chore(deps): bump the production-deps group across 1 directory with 9 updates

[dependabot]

Bumps the production-deps group with 9 updates in the / directory:

Package	From	To
@clack/prompts	1.0.1	1.1.0
@google/genai	1.43.0	1.45.0
@modelcontextprotocol/sdk	1.26.0	1.27.1
better-sqlite3	12.6.2	12.8.0
open	10.2.0	11.0.0
openai	6.22.0	6.29.0
simple-git	3.32.2	3.33.0
web-tree-sitter	0.26.5	0.26.7
zod	3.25.76	4.3.6

Updates @clack/prompts from 1.0.1 to 1.1.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.1.0

Minor Changes

• e3333fb: Replaces picocolors with Node.js built-in styleText.

Patch Changes

• c3666e2: destruct limitOption param for better code readability, tweak types definitions
• ba3df8e: Fixes withGuide support in intro, outro, and cancel messages.
• Updated dependencies [e3333fb]
  • @​clack/core@​1.1.0

Changelog

Sourced from @​clack/prompts's changelog.

1.1.0

Minor Changes

• e3333fb: Replaces picocolors with Node.js built-in styleText.

Patch Changes

• c3666e2: destruct limitOption param for better code readability, tweak types definitions
• ba3df8e: Fixes withGuide support in intro, outro, and cancel messages.
• Updated dependencies [e3333fb]
  • @​clack/core@​1.1.0

Commits

• 56edf97 [ci] release (#472)
• ba3df8e fix(prompts): honor withGuide for intro/outro/cancel messages (#474)
• e3333fb refactor(core, prompts): replace picocolors with styleText (#403)
• 594c58a [ci] format
• c3666e2 chore(prompts): destruct limitOption param for better code readability (#457)
• See full diff in compare view

Updates @google/genai from 1.43.0 to 1.45.0

Release notes

Sourced from @​google/genai's releases.

v1.45.0

1.45.0 (2026-03-12)

Features

• Add inference_generation_config to EvaluationConfig for Tuning (b4ac722)
• enable language code for audio transcription config in Live API for Vertex AI (67f39ec)

v1.44.0

1.44.0 (2026-03-04)

Features

• Add gemini-3.1-flash-image-preview model (175603b)
• Support signature for all Interaction tool types (b79108f)
• Update data types from discovery doc. (249b15a)

Changelog

Sourced from @​google/genai's changelog.

1.45.0 (2026-03-12)

Features

• Add inference_generation_config to EvaluationConfig for Tuning (b4ac722)
• enable language code for audio transcription config in Live API for Vertex AI (67f39ec)

1.44.0 (2026-03-04)

Features

• Add gemini-3.1-flash-image-preview model (175603b)
• Support signature for all Interaction tool types (b79108f)
• Update data types from discovery doc. (249b15a)

Commits

• 2d82de4 chore(main): release 1.45.0 (#1384)
• 85c6b28 chore: Update response MIME type field status.
• 67f39ec feat: enable language code for audio transcription config in Live API for Ver...
• 0d9e857 chore: Remove signature from tool call content/delta types and add `call_id...
• 7e6d6e0 chore: Additional configuration for private vertex_internal entrypoint
• 5d3759a chore: update comments
• e98f210 chore: add streaming benchmark
• 3fbab01 chore: internal change
• b4ac722 feat: Add inference_generation_config to EvaluationConfig for Tuning
• 4e4ed3d chore(main): release 1.44.0 (#1361)
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.27.1

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

• feat: implement auth/pre-registration conformance scenario by @​felixweinberger in modelcontextprotocol/typescript-sdk#1545
• docs: add governance documentation for SEP-1730 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1547
• docs: comprehensive feature documentation for SEP-1730 Tier 1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1548
• fix: prevent command injection in example URL opening (v1.x backport) by @​maxisbey in modelcontextprotocol/typescript-sdk#1579
• fix: call onerror for silently swallowed transport errors by @​qing-ant in modelcontextprotocol/typescript-sdk#1580
• chore: bump version to 1.27.1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

• @​qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

• feat: add conformance test infrastructure for v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1518
• feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1533
• feat: add url property to RequestInfo interface by @​valentinbeggi in modelcontextprotocol/typescript-sdk#1353
• [v1.x] feat(tasks): add streaming methods for elicitation and sampling by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1528
• chore: bump version for v1.27.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

• @​valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

Commits

• 4faa8c8 chore: bump version to 1.27.1 (#1581)
• 09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
• e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
• 342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
• 2084a22 docs: add governance documentation for SEP-1730 (#1547)
• f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
• 8cbc658 chore: bump version for v1.27.0 (#1541)
• 5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
• 97ab379 feat: add url property to RequestInfo interface (#1353)
• 825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.6.2 to 12.8.0

Release notes

Sourced from better-sqlite3's releases.

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

• @​tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

Full Changelog: WiseLibs/better-sqlite3@v12.7.1...v12.8.0

v12.7.1

Also not a viable release

The V8 API change was more bonkers than expected. See v12.8.0.

What's Changed

• fix: use Holder() instead of This() for Electron 41 compatibility by @​mceachen in WiseLibs/better-sqlite3#1456
• Roll back to SQLite to version 3.51.2 in WiseLibs/better-sqlite3#1457

Full Changelog: WiseLibs/better-sqlite3@v12.7.0...v12.7.1

v12.7.0

CAUTION: NOT A VIABLE RELEASE

Two (!!) reasons:

1. Electron v41 bit us and removed functions we were using, so a bunch of prebuilds are missing
2. From the SQLite team:

   Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

What's Changed

• chore(build.yml): update Electron version support to include v41 by @​mceachen in WiseLibs/better-sqlite3#1452
• Fix Node v25 test errors by @​m4heshd in WiseLibs/better-sqlite3#1454
• Update SQLite to version 3.52.0 in WiseLibs/better-sqlite3#1449
• Revert "Fix Node v25 test errors" by @​mceachen in WiseLibs/better-sqlite3#1455

Full Changelog: WiseLibs/better-sqlite3@v12.6.2...v12.7.0

... (truncated)

Commits

• fe774f5 12.8.0
• 8617ed6 fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 (#1459)
• 959a018 Update SQLite to version 3.51.3 (#1460)
• 43729c0 Readme: requires Node.js v20 or later (#1443)
• 27dc751 12.7.1
• db1119c Update SQLite to version 3.51.2 (#1457)
• d2c4815 fix: use Holder() instead of This() for Electron 41 compatibility (#1456)
• ef9ffce 12.7.0
• 3be46ff Revert "Fix Node v25 test errors" (#1455)
• f3a44a4 Update SQLite to version 3.52.0 (#1449)
• Additional commits viewable in compare view

Updates open from 10.2.0 to 11.0.0

Release notes

Sourced from open's releases.

v11.0.0

Breaking

• Require Node.js 20 e789eec

Improvements

• Automatically detect whether PowerShell is accessible in WSL 67109f8
• Add chromium-browser fallback for Linux b40f4b8
• Throw AggregateError instead of only latest error (#364) 2778ac6

Fixes

• Fix app launch failure detection for fallback support ce31b94
• Fix WSL access via remote SSH 8821bf7
• Fix handling of import.meta.url not being available 8ce0f7d
• Fix: Suppress PowerShell progress messages on Windows 2283000
• Fix: Ignore stdio on Windows when not waiting for process e1af0ee
• Fix WSL2 local file opening 269b5fd
• Fix spawn handling 966239c
• Fix PowerShell argument escaping 274d704

---

sindresorhus/open@v10.2.0...v11.0.0

Commits

• 8815330 11.0.0
• b8d8107 Refactor
• ce31b94 Fix app launch failure detection for fallback support
• b40f4b8 Add chromium-browser fallback for Linux
• e789eec Require Node.js 20
• 67109f8 Automatically detect PowerShell accessibility in WSL
• 8821bf7 Fix WSL access via remote SSH
• 8ce0f7d Fix handling of import.meta.url not being available
• 2283000 Suppress PowerShell progress messages on Windows
• e1af0ee Ignore stdio on Windows when not waiting for process
• Additional commits viewable in compare view

Updates openai from 6.22.0 to 6.29.0

Release notes

Sourced from openai's releases.

v6.29.0

6.29.0 (2026-03-13)

Full Changelog: v6.28.0...v6.29.0

Features

• api: custom voices (a11307a)

v6.28.0

6.28.0 (2026-03-13)

Full Changelog: v6.27.0...v6.28.0

Features

• api: manual updates (d543959)
• api: manual updates (4f87840)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (262dac2)

Bug Fixes

• types: remove detail field from ResponseInputFile and ResponseInputFileContent (8d6c0cd)

Chores

• internal: update dependencies to address dependabot vulnerabilities (f5810ee)
• match http protocol with ws protocol instead of wss (6f4e936)
• mcp-server: improve instructions (aad9ca1)
• use proper capitalization for WebSockets (cb4cf62)

v6.27.0

6.27.0 (2026-03-05)

Full Changelog: v6.26.0...v6.27.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (0206188)

Chores

• internal: improve import alias names (9cc2478)

v6.26.0

6.26.0 (2026-03-05)

... (truncated)

Changelog

Sourced from openai's changelog.

6.29.0 (2026-03-13)

Full Changelog: v6.28.0...v6.29.0

Features

• api: custom voices (a11307a)

6.28.0 (2026-03-13)

Full Changelog: v6.27.0...v6.28.0

Features

• api: manual updates (d543959)
• api: manual updates (4f87840)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (262dac2)

Bug Fixes

• types: remove detail field from ResponseInputFile and ResponseInputFileContent (8d6c0cd)

Chores

• internal: update dependencies to address dependabot vulnerabilities (f5810ee)
• match http protocol with ws protocol instead of wss (6f4e936)
• mcp-server: improve instructions (aad9ca1)
• use proper capitalization for WebSockets (cb4cf62)

6.27.0 (2026-03-05)

Full Changelog: v6.26.0...v6.27.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (0206188)

Chores

• internal: improve import alias names (9cc2478)

6.26.0 (2026-03-05)

Full Changelog: v6.25.0...v6.26.0

Features

... (truncated)

Commits

• 6bf4fcb release: 6.29.0
• c1fc3b6 feat(api): custom voices
• 7ab6154 release: 6.28.0
• 0064618 feat(api): sora api improvements: character api, video extensions/edits, high...
• b13cc21 feat(api): manual updates
• 4985a81 feat(api): manual updates
• c05d69c chore: use proper capitalization for WebSockets
• fc5dd95 chore: match http protocol with ws protocol instead of wss
• 954cd78 fix(types): remove detail field from ResponseInputFile and ResponseInputFileC...
• b61d477 chore(internal): update dependencies to address dependabot vulnerabilities
• Additional commits viewable in compare view

Updates simple-git from 3.32.2 to 3.33.0

Release notes

Sourced from simple-git's releases.

simple-git@3.33.0

Minor Changes

• a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

• e253a0d: Enhanced git -c checks in unsafe plugin.

  Thanks to @​JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

Changelog

Sourced from simple-git's changelog.

3.33.0

Minor Changes

• a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

• e253a0d: Enhanced git -c checks in unsafe plugin.

  Thanks to @​JohannesLks for identifying the issue

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

Commits

• 8bbbabc Version Packages
• a263635 Clone API use pathspec (#1132)
• e253a0d Fix/block unsafe 2603 (#1135)
• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• See full diff in compare view

Updates web-tree-sitter from 0.26.5 to 0.26.7

Release notes

Sourced from web-tree-sitter's releases.

v0.26.7

Notable Changes

• A regression in v0.26.6 with quantified alternations was fixed.
• Release artifacts for the tree-sitter CLI are now published as zip archives (in addition to gzipped executables, which are planned for removal in a future minor release).

What's Changed

• fix: skip missing Makefile in version command by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5386
• fix(wasm): pass target triple to clang (#5385) by @​clason in tree-sitter/tree-sitter#5390
• chore(parser): return NULL, not false, for incomplete parse by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5398
• fix(loader): link with libc on OpenBSD to compile parser by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5399
• refactor(query): remove alternative_is_immediate by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5412
• fix(query): don't add copies for quantifier steps outside alternations by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5414
• revert allowing dashes in parser name by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5433
• ci(release): publish zip archives by @​clason in tree-sitter/tree-sitter#5434
• release v0.26.7 by @​clason in tree-sitter/tree-sitter#5435

Full Changelog: tree-sitter/tree-sitter@v0.26.6...v0.26.7

v0.26.6

What's Changed

• lib: clean up strict aliasing fixes in array.h by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5311
• feat: allow - in grammar names by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5318
• fix(cli): allow for both debug logs and graphs by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5319
• web: add default export to CJS bundle by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5323
• fix(query): prevent cross-branch capture contamination in alternations with quantifiers by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5320
• ci: speed it up by @​WillLillis in tree-sitter/tree-sitter#5325
• use provided by RedoxOS byte orders implementations by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5346
• build(deps): bump wasmtime to v36.0.5 LTS by @​clason in tree-sitter/tree-sitter#5351
• fix(lib): cast NULL in ts_subtree_children macro by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5353
• ci: backport release check workflow by @​WillLillis in tree-sitter/tree-sitter#5358
• ci: retrigger crates check on PR updates by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5361
• cli: init -u fixes by @​WillLillis in tree-sitter/tree-sitter#5367
• build(deps): bump wasmtime to v36.0.6 by @​clason in tree-sitter/tree-sitter#5370
• 0.26.6 by @​clason in tree-sitter/tree-sitter#5372

Full Changelog: tree-sitter/tree-sitter@v0.26.5...v0.26.6

Commits

• 6f2e8a6 release v0.26.7
• 534c4a0 0.26.6
• 3b85287 web: add default export to CJS bundle
• See full diff in compare view

Updates zod from 3.25.76 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	96.57% (🎯 90%)	1268 / 1313
🔵	Statements	96.43% (🎯 90%)	1326 / 1375
🔵	Functions	97.04% (🎯 90%)	230 / 237
🔵	Branches	86.22% (🎯 85%)	670 / 777

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
src/config/schema.ts	100%	100%	100%	100%

Generated in workflow #59 for commit ea8a263 by the Vitest Coverage Report Action