Skip to content

deps(deps): bump the npm-production group across 1 directory with 5 updates#44

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-d887da6dee
Open

deps(deps): bump the npm-production group across 1 directory with 5 updates#44
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-d887da6dee

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 20, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the npm-production group with 5 updates in the / directory:

Package From To
@clack/prompts 1.3.0 1.5.1
commander 12.1.0 15.0.0
typescript 5.9.3 6.0.3
web-tree-sitter 0.26.8 0.26.9
yaml 2.8.4 2.9.0

Updates @clack/prompts from 1.3.0 to 1.5.1

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.5.1

Patch Changes

@​clack/prompts@​1.5.0

Minor Changes

  • #543 83428ac Thanks @​florian-lefebvre! - Adds support for Standard Schema validation

    Prompts accept an optional validate() function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.

    Libraries following the Standard Schema specification are now natively supported. For example, using Arktype:

    import { text } from '@clack/prompts';
import { type } from 'arktype';
const name = await text({
message: 'Enter your email',

validate: type('string.email').describe('Invalid email'),
});

Patch Changes

@​clack/prompts@​1.4.0

Minor Changes

  • 284677e: Support scrolling and maxItems option for groupMultiselect, and removes indent when withGuide is set to false

Patch Changes

  • aab46a2: docs: add jsdoc for text, password, and multiline prompts
  • 54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.
  • Updated dependencies [54be8d7]

... (truncated)

Changelog

Sourced from @​clack/prompts's changelog.

1.5.1

Patch Changes

1.5.0

Minor Changes

  • #543 83428ac Thanks @​florian-lefebvre! - Adds support for Standard Schema validation

    Prompts accept an optional validate() function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.

    Libraries following the Standard Schema specification are now natively supported. For example, using Arktype:

    import { text } from '@clack/prompts';
import { type } from 'arktype';
const name = await text({
message: 'Enter your email',

validate: type('string.email').describe('Invalid email'),
});

Patch Changes

1.4.0

Minor Changes

  • 284677e: Support scrolling and maxItems option for groupMultiselect, and removes indent when withGuide is set to false

Patch Changes

... (truncated)

Commits

Updates commander from 12.1.0 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

[14.0.3] (2026-01-31)

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)

... (truncated)

Commits

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates web-tree-sitter from 0.26.8 to 0.26.9

Release notes

Sourced from web-tree-sitter's releases.

v0.26.9

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

Commits

Updates yaml from 2.8.4 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

  • fix: Avoid calling Array.prototype.push.apply() with large source array
  • fix(lexer): Avoid recursive calls that may exhaust the call stack
Commits
  • ddb21b0 2.9.0
  • 167365b docs: Clarify that not all errors can be avoided
  • 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
  • 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch 14 times, most recently from e21a6af to 68a211f Compare May 27, 2026 05:36
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch from 68a211f to 7dc48fe Compare May 29, 2026 03:13
@dependabot
deps(deps): bump the npm-production group across 1 directory with 5 u…
da1b088 
…pdates

Bumps the npm-production group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `1.3.0` | `1.5.1` |
| [commander](https://github.com/tj/commander.js) | `12.1.0` | `15.0.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.8` | `0.26.9` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.4` | `2.9.0` |



Updates `@clack/prompts` from 1.3.0 to 1.5.1
- [Release notes](https://github.com/bombshell-dev/clack/releases)
- [Changelog](https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md)
- [Commits](https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.1/packages/prompts)

Updates `commander` from 12.1.0 to 15.0.0
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v12.1.0...v15.0.0)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `web-tree-sitter` from 0.26.8 to 0.26.9
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](https://github.com/tree-sitter/tree-sitter/commits/v0.26.9/lib/binding_web)

Updates `yaml` from 2.8.4 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.4...v2.9.0)

---
updated-dependencies:
- dependency-name: "@clack/prompts"
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: commander
  dependency-version: 14.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-production
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-production
- dependency-name: web-tree-sitter
  dependency-version: 0.26.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-production-d887da6dee branch from 7dc48fe to da1b088 Compare June 8, 2026 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants