Commits on Feb 18, 2026

1. fix(deps): Update dependency ajv to v8.18.0 [SECURITY] (#346) …

   This PR contains the following updates:
   
   | Package | Type | Update | Change |
   |---|---|---|---|
   | [ajv](https://ajv.js.org) ([source](https://redirect.github.com/ajv-validator/ajv)) | dependencies | minor | [`8.17.1` -> `8.18.0`](https://renovatebot.com/diffs/npm/ajv/8.17.1/8.18.0) |
   
   ### GitHub Vulnerability Alerts
   
   #### [CVE-2025-69873](https://nvd.nist.gov/vuln/detail/CVE-2025-69873)
   
   ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the `$data` option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax (`$data` reference), which is passed directly to the JavaScript `RegExp()` constructor without validation. An attacker can inject a malicious regex pattern (e.g., `\"^(a|a)*$\"`) combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with `$data`: true for dynamic schema validation.
   
   ---
   
   ### Release Notes
   
   <details>
   <summary>ajv-validator/ajv (ajv)</summary>
   
   ### [`v8.18.0`](https://redirect.github.com/ajv-validator/ajv/releases/tag/v8.18.0)
   
   [Compare Source](https://redirect.github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0)
   
   #### What's Changed
   
   -   feat: allow tree-shaking by adding `"sideEffects": false` to `package.json` by [@&#8203;josdejong](https://redirect.github.com/josdejong) in [https://github.com/ajv-validator/ajv/pull/2480](https://redirect.github.com/ajv-validator/ajv/pull/2480)
   -   fix: [#&#8203;2482](https://redirect.github.com/ajv-validator/ajv/issues/2482) Infinity and NaN serialise to null by [@&#8203;jasoniangreen](https://redirect.github.com/jasoniangreen) in [https://github.com/ajv-validator/ajv/pull/2487](https://redirect.github.com/ajv-validator/ajv/pull/2487)
   -   fix: small grammatical error in managing-schemas.md by [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) in [https://github.com/ajv-validator/ajv/pull/2508](https://redirect.github.com/ajv-validator/ajv/pull/2508)
   -   fix: typos in schema-language.md by [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) in [https://github.com/ajv-validator/ajv/pull/2507](https://redirect.github.com/ajv-validator/ajv/pull/2507)
   -   fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by [@&#8203;epoberezkin](https://redirect.github.com/epoberezkin) in [https://github.com/ajv-validator/ajv/pull/2586](https://redirect.github.com/ajv-validator/ajv/pull/2586)
   
   #### New Contributors
   
   -   [@&#8203;josdejong](https://redirect.github.com/josdejong) made their first contribution in [https://github.com/ajv-validator/ajv/pull/2480](https://redirect.github.com/ajv-validator/ajv/pull/2480)
   -   [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) made their first contribution in [https://github.com/ajv-validator/ajv/pull/2508](https://redirect.github.com/ajv-validator/ajv/pull/2508)
   
   **Full Changelog**: ajv-validator/ajv@v8.17.1...v8.18.0
   
   </details>
   
   ---
   
   ### Configuration
   
   📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
   
   🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
   
   ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
   
   🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
   
   ---
   
    - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
   
   ---
   
   This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
   <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4yMi4xIiwidXBkYXRlZEluVmVyIjoiNDAuMjIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwic2VjdXJpdHkiXX0=-->

   

   cq-bot authored Feb 18, 2026
   Configuration menu

   • View commit details
   • Copy full SHA for dd8a092
   • Browse repository at this point

   Copy the full SHA

   dd8a092 View commit details

   Browse the repository at this point in the history

2. chore(main): Release v0.1.33 (#347) …

   🤖 I have created a release *beep* *boop*
   ---
   
   
   ## [0.1.33](v0.1.32...v0.1.33) (2026-02-18)
   
   
   ### Bug Fixes
   
   * **deps:** Update dependency ajv to v8.18.0 [SECURITY] ([#346](#346)) ([dd8a092](dd8a092))
   
   ---
   This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

   

   cq-bot authored Feb 18, 2026
   Configuration menu

   • View commit details
   • Copy full SHA for 47de2b9
   • Browse repository at this point

   Copy the full SHA

   47de2b9 View commit details

   Browse the repository at this point in the history