chore(studio-deps)(deps): bump the security-critical group in /studio with 2 updates#2607
Merged
mergify[bot] merged 1 commit intoOct 6, 2025
Conversation
Bumps the security-critical group in /studio with 2 updates: [datatables.net-select](https://github.com/DataTables/Dist-DataTables-Select) and [datatables.net-select-bs5](https://github.com/DataTables/Dist-DataTables-Select-Bootstrap5). Updates `datatables.net-select` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/DataTables/Dist-DataTables-Select/releases) - [Commits](DataTables/Dist-DataTables-Select@3.1.1...3.1.2) Updates `datatables.net-select-bs5` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/DataTables/Dist-DataTables-Select-Bootstrap5/releases) - [Commits](DataTables/Dist-DataTables-Select-Bootstrap5@3.1.1...3.1.2) --- updated-dependencies: - dependency-name: datatables.net-select dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security-critical - dependency-name: datatables.net-select-bs5 dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security-critical ... Signed-off-by: dependabot[bot] <support@github.com>
robfrank
approved these changes
Oct 6, 2025
mergify Bot
added a commit
that referenced
this pull request
Apr 26, 2026
…studio [skip ci] Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.18.0 to 8.20.0. Release notes *Sourced from [ajv's releases](https://github.com/ajv-validator/ajv/releases).* > v8.20.0 > ------- > > What's Changed > -------------- > > * fix: add support for node 22/24, drop node 16/21 by [`@jasoniangreen`](https://github.com/jasoniangreen) in [ajv-validator/ajv#2580](https://redirect.github.com/ajv-validator/ajv/pull/2580) > * fix: add ES2022.RegExp for RegExpIndicesArray by [`@SignpostMarv`](https://github.com/SignpostMarv) in [ajv-validator/ajv#2604](https://redirect.github.com/ajv-validator/ajv/pull/2604) > > **Full Changelog**: <ajv-validator/ajv@v8.19.0...v8.20.0> > > v8.19.0 > ------- > > What's Changed > -------------- > > * fix prototype pollution via format keyword using $data ref by [`@epoberezkin`](https://github.com/epoberezkin) in [ajv-validator/ajv#2607](https://redirect.github.com/ajv-validator/ajv/pull/2607) > > **Full Changelog**: <ajv-validator/ajv@v8.18.0...v8.19.0> Commits * [`0fba0b8`](ajv-validator/ajv@0fba0b8) 8.20.0 * [`9caf8d6`](ajv-validator/ajv@9caf8d6) fix: add ES2022.RegExp for RegExpIndicesArray; fixes [ajv-validator/ajv#2603](https://redirect.github.com/ajv-validator/ajv/issues/2603) (... * [`2065350`](ajv-validator/ajv@2065350) fix: add support for node 22/24, drop node 16/21 ([#2580](https://redirect.github.com/ajv-validator/ajv/issues/2580)) * [`154b58d`](ajv-validator/ajv@154b58d) 8.19.0 * [`e8d2bdc`](ajv-validator/ajv@e8d2bdc) test/fix prototype pollution via $data ref with format keyword ([#2607](https://redirect.github.com/ajv-validator/ajv/issues/2607)) * See full diff in [compare view](ajv-validator/ajv@v8.18.0...v8.20.0) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the security-critical group in /studio with 2 updates: datatables.net-select and datatables.net-select-bs5.
Updates
datatables.net-selectfrom 3.1.1 to 3.1.2Release notes
Sourced from datatables.net-select's releases.
Commits
1810028Sync tag release - 3.1.2391d17f2079c0f72cfd8487ba654db1194314b354707d99 Release 3.1.29252d864373f12c7f60923f4edb3f68ac5deae6b026b7a1 Fix: Bootstrap 5 text colour for sel...Updates
datatables.net-select-bs5from 3.1.1 to 3.1.2Release notes
Sourced from datatables.net-select-bs5's releases.
Commits
9163b78Include ESM files in Nuget packages0e322bcecb8b66ce1ebef32824b7759763ccc21cf9bf1e0 Fix: Minified version of Select didn...ffc9033797624423579cb12fa852f10ccd2c821de8c8ea1 Fix: Allow the select all on page ch...988ba0fSync tag release - 2.0.4766880e3017daeac2ef603ead7cc057b4c5482c38435e10 Release 2.0.47f5f6f914257398c0cc2b7b726d6a07c5f3d3fb61890469 Fix: Columns with checkboxes might, ...c2c0e3dc813e2afb4d1bef1729dfa2e5329861358158295 Fix: Remove header checkbox on destroy2ec841cf05e12c99d817fded09331e73fcc2e016baea675 Fix: When there is no data in the ta...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions