Skip to content

Bump the production-dependencies group across 1 directory with 5 updates#43

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-b10c69f11e
Open

Bump the production-dependencies group across 1 directory with 5 updates#43
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-b10c69f11e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 5 updates in the / directory:

Package From To
@octokit/plugin-retry 8.0.3 8.1.0
inquirer 12.11.1 14.0.2
p-limit 7.2.0 7.3.0
semver 7.7.3 7.8.5
yaml 2.8.2 2.9.0

Updates @octokit/plugin-retry from 8.0.3 to 8.1.0

Release notes

Sourced from @​octokit/plugin-retry's releases.

v8.1.0

8.1.0 (2026-02-18)

Features

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​octokit/plugin-retry since your current version.


Updates inquirer from 12.11.1 to 14.0.2

Release notes

Sourced from inquirer's releases.

inquirer@14.0.2

  • Fix security warnings in external-editor

inquirer@14.0.1

  • Rolled back mute-stream dependency from v4 to v3 to undo breaking compatible engines.
  • Added tooling to prevent regression of the above in the future. This surfaced our min engines already enforced a higher limit, so adjusted the explicit limits to match the current state.

inquirer@14.0.0

  • Fix (breaking): Inquirer will now throw when encountering non-registered prompt. Prior to this fix, Inquirer would default to type: 'input' in such cases - this behaviour was misleading and made it harder to detect broken code when not using Typescript.
  • Feat: Read env variable INQUIRER_KEYBINDINGS to enable vim or emacs keybindings; making this a user preference instead of a library author preference. One caveat is doing so disable the search feature in the select prompt. Syntax: INQUIRER_KEYBINDINGS=vim,emacs.
  • Fix: Line wraps would sometime cause the cursor to be mispositioned relative to the input.
  • Chore: Dropped the rxjs dependency in favor of a lightweight internal Observable implementation. The package is much smaller for most users now.
  • Chore: Bump dependencies.

inquirer@13.4.3

  • Fix: Windows rendering bug
  • Fix: Preserve exact literal types in choices array (Typescript only)
  • Fix: Allow input default value to be of type undefined (Typescript only)
  • Bump dependencies

inquirer@13.4.2

  • Fix: some Windows terminals would freeze and not react to keypresses.

inquirer@13.4.1

  • Improve expand prompt type inferrence.

inquirer@13.4.0

  • Feat: Added a loading message while validating editor prompt input.
  • Type improvement: Better type inference with checkbox, search and expand prompts.
  • Fix: editor prompt not always properly handling editor path on windows.

inquirer@13.3.2

  • Fix broken 1.3.1 release process.

inquirer@13.2.5

What's Changed

... (truncated)

Commits
  • bfd8710 chore: Publish new release
  • 55cc5f3 feat: add reusable package lint CLI
  • 3af9ed0 test(inquirer): capture prompt runner output
  • 4381857 fix(@​inquirer/input): remove stale lint suppression
  • 45df331 fix(@​inquirer/external-editor): harden editor temp files
  • adef323 chore: limit CI token permissions
  • b43359d chore: Publish new release
  • 24ecae2 chore: fix yarn.lock
  • b078d97 fix: validate package engine compatibility
  • 3a49f9f chore(deps-dev): Bump oxfmt in the formatting group (#2143)
  • Additional commits viewable in compare view

Updates p-limit from 7.2.0 to 7.3.0

Release notes

Sourced from p-limit's releases.

v7.3.0

  • Add rejectOnClear option 8907801
  • Support options object in pLimit() 870db0f

sindresorhus/p-limit@v7.2.0...v7.3.0

Commits

Updates semver from 7.7.3 to 7.8.5

Release notes

Sourced from semver's releases.

v7.8.5

7.8.5 (2026-06-19)

Bug Fixes

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

Chores

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

v7.8.0

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

... (truncated)

Changelog

Sourced from semver's changelog.

7.8.5 (2026-06-19)

Bug Fixes

7.8.4 (2026-06-09)

Bug Fixes

7.8.3 (2026-06-08)

Bug Fixes

Chores

7.8.2 (2026-06-04)

Bug Fixes

7.8.1 (2026-05-21)

Bug Fixes

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

Chores

Commits

Updates yaml from 2.8.2 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

  • fix: Avoid calling Array.prototype.push.apply() with large source array
  • fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)
Commits
  • ddb21b0 2.9.0
  • 167365b docs: Clarify that not all errors can be avoided
  • 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
  • 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
  • ccdf743 2.8.4
  • f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
  • e1a1a77 fix: Handle invalid unicode escapes
  • a163ea0 style: Satify Prettier
  • b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
  • 93c951b chore: Bump JSR version to v2.8.3 (#673)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Mar 30, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: aegilops. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-b10c69f11e branch from b81f9d8 to ff87b57 Compare May 12, 2026 04:09
Bumps the production-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) | `8.0.3` | `8.1.0` |
| [inquirer](https://github.com/SBoudrias/Inquirer.js) | `12.11.1` | `14.0.2` |
| [p-limit](https://github.com/sindresorhus/p-limit) | `7.2.0` | `7.3.0` |
| [semver](https://github.com/npm/node-semver) | `7.7.3` | `7.8.5` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` |



Updates `@octokit/plugin-retry` from 8.0.3 to 8.1.0
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](octokit/plugin-retry.js@v8.0.3...v8.1.0)

Updates `inquirer` from 12.11.1 to 14.0.2
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@12.11.1...inquirer@14.0.2)

Updates `p-limit` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/sindresorhus/p-limit/releases)
- [Commits](sindresorhus/p-limit@v7.2.0...v7.3.0)

Updates `semver` from 7.7.3 to 7.8.5
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.7.3...v7.8.5)

Updates `yaml` from 2.8.2 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.9.0)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: inquirer
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: p-limit
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: semver
  dependency-version: 7.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-b10c69f11e branch from ff87b57 to cb7175d Compare July 6, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants