chore(deps-dev): bump dependency-cruiser from 16.10.4 to 17.3.8

[dependabot]

Bumps dependency-cruiser from 16.10.4 to 17.3.8.

Release notes

Sourced from dependency-cruiser's releases.

v17.3.8

🐛 fixes

• 273581d2 fix(extract/transpile): retains svelte(5+) dependencies used exclusively outside sections (#1046) - thanks @​Dan503 for raising the issue and verifying the fix!

👷 maintenance

• f86b5fac build(npm): updates external dependencies
• 48bcdda4 doc(cli.md): correct a typo

v17.3.8-beta-1

• 153cef63 fix(extract/transpile): retain svelte dependencies used exclusively outside sections
• d768b232 build(npm): updates external dependencies
• 48bcdda4 doc(cli.md): correct a typo

v17.3.7

🐛 fixes

• a0955cd3 fix(analyze): also analyzes dependents when --reaches or --focus are the only reason to do so - thanks @​drewcpage for raising the issue that led to this fix!

👷 maintenance

• 1289ed68 build(npm): updates external dependencies
• d993ebdc refactor(config-utl): de-anonymize the one remaining anonymous function export
• 817b8706 refactor: renames code in the analysis step to 'analyze'

🧹 chores

• 67d16af4 chore: adds an override to prevent a transitive dependency from emitting annoying messages while our tests are running
• 4af00554 chore(npm): updates external devDependencies
• e166a58e chore(ci): moves workflow permissions to individual jobs
• c6e7a856 chore(codeql): excludes generated validation code from scrutiny

v17.3.6

🐛 fixes

• cd6fe3af fix(report/dot): makes the dot 'flat' reporter respect collapse patterns

🧑‍🏭 refactoring

• d58c78ad/ e884b1e1/ 58c01d1d/ refactor: replace memoize with internal Maps (#1040)
• 464388c0 refactor(cache): uses more appropriate Set for remembering which cache contexts were initialized
• a4a7a807 refactor(report/teamcity): passes the flowId instead of memoizing it

📖 documentation

• 9ca0ab0b doc: various updates to type annotations
• f3648f61 doc(cli): refreshes the documentation of the configuration scaffolding template
• 1b12e61a doc(cli): documents the 'ndjson' logging/ progress format
• cd52da95 doc(cli): updates progress performance-log sample
• 54becb36 doc(report/teamcity): uses same filename pattern for typedefs as used elsewhere in the src tree

... (truncated)

Commits

• d3b9ce2 17.3.8
• 273581d fix(extract/transpile): retains svelte(5+) dependencies used exclusively outs...
• f86b5fa build(npm): updates external dependencies
• 48bcdda doc(cli.md): correct a typo
• c9ed5f1 17.3.7
• 1289ed6 build(npm): updates external dependencies
• a0955cd fix(analyze): also analyzes dependents when --reaches or --focus are the only...
• d993ebd refactor(config-utl): de-anonymize the one remaining anonymous function export
• 67d16af chore: adds an override to prevent a ransitive dependency from emitting annoy...
• 4af0055 chore(npm): updates external devDependencies
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dependency-cruiser since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

❌ Security Audit Results

Status: High or critical vulnerabilities detected

Severity	Count
Critical	0
High	1
Moderate	0
Low	0
Info	0

Total vulnerabilities: 1

⚠️ Action Required: Please review and fix high/critical vulnerabilities before merging.

Remediation Steps

1. Review the audit results: pnpm audit
2. Update vulnerable dependencies: pnpm update
3. For breaking changes, check package changelogs
4. Run tests to ensure compatibility: pnpm test
5. If no fix is available, consider:
   • Finding alternative packages
   • Waiting for upstream fixes
   • Applying workarounds if risk is acceptable

[github-actions]

✅ Quality Metrics Gate

Metric	Value	Status
Score	91.06/100 (+0)	✅
Lint	20w / 0e	⚠️
TypeScript	0 errors	✅
Tests	100% pass rate	✅
Coverage	95.28% avg	✅
Build	OK	✅

Per-package coverage

Package	Coverage
@kaiord/core	97.06%
@kaiord/fit	96.45%
@kaiord/tcx	97.61%
@kaiord/zwo	91.72%
@kaiord/garmin	97.84%
@kaiord/garmin-connect	98.36%
@kaiord/cli	88.1%
@kaiord/mcp	95.08%

Metrics Gate • 2026-03-09T19:36:41.867Z