Skip to content

deps(deps): bump the npm-production group across 1 directory with 5 updates#44

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-d887da6dee
Open

deps(deps): bump the npm-production group across 1 directory with 5 updates#44
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-d887da6dee

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 20, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-production group with 5 updates in the / directory:

Package From To
@clack/prompts 1.3.0 1.6.0
commander 12.1.0 15.0.0
typescript 5.9.3 6.0.3
web-tree-sitter 0.26.8 0.26.10
yaml 2.8.4 2.9.0

Updates @clack/prompts from 1.3.0 to 1.6.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.6.0

Minor Changes

  • #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

    If you want the old behavior, provide a format() function:

    import { note } from '@clack/prompts';
    +import { styleText } from 'node:util';
    note(
    'You can edit the file src/index.jsx',
    'Next steps.'
    
    { format: (text) => styleText('dim', text) }
    );
  • #567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

  • Patch Changes

    @​clack/prompts@​1.5.1

    Patch Changes

    @​clack/prompts@​1.5.0

    Minor Changes

    • #543 83428ac Thanks @​florian-lefebvre! - Adds support for Standard Schema validation

      Prompts accept an optional validate() function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.

      Libraries following the Standard Schema specification are now natively supported. For example, using Arktype:

      import { text } from '@clack/prompts';
      import { type } from 'arktype';
      const name = await text({
      message: 'Enter your email',

    ... (truncated)

    Changelog

    Sourced from @​clack/prompts's changelog.

    1.6.0

    Minor Changes

    • #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

      If you want the old behavior, provide a format() function:

      import { note } from '@clack/prompts';
      +import { styleText } from 'node:util';
      note(
      'You can edit the file src/index.jsx',
      'Next steps.'
      
      { format: (text) => styleText('dim', text) }
      );
  • #567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

  • Patch Changes

    1.5.1

    Patch Changes

    1.5.0

    Minor Changes

    • #543 83428ac Thanks @​florian-lefebvre! - Adds support for Standard Schema validation

      Prompts accept an optional validate() function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.

      Libraries following the Standard Schema specification are now natively supported. For example, using Arktype:

      import { text } from '@clack/prompts';
      import { type } from 'arktype';

    ... (truncated)

    Commits
    • 0e70056 [ci] release (#562)
    • f87933f fix(prompts): do not dim note contents (#568)
    • cc6aab5 feat(prompts): add instructions footer for select, multi-select & `group-...
    • 02ae191 [ci] release (#549)
    • 56e9d67 docs: add jsdoc for date, limit-options, and messages (#546)
    • 030ba4d [ci] release (#539)
    • 83428ac feat: standard schema for validation (#543)
    • adb6af9 docs: add jsdoc for box, group, and group-multi-select (#542)
    • 3170ed9 docs: add jsdoc for autocomplete, confirm, and path prompts (#540)
    • 3dcb31a fix: spaces and uppercase characters in multiline input (#534)
    • Additional commits viewable in compare view

    Updates commander from 12.1.0 to 15.0.0

    Release notes

    Sourced from commander's releases.

    v15.0.0

    Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

    The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

    Added

    • show excess command-arguments in error message (#2384)

    Fixed

    • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
    • update example to use compatible character for MINGW64 (#2475)

    Changed

    • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
    • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
    • dev: switch tests from Jest to node:test test runner (#2463)

    Deleted

    • Breaking: removed deprecated export of commander/esm.mjs (#2464)

    Migration Tips

    Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

    If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

    v15.0.0-0

    Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

    The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

    Added

    • show excess command-arguments in error message (#2384)

    Fixed

    • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
    • update example to use compatible character for MINGW64 (#2475)

    ... (truncated)

    Changelog

    Sourced from commander's changelog.

    [15.0.0] (2026-05-29)

    Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

    The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

    Added

    • show excess command-arguments in error message (#2384)

    Fixed

    • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
    • update example to use compatible character for MINGW64 (#2475)

    Changed

    • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
    • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
    • dev: switch tests from Jest to node:test test runner (#2463)

    Deleted

    • Breaking: removed deprecated export of commander/esm.mjs (#2464)

    Migration Tips

    Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

    If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

    [15.0.0-0] (2026-02-22)

    (Released as 15.0.0)

    [14.0.3] (2026-01-31)

    Added

    • Release Policy document (#2462)

    Changes

    • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
    • clarify typing for deprecated callback parameter to .outputHelp() (#2427)

    ... (truncated)

    Commits

    Updates typescript from 5.9.3 to 6.0.3

    Release notes

    Sourced from typescript's releases.

    TypeScript 6.0.3

    For release notes, check out the release announcement blog post.

    Downloads are available on:

    TypeScript 6.0

    For release notes, check out the release announcement blog post.

    Downloads are available on:

    TypeScript 6.0 Beta

    For release notes, check out the release announcement.

    Downloads are available on:

    Commits
    • 050880c Bump version to 6.0.3 and LKG
    • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
    • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
    • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
    • 607a22a Bump version to 6.0.2 and LKG
    • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
    • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
    • e175b69 Bump version to 6.0.1-rc and LKG
    • af4caac Update LKG
    • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
    • Additional commits viewable in compare view

    Updates web-tree-sitter from 0.26.8 to 0.26.10

    Release notes

    Sourced from web-tree-sitter's releases.

    v0.26.10

    What's Changed

    Full Changelog: tree-sitter/tree-sitter@v0.26.9...v0.26.10

    v0.26.9

    What's Changed

    Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

    Commits

    Updates yaml from 2.8.4 to 2.9.0

    Release notes

    Sourced from yaml's releases.

    v2.9.0

    The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

    It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

    Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

    • fix: Avoid calling Array.prototype.push.apply() with large source array
    • fix(lexer): Avoid recursive calls that may exhaust the call stack
    Commits
    • ddb21b0 2.9.0
    • 167365b docs: Clarify that not all errors can be avoided
    • 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
    • 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
    • See full diff in compare view

    @dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
    @dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch 14 times, most recently from e21a6af to 68a211f Compare May 27, 2026 05:36
    @dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch from 68a211f to 7dc48fe Compare May 29, 2026 03:13
    @dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch 2 times, most recently from da1b088 to 9c8a0e8 Compare June 15, 2026 09:34
    @dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch from 9c8a0e8 to 8796ed0 Compare June 29, 2026 09:20
    …pdates
    
    Bumps the npm-production group with 5 updates in the / directory:
    
    | Package | From | To |
    | --- | --- | --- |
    | [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `1.3.0` | `1.6.0` |
    | [commander](https://github.com/tj/commander.js) | `12.1.0` | `15.0.0` |
    | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
    | [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.8` | `0.26.10` |
    | [yaml](https://github.com/eemeli/yaml) | `2.8.4` | `2.9.0` |
    
    
    
    Updates `@clack/prompts` from 1.3.0 to 1.6.0
    - [Release notes](https://github.com/bombshell-dev/clack/releases)
    - [Changelog](https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md)
    - [Commits](https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.6.0/packages/prompts)
    
    Updates `commander` from 12.1.0 to 15.0.0
    - [Release notes](https://github.com/tj/commander.js/releases)
    - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
    - [Commits](tj/commander.js@v12.1.0...v15.0.0)
    
    Updates `typescript` from 5.9.3 to 6.0.3
    - [Release notes](https://github.com/microsoft/TypeScript/releases)
    - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)
    
    Updates `web-tree-sitter` from 0.26.8 to 0.26.10
    - [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
    - [Commits](https://github.com/tree-sitter/tree-sitter/commits/v0.26.10/lib/binding_web)
    
    Updates `yaml` from 2.8.4 to 2.9.0
    - [Release notes](https://github.com/eemeli/yaml/releases)
    - [Commits](eemeli/yaml@v2.8.4...v2.9.0)
    
    ---
    updated-dependencies:
    - dependency-name: "@clack/prompts"
      dependency-version: 1.4.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: npm-production
    - dependency-name: commander
      dependency-version: 14.0.3
      dependency-type: direct:production
      update-type: version-update:semver-major
      dependency-group: npm-production
    - dependency-name: typescript
      dependency-version: 6.0.3
      dependency-type: direct:production
      update-type: version-update:semver-major
      dependency-group: npm-production
    - dependency-name: web-tree-sitter
      dependency-version: 0.26.9
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: npm-production
    - dependency-name: yaml
      dependency-version: 2.9.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: npm-production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch from 8796ed0 to d8aa5ed Compare June 29, 2026 09:23
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Labels

    dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

    Projects

    None yet

    Development

    Successfully merging this pull request may close these issues.

    0 participants