Bumping deps to avoid CVE (17/02/2026)

[liranmauda]

Explain the Changes

• Bumping deps to avoid CVE (17/02/2026)

Summary by CodeRabbit

• Chores
  • Updated package dependencies to their latest versions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

This pull request updates multiple dependency versions in package.json, including AWS SDK v3 packages (3.971.0 → 3.991.0), Google Cloud Storage (7.18.0 → 7.19.0), and other utility libraries such as lodash, pg, ajv, and node types. No runtime code or logic changes are included.

Changes

Cohort / File(s)	Summary
AWS SDK v3 Updates package.json (@aws-sdk/client-s3, @aws-sdk/client-sts, @aws-sdk/credential-providers, @aws-sdk/lib-storage, @aws-sdk/s3-request-presigner)	Bumped from 3.971.0 to 3.991.0; also updated @aws-sdk/client-iam in devDependencies to match.
Cloud & HTTP Handler Updates package.json (@google-cloud/storage, @smithy/node-http-handler)	@google-cloud/storage bumped from 7.18.0 to 7.19.0; @smithy/node-http-handler from 4.4.8 to 4.4.10.
Utility & Runtime Libraries package.json (ldapts, lodash, nan, pg, ajv, @types/node, node-gyp)	Updated ldapts (8.1.3 → 8.1.6), lodash (4.17.21 → 4.17.23), nan (2.24.0 → 2.25.0), pg (8.17.1 → 8.18.0), ajv (8.17.1 → 8.18.0), @types/node (24.10.9 → 24.10.13), and node-gyp (12.1.0 → 12.2.0).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Bumping deps to avoid CVE (13/01/2026) #9373: Updates the same set of dependencies including AWS SDK v3, @google-cloud/storage, @smithy/node-http-handler, and related packages.
• Bumping deps to avoid CVE (13/11/2025) (part 2) #9305: Bumps identical AWS SDK v3 packages, @google-cloud/storage, smithy handler, and dev dependencies.
• Bumping deps to avoid CVE (19/01/2026) #9381: Updates overlapping dependencies, particularly AWS SDK v3 packages and @types/node.

Suggested reviewers

• nimrod-becker
• jackyalbo
• dannyzaken

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: bumping dependencies to avoid a CVE, which is the core purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}