chore(deps): bump the minor-and-patch group across 1 directory with 9 updates by dependabot[bot] · Pull Request #129 · wiiiimm/gh-manager-cli

dependabot · 2026-06-17T17:17:04Z

Bumps the minor-and-patch group with 9 updates in the / directory:

Package	From	To
@octokit/graphql	`9.0.1`	`9.0.3`
apollo3-cache-persist	`0.14.1`	`0.15.0`
chalk	`5.6.0`	`5.6.2`
dotenv	`17.2.1`	`17.4.2`
fuse.js	`7.4.1`	`7.4.2`
react	`19.1.1`	`19.2.7`
@types/react	`19.1.12`	`19.2.17`
tsup	`8.5.0`	`8.5.1`
vitest	`4.1.0`	`4.1.9`

Updates @octokit/graphql from 9.0.1 to 9.0.3

Release notes

Sourced from @octokit/graphql's releases.

v9.0.3

9.0.3 (2025-10-31)

Bug Fixes

deps: update dependency @octokit/types to v16 (#676) (d5acce5)

v9.0.2

9.0.2 (2025-09-29)

Bug Fixes

deps: update dependency @octokit/types to v15 (#665) (8ed325e)

Commits

d5acce5 fix(deps): update dependency @octokit/types to v16 (#676)
db5b8fc build(deps): lock file maintenance (#670)
6d34f9f ci(action): update github/codeql-action action to v4 (#671)
be6feba chore(deps): update dependency @types/node to v24 (#675)
59bbbbc ci(action): update peter-evans/create-or-update-comment action to v5 (#668)
9014228 ci(action): update actions/setup-node action to v6 (#672)
2e9c447 chore(deps): update dependency prettier to v3.6.2 (#661)
e31cf11 ci(action): update actions/setup-node action to v5 (#663)
9989422 build(deps): lock file maintenance (#667)
ea07437 ci(action): update actions/checkout action to v5 (#662)
Additional commits viewable in compare view

Updates apollo3-cache-persist from 0.14.1 to 0.15.0

Release notes

Sourced from apollo3-cache-persist's releases.

0.15.0

See the Changelog for details.

What's Changed

Make storage to protected in wrappers for inheritance by @MasterOdin in apollographql/apollo-cache-persist#466

Update AppState usage to avoid deprecated API by @awinograd in apollographql/apollo-cache-persist#468

chore(deps): pin dependency @apollo/client to 3.7.15 by @renovate in apollographql/apollo-cache-persist#390

chore(deps): pin dependencies by @renovate in apollographql/apollo-cache-persist#397

Advanced Usage Documentation Typo Fix by @smiles2424 in apollographql/apollo-cache-persist#474

chore(deps): update dependency @apollo/client to v3.7.17 by @renovate in apollographql/apollo-cache-persist#481

SECOPS-2268: Add Gitleaks to CI by @svc-secops in apollographql/apollo-cache-persist#506

chore: update dependencies by @wodCZ in apollographql/apollo-cache-persist#516

chore(deps): update secops orb to v2.0.7 by @renovate in apollographql/apollo-cache-persist#517

New Contributors

@MasterOdin made their first contribution in apollographql/apollo-cache-persist#466

@awinograd made their first contribution in apollographql/apollo-cache-persist#468

@smiles2424 made their first contribution in apollographql/apollo-cache-persist#474

@svc-secops made their first contribution in apollographql/apollo-cache-persist#506

Full Changelog: apollographql/apollo-cache-persist@0.14.1...0.15.0

Changelog

Sourced from apollo3-cache-persist's changelog.

