build(deps-dev): bump ajv from 8.18.0 to 8.20.0

[dependabot]

Bumps ajv from 8.18.0 to 8.20.0.

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in ajv-validator/ajv#2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

• fix prototype pollution via format keyword using $data ref by @​epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

• 0fba0b8 8.20.0
• 9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
• 2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
• 154b58d 8.19.0
• e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
• See full diff in compare view

---

Note

Low Risk
Low risk: this is a devDependency version bump with lockfile updates and no runtime code changes. Main risk is potential schema-validation/tooling behavior changes affecting builds or tests.

Overview
Updates the ajv devDependency from 8.18.0 to 8.20.0 in package.json and refreshes package-lock.json accordingly (including a nested addons-linter-scoped ajv entry to satisfy its dependency graph).

^{Reviewed by Cursor Bugbot for commit f85e81c. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

Suggested comment for Cursor review (copy and paste as a new comment):

@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update?

Can you check the test coverage and ensure that the new code is covered?
Can you think through if this dependency is still needed or if there's better practices used elsewhere.

Can you draft a separate PR with any fixes that might be needed?

Note: GitHub Actions bot cannot trigger Cursor agent directly. Please copy the above comment to invoke the review.

[github-actions]

Build Branch

Branch	pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0
Commit	9c2f5b7183
Updated	May 22, 2026 at 10:34:27 AM UTC

Static preview entry points

• Docs: docs/index.html
• Static pages: build/integration/pages/index.html
• Integration pages: injected/integration-test/test-pages/index.html

QR codes (mobile preview)

Entry point	QR code
Docs
Static pages
Integration pages

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0
git -C submodules/content-scope-scripts checkout origin/pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0

Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#9c2f5b71836804824c0b873bd24b43a842be8a85

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "9c2f5b71836804824c0b873bd24b43a842be8a85")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/dependabot/npm_and_yarn/main/ajv-8.20.0
git -C submodules/content-scope-scripts checkout 9c2f5b71836804824c0b873bd24b43a842be8a85

[cursor]

Stale comment

Web Compatibility Assessment

No findings.

Changed files: package.json and package-lock.json only. The bump is limited to the root dev dependency ajv from 8.18.0 to 8.20.0; no injected/src runtime code, API wrappers/shims, DOM behavior, platform entry points, or messaging paths are changed. ajv usage in this repo is limited to injected unit-test schema validation (injected/unit-test/features.js), so there is no page-runtime API surface or compatibility impact.

Security Assessment

No findings.

The diff does not touch captured globals, wrapper utilities, DDGProxy, message bridge/origin checks, native messaging transports, config patch application, iframe handling, postMessage, network requests, or code executed in hostile page contexts. The lockfile change adds a nested addons-linter copy of ajv@8.18.0 because that dependency remains pinned there, while the root dev dependency resolves to ajv@8.20.0; no unrelated package churn was observed.

Risk Level

Low Risk: dependency metadata/lockfile-only devDependency update with no injected runtime bundle changes.

Recommendations

No blocking recommendations. Validation performed:

• npm ci completed successfully, with existing peer/audit warnings.
• npm run test-unit --workspace=injected -- unit-test/features.js passed (79 specs, 0 failures, 16 legacy pending specs).

  

_{Sent by Cursor Automation: Web compat and sec}

[cursor]

Stale comment

Dependency review finding:

The direct ajv bump itself looks low-risk for this repo’s direct usage: injected/unit-test/features.js imports ajv only for test-page config schema validation, and the targeted suite passed with the updated lockfile:

npm run test-unit --workspace=injected -- --random=false --filter='test-pages'

However, this update does not remove all ajv@8.18.0 copies from the dev dependency graph. Upstream ajv@8.19.0 includes a security fix for prototype pollution via $data format lookup, and the new lockfile still contains web-ext -> addons-linter -> ajv@8.18.0 because addons-linter@10.1.0 pins ajv exactly. npm ls ajv --all confirms both ajv@8.20.0 and nested ajv@8.18.0 remain installed.

I did not push changes to this PR. I also did not draft a separate fix PR because the clean fix appears to require the upstream parent chain to consume addons-linter@10.4.0 or newer; addons-linter@10.4.0 uses ajv@8.20.0, but current web-ext metadata still points below that. A local npm override would need careful validation before landing.

  

_{Sent by Cursor Automation: Review dependabot}

[cursor]

This lockfile still installs a nested ajv@8.18.0 under addons-linter. The upstream ajv@8.19.0 release notes list a security fix for prototype pollution via the format keyword with $data refs, so this PR updates the root devDependency but leaves a pre-fix ajv copy reachable through web-ext -> addons-linter.

Evidence from this PR state: addons-linter@10.1.0 pins "ajv": "8.18.0", causing this newly nested package entry, and npm ls ajv --all shows both root ajv@8.20.0 and nested addons-linter -> ajv@8.18.0 installed.

If the goal is to remove the vulnerable/pre-fix version from the dev graph, this needs a follow-up through the web-ext/addons-linter chain. addons-linter@10.4.0 has moved to ajv@8.20.0, but current web-ext metadata does not yet consume that version.

[cursor]

Stale comment

Web Compatibility Assessment

No web compatibility findings. The diff only bumps root ajv from ^8.18.0 to ^8.20.0 in package.json/package-lock.json; it does not touch shipped injected runtime code, API wrapping/shimming, DOM manipulation, platform entry points, or feature config behavior.

Security Assessment

No security findings. ajv remains a root dev dependency, and the only in-repo usage found is the injected unit-test schema validator. No captured-global, messaging, origin-validation, bridge, iframe, or network-request surfaces are changed.

Risk Level

Low Risk: dependency metadata/tooling-only change with no runtime injected-script surface area.

Recommendations

No blocking recommendations.

Validation performed: npm run test-unit --workspace=injected -- --filter=features passed (23 specs, 0 failures).

  

_{Sent by Cursor Automation: Web compat and sec}

[cursor]

Stale comment

Dependency review finding:

The direct root ajv bump to 8.20.0 looks low-risk for the repo’s direct usage. The only direct source import I found is injected/unit-test/features.js, where Ajv validates generated privacy-configuration test-page schemas; it is not part of the injected runtime bundles. Upstream changelog notes:

• 8.19.0: fixes prototype pollution via the format keyword using $data refs.
• 8.20.0: adds Node 22/24 support, drops Node 16/21 support, and adds ES2022 RegExpIndicesArray support.

Validation performed:

• npm ci completed successfully.
• npm ls ajv --all confirms the root install is ajv@8.20.0.
• npm run test-unit --workspace=injected -- --random=false --filter='test-pages' passed: 77 specs, 0 failures, 16 pending.

Concern remains: the new lockfile still installs a nested ajv@8.18.0 through web-ext -> addons-linter@10.1.0, so this PR does not remove all copies below the 8.19.0 prototype-pollution fix. Exploitability is uncertain because I have not confirmed whether addons-linter enables $data format validation on attacker-controlled schemas, but the stale copy is concrete in the dependency graph.

I did not push changes to this PR. I also did not draft a separate fix PR from this checkout because the clean fix is a transitive dependency update: addons-linter@10.4.0 uses ajv@8.20.0, while current web-ext@10.0.0 pins addons-linter@10.1.0 and latest web-ext@10.1.0 still pins addons-linter@10.3.0 (ajv@8.18.0). If we want to force the fix before upstream web-ext catches up, the likely separate PR is an npm overrides entry for addons-linter@10.4.0, validated against the extension lint/build path.

  

_{Sent by Cursor Automation: Review dependabot}

[cursor]

This nested copy means the update does not actually remove all ajv@8.18.0 from the dev dependency graph. Upstream ajv@8.19.0 fixes prototype pollution via format + $data refs, but npm ls ajv --all after npm ci still shows web-ext -> addons-linter@10.1.0 -> ajv@8.18.0. Exploitability depends on whether addons-linter uses $data/format validation over attacker-controlled schemas, so I would treat this as a residual dependency-risk follow-up rather than a direct runtime regression.

[cursor]

Web Compatibility Assessment

No findings.

The current diff changes only package.json and package-lock.json, bumping the root dev dependency ajv from ^8.18.0 to ^8.20.0. No injected runtime code, API wrappers/shims, DOM manipulation, platform entry points, feature config handling, or messaging paths are changed.

Security Assessment

No findings for injected-page security surfaces.

ajv is used directly only by injected unit-test schema validation (injected/unit-test/features.js), not by bundled page-runtime code. The lockfile still contains a nested addons-linter -> ajv@8.18.0 through web-ext, which is already noted in prior dependency-review comments and does not create a new C-S-S injected runtime exposure in this PR.

Risk Level

Low Risk: devDependency/lockfile-only update with no hostile-page runtime surface-area changes.

Recommendations

No blocking recommendations.

Validation performed on the current head:

• npm ci completed successfully, with existing peer/audit warnings.
• npm ls ajv --all confirms root ajv@8.20.0 and the known nested addons-linter ajv@8.18.0 copy.
• npm run test-unit --workspace=injected -- --filter=features passed (23 specs, 0 failures).

  

_{Sent by Cursor Automation: Web compat and sec}

[cursor]

Stale comment

Dependency review finding:

Confirmed concern: this PR updates the root direct ajv devDependency to 8.20.0, but it does not remove every pre-fix Ajv v8 copy from the dependency graph. ajv@8.19.0 fixed prototype pollution via the format keyword using $data refs, and the new lockfile still installs addons-linter -> ajv@8.18.0 through web-ext -> addons-linter@10.3.0.

Direct repo impact looks low: the only direct source import I found is injected/unit-test/features.js, where Ajv validates generated privacy-configuration test-page schemas; it is not part of injected runtime bundles. The 8.20.0 changelog also drops Node 16/21 support and adds Node 22/24 support, which matches this repo’s Node 22 environment.

Validation performed:

• npm ci
• npm ls ajv --all on this PR: confirms root ajv@8.20.0, but nested addons-linter@10.3.0 -> ajv@8.18.0 remains.
• npm run test-unit --workspace=injected -- --random=false --filter='test-pages': passed (77 specs, 0 failures, 16 pending).

Uncertain concern: I have not confirmed that addons-linter enables Ajv $data format validation against attacker-controlled schemas, so I would treat the nested copy as incomplete remediation rather than confirmed exploitable behavior.

I did not push changes to this PR. I opened a separate follow-up PR with the clean fix path: #2711. That bumps web-ext to 10.2.0, which brings addons-linter@10.5.0 and dedupes Ajv v8 to 8.20.0; it also updates the fake MV3 extension manifest metadata required by the newer linter. Validation on that branch: npm ls ajv --all, npx web-ext lint --source-dir=integration-test/extension, and the same targeted schema test all pass.

  

_{Sent by Cursor Automation: Review dependabot}

[cursor]

ajv@8.19.0 contains the prototype-pollution fix for $data format lookups, but this newly added nested install keeps addons-linter on ajv@8.18.0. The direct root copy is updated, but the dev dependency graph still contains one Ajv v8 copy below the security-fix release via web-ext -> addons-linter@10.3.0.

[github-actions]

[Beta] Generated file diff

Time updated: Fri, 22 May 2026 10:34:57 GMT

[cursor]

Dependency review finding:

Confirmed concern: the direct root ajv bump itself is low-risk for this repo, but it does not fully remove pre-fix Ajv v8 from the dev dependency graph. Upstream changelog evidence:

• 8.19.0: fixes prototype pollution via the format keyword using $data refs.
• 8.20.0: adds Node 22/24 support, drops Node 16/21 support, and adds ES2022 RegExpIndicesArray support.

Current-code impact: the only direct source import I found is injected/unit-test/features.js, where Ajv validates generated privacy-configuration test-page schemas. That path is test-only and not part of injected runtime bundles. Node support is compatible with this repo’s Node 22 environment.

Coverage/validation on the synchronized head:

• npm ci completed successfully.
• npm ls ajv --all confirms root ajv@8.20.0, but also injected -> web-ext@10.1.0 -> addons-linter@10.3.0 -> ajv@8.18.0.
• npm run test-unit --workspace=injected -- --random=false --filter='test-pages' passed: 77 specs, 0 failures, 16 pending.

Dependency-need assessment: the direct root ajv dependency is still used by the schema-validation unit tests, so removing it is not currently a drop-in cleanup. The better follow-up is to update the transitive linting toolchain so addons-linter no longer pins the stale Ajv copy, rather than adding broad local fallback logic.

I did not push changes to this PR. A separate follow-up fix PR is already open: #2711. It bumps web-ext so the addons-linter chain dedupes Ajv v8 to 8.20.0, with the manifest metadata update required by the newer linter.

  

_{Sent by Cursor Automation: Review dependabot}

[cursor]

Confirmed residual dependency risk: this PR upgrades the root direct ajv devDependency to 8.20.0, but the lockfile still adds a nested addons-linter -> ajv@8.18.0 here. Ajv 8.19.0 fixed prototype pollution via the format keyword with $data refs, so if this PR is intended as security remediation it does not remove every pre-fix Ajv v8 copy. Exploitability in this path is uncertain because I have not confirmed that addons-linter uses $data format validation on attacker-controlled schemas.