Skip to content

Dependabot PR Review — 2026-06-12 #447

Closed as duplicate of#448
Closed as duplicate of#448
Dependabot PR Review — 2026-06-12#447
Assignees
ste26054

Description

@macminisupport
macminisupport
opened on Jun 12, 2026

Dependabot PR Review — 2026-06-12

Automated review of 7 open Dependabot PRs on develop.

Summary Table

# Package Version Change Bump CI Mergeable Planned Action
#446 @grpc/grpc-js (group) 1.14.3 → 1.14.4 patch ✅ green blocked (needs review) Approve & merge — security fix (GHSA-5375-pq7m-f5r2, GHSA-99f4-grh7-6pcq)
#442 firebase-tools 15.18.0 → 15.19.1 minor ✅ green clean Auto-merge
#441 ava 7.0.0 → 8.0.1 major ❌ CI failing blocked Skip — test config update needed (see analysis)
#440 eslint-plugin-prettier 5.5.5 → 5.5.6 patch ✅ green clean Auto-merge
#438 ajv 8.18.0 → 8.20.0 minor ✅ green clean Auto-merge
#424 typescript 5.9.3 → 6.0.3 major ❌ CI failing blocked Skip — known fix needed in tsconfig.json (see analysis)
#421 tslint 5.20.1 → 6.1.3 major ✅ green blocked (stale 30d+) Skip — tslint is deprecated, recommend closing PR

Changelog Analysis

#446 — @grpc/grpc-js 1.14.3 → 1.14.4 (patch, security)

Two security fixes only:

No breaking changes. Safe to merge.

#442 — firebase-tools 15.18.0 → 15.19.1 (minor)

Emulator & Data Connect updates only. No breaking changes. Dev dependency.

#441 — ava 7.0.0 → 8.0.1 (major) — CI FAILING

Root cause (from CI logs):

Error: Cannot find module '.../functions/ts-node/register'
imported from .../node_modules/ava/lib/worker/base.js

ava 8 breaking changes:

  • AVA is now fully ESM internally; the require: ['ts-node/register'] config in package.json#ava no longer works as before
  • Test files are loaded via import(), not require()
  • CJS projects need const {default: test} = require('ava') instead of const test = require('ava')
  • Requires @ava/typescript@7 (already merged) plus updating how TypeScript transpilation is configured (should use --import / Node.js loader hooks instead of ts-node/register)

Action needed: Update functions/package.json ava config to use the new ESM-based TypeScript loader. This is a manual change that requires testing — skipping for now.

#440 — eslint-plugin-prettier 5.5.5 → 5.5.6 (patch)

Dependency bump only. No breaking changes. Dev dependency.

#438 — ajv 8.18.0 → 8.20.0 (minor)

  • 8.19.0: security fix for prototype pollution via $data ref
  • 8.20.0: Node 22/24 support, ES2022 type fix

No breaking changes. Includes a security fix. Safe to merge.

#424 — TypeScript 5.9.3 → 6.0.3 (major) — CI FAILING

Root cause (from CI logs):

tsconfig.json(19,23): error TS5107: Option 'moduleResolution=node10' is deprecated 
and will stop functioning in TypeScript 7.0. Specify compilerOption '"ignoreDeprecations": "6.0"'

Fix (already documented in CLAUDE.md):

Change moduleResolution: "node" to "node16" / "nodenext" and remove ignoreDeprecations entirely.

Note: using ignoreDeprecations: "6.0" in tsconfig.json breaks ts-node with TS5103; the proper fix is to update moduleResolution. Would you like me to apply this fix?

⚠️ #421 — tslint 5.20.1 → 6.1.3 (major) — stale + deprecated

CI is green but:

  1. Auto-rebase disabled (PR open > 30 days, branch is out of date with develop)
  2. tslint is deprecated — marked as deprecated on NPM, users encouraged to migrate to ESLint
  3. The project already uses eslint + eslint-plugin-prettier (chore(deps-dev): bump eslint-plugin-prettier from 5.5.5 to 5.5.6 in /functions #440), making tslint redundant

Recommendation: Close this PR. Remove tslint from functions/package.json entirely rather than upgrading a deprecated package.

Requested Confirmations

Before I proceed with merges, please confirm or override the plan by commenting on this issue:

  1. Approve & merge chore(deps): bump the npm_and_yarn group across 2 directories with 1 update #446 (grpc-js security patch) and auto-merge chore(deps-dev): bump firebase-tools from 15.18.0 to 15.19.1 #442, chore(deps-dev): bump eslint-plugin-prettier from 5.5.5 to 5.5.6 in /functions #440, chore(deps): bump ajv from 8.18.0 to 8.20.0 in /functions #438 — reply approve or override specific PRs
  2. chore(deps): bump typescript from 5.9.3 to 6.0.3 in /functions #424 (TypeScript 6) — want me to apply the tsconfig fix (moduleResolution: node16) on the Dependabot branch so CI passes, then merge? Reply fix ts6 or skip
  3. chore(deps-dev): bump ava from 7.0.0 to 8.0.1 in /functions #441 (ava 8) — skip for now? Reply skip ava or investigate
  4. chore(deps-dev): bump tslint from 5.20.1 to 6.1.3 in /functions #421 (tslint) — close PR and remove tslint from package.json? Reply remove tslint or skip

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions