Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cloudquery/plugin-sdk-javascript
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.1.32
Choose a base ref
...
head repository: cloudquery/plugin-sdk-javascript
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.1.33
Choose a head ref
  • 2 commits
  • 4 files changed
  • 1 contributor

Commits on Feb 18, 2026

  1. fix(deps): Update dependency ajv to v8.18.0 [SECURITY] (#346) 

    This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ajv](https://ajv.js.org) ([source](https://redirect.github.com/ajv-validator/ajv)) | dependencies | minor | [`8.17.1` -> `8.18.0`](https://renovatebot.com/diffs/npm/ajv/8.17.1/8.18.0) |

### GitHub Vulnerability Alerts

#### [CVE-2025-69873](https://nvd.nist.gov/vuln/detail/CVE-2025-69873)

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the `$data` option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax (`$data` reference), which is passed directly to the JavaScript `RegExp()` constructor without validation. An attacker can inject a malicious regex pattern (e.g., `\"^(a|a)*$\"`) combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with `$data`: true for dynamic schema validation.

---

### Release Notes

<details>
<summary>ajv-validator/ajv (ajv)</summary>

### [`v8.18.0`](https://redirect.github.com/ajv-validator/ajv/releases/tag/v8.18.0)

[Compare Source](https://redirect.github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0)

#### What's Changed

-   feat: allow tree-shaking by adding `"sideEffects": false` to `package.json` by [@&#8203;josdejong](https://redirect.github.com/josdejong) in [https://github.com/ajv-validator/ajv/pull/2480](https://redirect.github.com/ajv-validator/ajv/pull/2480)
-   fix: [#&#8203;2482](https://redirect.github.com/ajv-validator/ajv/issues/2482) Infinity and NaN serialise to null by [@&#8203;jasoniangreen](https://redirect.github.com/jasoniangreen) in [https://github.com/ajv-validator/ajv/pull/2487](https://redirect.github.com/ajv-validator/ajv/pull/2487)
-   fix: small grammatical error in managing-schemas.md by [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) in [https://github.com/ajv-validator/ajv/pull/2508](https://redirect.github.com/ajv-validator/ajv/pull/2508)
-   fix: typos in schema-language.md by [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) in [https://github.com/ajv-validator/ajv/pull/2507](https://redirect.github.com/ajv-validator/ajv/pull/2507)
-   fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by [@&#8203;epoberezkin](https://redirect.github.com/epoberezkin) in [https://github.com/ajv-validator/ajv/pull/2586](https://redirect.github.com/ajv-validator/ajv/pull/2586)

#### New Contributors

-   [@&#8203;josdejong](https://redirect.github.com/josdejong) made their first contribution in [https://github.com/ajv-validator/ajv/pull/2480](https://redirect.github.com/ajv-validator/ajv/pull/2480)
-   [@&#8203;monteiro-renato](https://redirect.github.com/monteiro-renato) made their first contribution in [https://github.com/ajv-validator/ajv/pull/2508](https://redirect.github.com/ajv-validator/ajv/pull/2508)

**Full Changelog**: ajv-validator/ajv@v8.17.1...v8.18.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4yMi4xIiwidXBkYXRlZEluVmVyIjoiNDAuMjIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwic2VjdXJpdHkiXX0=-->
    @cq-bot
    cq-bot authored Feb 18, 2026
    Configuration menu
    Copy the full SHA
    dd8a092 View commit details
    Browse the repository at this point in the history

  2. chore(main): Release v0.1.33 (#347) 

    🤖 I have created a release *beep* *boop*
---


## [0.1.33](v0.1.32...v0.1.33) (2026-02-18)


### Bug Fixes

* **deps:** Update dependency ajv to v8.18.0 [SECURITY] ([#346](#346)) ([dd8a092](dd8a092))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
    @cq-bot
    cq-bot authored Feb 18, 2026
    Configuration menu
    Copy the full SHA
    47de2b9 View commit details
    Browse the repository at this point in the history
Loading