM-only in v5)
• commander: 12.x → 14.x
• execa: 5.x → 9.x
• typescript: 5.x → 6.x
• eslint-plugin-security: 3.x → 4.x

---

Generated by Dependency Security Monitor Workflow

---

Warning

Protected Files

This was originally intended as a pull request, but the patch modifies protected files. These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.

Click here to create the pull request once you have reviewed the changes

Protected files

• package-lock.json

To route changes like this to a review issue instead of blocking, configure protected-files: fallback-to-issue in your workflow configuration.

Generated by Dependency Security Monitor · ● 508.9K · ◷