0.15.0 (2024-03-26)

Bug Fixes

persist cache on garbage collection (330a9f4)

tests: make tests pass (e431a56)

Features

add semgrep job (db674af)

Commits

719048d chore(deps): update secops orb to v2.0.7
63b12fc chore: release 0.15.0
9b170b0 chore(examples): update web example dependencies and yarn
e39c2aa chore(deps): update dev dependencies
b8a2217 chore: ignore .idea
366d155 chore: migrate to latest yarn
ac4797e fix: persist cache on garbage collection
2a9e3e9 feat: add semgrep job
cbf1b19 update secops orb
be23e25 Add gitleaks scan to CI
Additional commits viewable in compare view

Updates chalk from 5.6.0 to 5.6.2

Release notes

Sourced from chalk's releases.

v5.6.2

Fix vulnerability in 5.6.1, see: chalk/chalk#656

Commits

5155778 5.6.2
See full diff in compare view

Updates dotenv from 17.2.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

Fixed typescript error definition (#912)

... (truncated)

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates fuse.js from 7.4.1 to 7.4.2

Release notes

Sourced from fuse.js's releases.

v7.4.2

Bug Fixes

types: ship CommonJS type declarations (.d.cts) so consumers on moduleResolution: node16/nodenext no longer hit TS1479 ("masquerading as ESM") when importing the package from a CommonJS project. The lib entries now resolve to a runtime-accurate export = declaration and the worker to its named declaration, via the require exports condition. (#780)

Full Changelog: krisk/Fuse@v7.4.1...v7.4.2

Changelog

Sourced from fuse.js's changelog.

7.4.2 (2026-06-05)

Bug Fixes

types: emit CommonJS declarations (.d.cts) for node16/nodenext (#780) (33f5d29)

Commits

9e63058 chore(release): 7.4.2
33f5d29 fix(types): emit CommonJS declarations (.d.cts) for node16/nodenext (#780)
7c6af4e build: replace rollup/babel/terser build with tsdown
50f6b24 chore(deps): pin fast-uri to ^3.1.2 via overrides
9e6ec22 chore(build): exit non-zero when a build step fails
ff51f6b chore: source docs version from package.json, not npm view
08b77d9 chore: bump doc versions to 7.4.1
See full diff in compare view

Updates react from 19.1.1 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

Type hardening and performance improvements (#36425 by @eps1lon and @unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

Add extra loop protection to React Server Functions (@sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@eps1lon facebook/react#35290)

Patch Promise cycles and toString on Server Functions (@sebmarkbage, @unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

<Activity>: A new API to hide and restore the UI and internal state of its children.

useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.

cacheSignal (for RSCs) lets your know when the cache() lifetime is over.

React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

<Activity>: A new API to hide and restore the UI and internal state of its children.

useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.

cacheSignal (for RSCs) lets your know when the cache() lifetime is over.

React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

Added resume APIs for partial pre-rendering with Web Streams:

resume: to resume a prerender to a stream.

resumeAndPrerender: to resume a prerender to HTML.

Added resume APIs for partial pre-rendering with Node Streams:

resumeToPipeableStream: to resume a prerender to a stream.

resumeAndPrerenderToNodeStream: to resume a prerender to HTML.

Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.

Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js

Use underscore instead of : IDs generated by useId

All Changes

React

<Activity /> was developed over many years, starting before ClassComponent.setState (@acdlite @sebmarkbage and many others)

Stringify context as "SomeContext" instead of "SomeContext.Provider" (@kassens #33507)

Include stack of cause of React instrumentation errors with %o placeholder (@eps1lon #34198)

Fix infinite useDeferredValue loop in popstate event (@acdlite #32821)

Fix a bug when an initial value was passed to useDeferredValue (@acdlite #34376)

Fix a crash when submitting forms with Client Actions (@sebmarkbage #33055)

Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@sebmarkbage #32900)

Avoid stack overflow on wide trees during Hot Reload (@sophiebits #34145)

Improve Owner and Component stacks in various places (@sebmarkbage, @eps1lon: #33629, #33724, #32735, #33723)

Add cacheSignal (@sebmarkbage #33557)

... (truncated)

Commits

6117d7c Version 19.2.7 (#36591)
eaf3e95 Version 19.2.6
23f4f9f 19.2.5
90ab3f8 Version 19.2.4
612e371 Version 19.2.3
b910fc1 Version 19.2.2
053df4e Version 19.2.1
5667a41 Bump next prerelease version numbers (#34639)
8bb7241 Bump useEffectEvent to Canary (#34610)
e3c9656 Ensure Performance Track are Clamped and Don't overlap (#34509)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.1.12 to 19.2.17

Commits

See full diff in compare view

Updates @types/react from 19.1.12 to 19.2.17

Commits

See full diff in compare view

Updates tsup from 8.5.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

🐞 Bug Fixes

Add script tag validation - by @benhoad in egoist/tsup#1314 (df736)

Update esbuild to fix sourcemap source issue - by @ArcherGu and @sxzz in egoist/tsup#1316 (fb8ae)

View changes on GitHub

Commits

1ecb6a5 chore: release v8.5.1
e92ba64 chore: upgrade esbuild
fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
db7cfaa chore: upgrade pnpm
df7360b fix: add script tag validation (#1314)
65e8547 chore: bump source-map to 0.7.6 (#1358)
f127e57 ci: switch to trusted publisher
8b6907d chore: add maintenance info in README (#1332)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsup since your current version.

Updates vitest from 4.1.0 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)

browser:

Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)

Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)

mocker:

Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)

pool:

Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

browser:

Disable client cdp API when allowWrite/allowExec: false [backport to v4] - by @hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)

Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by @toxik and @Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

... (truncated)

Commits

a7a61e7 chore: release v4.1.9 (#10598)
934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
e61f2dd chore: release v4.1.8
e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
a09d472 chore: release v4.1.7
a8fd24c chore: release v4.1.6
18af98c fix(browser): simplify orchestrator otel carrier (#10285)
3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates Bumps the minor-and-patch group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@octokit/graphql](https://github.com/octokit/graphql.js) | `9.0.1` | `9.0.3` | | [apollo3-cache-persist](https://github.com/apollographql/apollo-cache-persist) | `0.14.1` | `0.15.0` | | [chalk](https://github.com/chalk/chalk) | `5.6.0` | `5.6.2` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.1` | `17.4.2` | | [fuse.js](https://github.com/krisk/Fuse) | `7.4.1` | `7.4.2` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.1.1` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.1.12` | `19.2.17` | | [tsup](https://github.com/egoist/tsup) | `8.5.0` | `8.5.1` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.0` | `4.1.9` | Updates `@octokit/graphql` from 9.0.1 to 9.0.3 - [Release notes](https://github.com/octokit/graphql.js/releases) - [Commits](octokit/graphql.js@v9.0.1...v9.0.3) Updates `apollo3-cache-persist` from 0.14.1 to 0.15.0 - [Release notes](https://github.com/apollographql/apollo-cache-persist/releases) - [Changelog](https://github.com/apollographql/apollo-cache-persist/blob/master/CHANGELOG.md) - [Commits](apollographql/apollo-cache-persist@0.14.1...0.15.0) Updates `chalk` from 5.6.0 to 5.6.2 - [Release notes](https://github.com/chalk/chalk/releases) - [Commits](chalk/chalk@v5.6.0...v5.6.2) Updates `dotenv` from 17.2.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.1...v17.4.2) Updates `fuse.js` from 7.4.1 to 7.4.2 - [Release notes](https://github.com/krisk/Fuse/releases) - [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md) - [Commits](krisk/Fuse@v7.4.1...v7.4.2) Updates `react` from 19.1.1 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `@types/react` from 19.1.12 to 19.2.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@types/react` from 19.1.12 to 19.2.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `tsup` from 8.5.0 to 8.5.1 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v8.5.0...v8.5.1) Updates `vitest` from 4.1.0 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest) --- updated-dependencies: - dependency-name: "@octokit/graphql" dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: apollo3-cache-persist dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: chalk dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: fuse.js dependency-version: 7.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/react" dependency-version: 19.2.17 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@types/react" dependency-version: 19.2.17 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: tsup dependency-version: 8.5.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: vitest dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

wiiiimm · 2026-06-18T06:06:10Z

Superseded by #131, which consolidates all open Dependabot updates into a single PR. Closing in favour of that.

dependabot · 2026-06-18T06:06:13Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

…r title] (#131) * chore(deps): consolidate open dependabot updates (GMC-45) Combine all 13 open Dependabot PRs (#116–#129) into a single update. npm group (#129): @octokit/graphql 9.0.3, apollo3-cache-persist 0.15.0, chalk 5.6.2, dotenv 17.4.2, fuse.js 7.4.2, react 19.2.7, @types/react 19.2.17, tsup 8.5.1, vitest 4.1.9. npm majors: typescript 6.0.3 (#128), @vitest/coverage-v8 4.1.8 (#127), semantic-release 25.0.5 (#126), ink-testing-library 4.0.0 (#125), env-paths 4.0.0 (#124), @types/node 25.9.2 (#123), open 11.0.0 (#122). GitHub Actions: setup-node v6 (#120), checkout v6 (#119), github-script v9 (#118), download-artifact v8 (#117), cache v5 (#116). Verified: typecheck (TS 6), build, and full test suite (456/456) all pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * ci: bump release workflow to Node 22 for semantic-release 25 (GMC-45) semantic-release 25 requires Node ^22.14.0 || >=24.10.0; the release workflow still set up Node 20, which would fail `npx semantic-release` on the next push to main. Bump all setup-node steps to Node 22 (LTS). Flagged by Cursor Bugbot (High) and Codex (P1) on PR #131. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * chore: raise Node floor to >=20 for env-paths 4 and open 11 (GMC-45) env-paths@4 and open@11 both declare engines.node ">=20", but the package still advertised ">=18", letting Node 18-19 users install a build that breaks at startup (env-paths) and on browser open (open). Align engines.node and the setup docs to >=20. Node 18 is already EOL. Flagged by Cursor Bugbot (Medium) on PR #131. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * build: migrate to @yao-pkg/pkg and target node20 binaries (GMC-45) vercel/pkg (pkg@5.8.1) is archived and only ships base binaries up to Node 18, so release binaries embedded a Node 18 runtime — incompatible with env-paths 4 / open 11 (Node 20+) after raising the engine floor. Switch to the maintained @yao-pkg/pkg fork and build node20 targets in both the build:binaries script and the release workflow. The packager needs Node 22 to run, which the release jobs already use. Flagged by Cursor Bugbot (High) on PR #131. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: note build:binaries requires Node 22+ for @yao-pkg/pkg (GMC-45) The CLI runtime engine stays at Node >=20, but @yao-pkg/pkg requires Node >=22 to run. Document this in the Packaging section so contributors on Node 20/21 know the binary build needs a newer Node, rather than raising engines.node and wrongly forcing end users onto Node 22. Addresses CodeRabbit engine-mismatch note on PR #131. The companion "Invalid Windows pkg target" finding is a false positive: pkg-fetch's toFancyPlatform aliases "windows" -> "win" during target parsing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 17, 2026

This was referenced Jun 18, 2026

Consolidate open Dependabot PRs into a single dependency update #130

Closed

chore(deps): consolidate open dependabot updates (GMC-45) [semantic pr title] #131

Merged

wiiiimm closed this Jun 18, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-cda8036e3c branch June 18, 2026 06:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the minor-and-patch group across 1 directory with 9 updates#129

chore(deps): bump the minor-and-patch group across 1 directory with 9 updates#129
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-cda8036e3c

dependabot Bot commented on behalf of github Jun 17, 2026

Uh oh!

wiiiimm commented Jun 18, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 17, 2026

v9.0.3

9.0.3 (2025-10-31)

Bug Fixes

v9.0.2

9.0.2 (2025-09-29)

Bug Fixes

0.15.0

What's Changed

New Contributors

0.15.0 (2024-03-26)

Bug Fixes

Features

v5.6.2

17.4.2 (2026-04-12)

Changed

17.4.1 (2026-04-05)

Changed

17.4.0 (2026-04-01)

Added

Changed

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

17.2.4 (2026-02-05)

Changed

17.2.3 (2025-09-29)

Changed

v7.4.2

Bug Fixes

7.4.2 (2026-06-05)

Bug Fixes

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

New React Features

New React DOM Features

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

New React Features

New React DOM Features

Notable changes

All Changes

React

v8.5.1

🐞 Bug Fixes

View changes on GitHub

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

🐞 Bug Fixes

View changes on GitHub

v4.1.7

🐞 Bug Fixes

View changes on GitHub

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes