From 62342bc3718120ed12fccfe6e441bf7915eb642a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 04:16:25 +0000 Subject: [PATCH 1/2] Bump commander from 14.0.3 to 15.0.0 in the phase-3-runtime group Bumps the phase-3-runtime group with 1 update: [commander](https://github.com/tj/commander.js). Updates `commander` from 14.0.3 to 15.0.0 - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/tj/commander.js/compare/v14.0.3...v15.0.0) --- updated-dependencies: - dependency-name: commander dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: phase-3-runtime ... Signed-off-by: dependabot[bot] --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index bf084ae..a4f51c0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.6.0", "license": "MIT", "dependencies": { - "commander": "^14.0.3" + "commander": "^15.0.0" }, "bin": { "ouraclaw-cli": "dist/index.js" @@ -1605,12 +1605,12 @@ } }, "node_modules/commander": { - "version": "14.0.3", - "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz", - "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==", + "version": "15.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-15.0.0.tgz", + "integrity": "sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==", "license": "MIT", "engines": { - "node": ">=20" + "node": ">=22.12.0" } }, "node_modules/convert-source-map": { diff --git a/package.json b/package.json index c198c27..3187819 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "access": "public" }, "dependencies": { - "commander": "^14.0.3" + "commander": "^15.0.0" }, "devDependencies": { "@eslint/js": "^10.0.1", From 5f1dbb9e3e34f2a48b82fa2b6101eb984fd1b253 Mon Sep 17 00:00:00 2001 From: Robert Spiegel Date: Mon, 15 Jun 2026 11:41:42 +0200 Subject: [PATCH 2/2] Fix commander --- .github/dependabot.yml | 4 ++++ CHANGELOG.md | 2 ++ package-lock.json | 10 +++++----- package.json | 2 +- test/cli.test.ts | 7 +++++++ 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7167e01..3d65620 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,10 @@ updates: open-pull-requests-limit: 10 labels: - "dependencies" + ignore: + - dependency-name: "commander" + update-types: + - "version-update:semver-major" groups: phase-1-safe-updates: applies-to: "version-updates" diff --git a/CHANGELOG.md b/CHANGELOG.md index 1877fc6..009d931 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,8 @@ All notable changes to this project will be documented in this file. ### Fixed +- Kept `commander` on the Node 20-compatible major and ignored future Dependabot major bumps until the CLI runtime + floor changes. - Fixed `summary morning --text` so it prints a human preview/status even when the JSON result is not sendable. ## [0.6.0] - 2026-06-05 diff --git a/package-lock.json b/package-lock.json index a4f51c0..bf084ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.6.0", "license": "MIT", "dependencies": { - "commander": "^15.0.0" + "commander": "^14.0.3" }, "bin": { "ouraclaw-cli": "dist/index.js" @@ -1605,12 +1605,12 @@ } }, "node_modules/commander": { - "version": "15.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-15.0.0.tgz", - "integrity": "sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==", + "version": "14.0.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz", + "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==", "license": "MIT", "engines": { - "node": ">=22.12.0" + "node": ">=20" } }, "node_modules/convert-source-map": { diff --git a/package.json b/package.json index 3187819..c198c27 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "access": "public" }, "dependencies": { - "commander": "^15.0.0" + "commander": "^14.0.3" }, "devDependencies": { "@eslint/js": "^10.0.1", diff --git a/test/cli.test.ts b/test/cli.test.ts index b3ed2e4..dea9b73 100644 --- a/test/cli.test.ts +++ b/test/cli.test.ts @@ -8,6 +8,9 @@ const packageJson = JSON.parse( readFileSync(new URL('../package.json', import.meta.url), 'utf8') ) as { version: string; + dependencies: { + commander: string; + }; engines: { node: string; }; @@ -117,4 +120,8 @@ describe('cli', () => { test('declares a Node 20 engine floor', () => { expect(packageJson.engines.node).toBe('>=20.0.0'); }); + + test('keeps Commander on the Node 20-compatible major', () => { + expect(packageJson.dependencies.commander).toMatch(/^\^14\./); + }); });