chore(deps): update dependency ajv to v8.18.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
ajv (source)	8.12.0 → 8.18.0

GitHub Vulnerability Alerts

CVE-2025-69873

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.

---

Release Notes

ajv-validator/ajv (ajv)

v8.18.0

Compare Source

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in #​2480
• fix: #​2482 Infinity and NaN serialise to null by @​jasoniangreen in #​2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in #​2508
• fix: typos in schema-language.md by @​monteiro-renato in #​2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in #​2586

New Contributors

• @​josdejong made their first contribution in #​2480
• @​monteiro-renato made their first contribution in #​2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

v8.17.1

Compare Source

What's Changed

• bump version to 8.17.1 by @​jasoniangreen in #​2472

Full Changelog: ajv-validator/ajv@v8.17.0...v8.17.1

Plus everything in 8.17.0 which failed to release

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (#​2444)" by @​gurgunday in #​2448
fix: ignore new eslint error for @​typescript-eslint/no-extraneous-class by @​jasoniangreen in #​2455
docs: clarify behaviour of addVocabulary by @​jasoniangreen in #​2454
docs: refactor to improve legibility by @​blottn in #​2432
Fix grammatical typo in managing-schemas.md by @​wetneb in #​2305
docs: Fix broken strict-mode link by @​alexanderjsx in #​2459
feat: add test for encoded refs and bump fast-uri by @​jasoniangreen in #​2449
fix: changes for @​typescript-eslint/array-type rule by @​jasoniangreen in #​2467
fixes #​2217 - clarify custom keyword naming by @​jasoniangreen in #​2457

v8.16.0

Compare Source

What's Changed

• Revert fast-uri change by @​jasoniangreen in #​2444

Full Changelog: ajv-validator/ajv@v8.15.0...v8.16.0

v8.15.0

Compare Source

What's Changed

• Replace uri-js with fast-uri by @​vixalien in #​2415
• Bump to 8.15.0 by @​jasoniangreen in #​2442

New Contributors

• @​vixalien made their first contribution in #​2415

Full Changelog: ajv-validator/ajv@v8.14.0...v8.15.0

v8.14.0

Compare Source

What's Changed

• readme: build badge by @​epoberezkin in #​2424
• Update workflows by @​rotu in #​2410
• docs: add warning to maxLength / minLength by @​jasoniangreen in #​2428
• fix: broken link in docs warning by @​jasoniangreen in #​2431
• compileAsync a schema with discriminator and $ref, fixes #​2427 by @​jasoniangreen in #​2433
• bump version to 8.14.0 for publishing by @​jasoniangreen in #​2440

New Contributors

• @​rotu made their first contribution in #​2410

Full Changelog: ajv-validator/ajv@v8.13.0...v8.14.0

v8.13.0

Compare Source

• add named exports
• update dependencies
• update node.js

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	1afeba8
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69b5bbd8ca69e30008d8a44a

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 41.91
• Iterations/s: 13.97
• Failed Requests: 0.00% (0 of 2519)

📜 Logs

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 909 kB 15 kB/s
     data_sent......................: 1.9 MB 32 kB/s
     http_req_blocked...............: avg=7.81µs   min=2.21µs   med=5.74µs   max=1.55ms   p(90)=6.95µs   p(95)=7.63µs  
     http_req_connecting............: avg=520ns    min=0s       med=0s       max=616.47µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=94.83ms  min=7.13ms   med=77.51ms  max=656.98ms p(90)=161.79ms p(95)=178.71ms
       { expected_response:true }...: avg=94.83ms  min=7.13ms   med=77.51ms  max=656.98ms p(90)=161.79ms p(95)=178.71ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2519
     http_req_receiving.............: avg=86.08µs  min=21.4µs   med=76.87µs  max=2.1ms    p(90)=104.63µs p(95)=123.09µs
     http_req_sending...............: avg=36.39µs  min=9.69µs   med=28.06µs  max=2.14ms   p(90)=37.38µs  p(95)=46.67µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=94.71ms  min=6.97ms   med=77.39ms  max=656.87ms p(90)=161.6ms  p(95)=178.58ms
     http_reqs......................: 2519   41.905226/s
     iteration_duration.............: avg=285.98ms min=153.67ms med=274.51ms max=973.01ms p(90)=333.87ms p(95)=366.2ms 
     iterations.....................: 840    13.973954/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4