Skip to content

build(deps): bump the dependencies group with 10 updates#230

Merged
steipete merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-90ba3088ac
May 31, 2026
Merged

build(deps): bump the dependencies group with 10 updates#230
steipete merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-90ba3088ac

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Bumps the dependencies group with 10 updates:

Package From To
@google/genai 2.6.0 2.7.0
commander 14.0.3 15.0.0
inquirer 13.4.3 14.0.1
openai 6.39.0 6.39.1
@typescript/native-preview 7.0.0-dev.20260523.1 7.0.0-dev.20260527.2
devtools-protocol 0.0.1634055 0.0.1638241
es-toolkit 1.46.1 1.47.0
oxfmt 0.51.0 0.52.0
oxlint 1.66.0 1.67.0
puppeteer-core 25.0.4 25.1.0

Updates @google/genai from 2.6.0 to 2.7.0

Release notes

Sourced from @​google/genai's releases.

v2.7.0

2.7.0 (2026-05-27)

Features

  • Add Skill Registry ListSkills and DeleteSkill to SDK (d75582a)
  • additional computer_use field support for vertex. (54a692b)
  • interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (3cc830e)
  • interaction-api: Enable BigQuery tool in Deep Research config. (58c8c7e)
  • Support Reinforcement Tuning in GenAI SDK (418cc35)
Changelog

Sourced from @​google/genai's changelog.

2.7.0 (2026-05-27)

Features

  • Add Skill Registry ListSkills and DeleteSkill to SDK (d75582a)
  • additional computer_use field support for vertex. (54a692b)
  • interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (3cc830e)
  • interaction-api: Enable BigQuery tool in Deep Research config. (58c8c7e)
  • Support Reinforcement Tuning in GenAI SDK (418cc35)
Commits
  • 2821346 chore(main): release 2.7.0 (#1630)
  • 54a692b feat: additional computer_use field support for vertex.
  • d75582a feat: Add Skill Registry ListSkills and DeleteSkill to SDK
  • 3cc830e feat(interaction-api): Allow "text/csv" as a supported document mime type for...
  • 58c8c7e feat(interaction-api): Enable BigQuery tool in Deep Research config.
  • b25d22f chore: Internal cleanup
  • 418cc35 feat: Support Reinforcement Tuning in GenAI SDK
  • See full diff in compare view

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

Updates inquirer from 13.4.3 to 14.0.1

Release notes

Sourced from inquirer's releases.

inquirer@14.0.1

  • Rolled back mute-stream dependency from v4 to v3 to undo breaking compatible engines.
  • Added tooling to prevent regression of the above in the future. This surfaced our min engines already enforced a higher limit, so adjusted the explicit limits to match the current state.

inquirer@14.0.0

  • Fix (breaking): Inquirer will now throw when encountering non-registered prompt. Prior to this fix, Inquirer would default to type: 'input' in such cases - this behaviour was misleading and made it harder to detect broken code when not using Typescript.
  • Feat: Read env variable INQUIRER_KEYBINDINGS to enable vim or emacs keybindings; making this a user preference instead of a library author preference. One caveat is doing so disable the search feature in the select prompt. Syntax: INQUIRER_KEYBINDINGS=vim,emacs.
  • Fix: Line wraps would sometime cause the cursor to be mispositioned relative to the input.
  • Chore: Dropped the rxjs dependency in favor of a lightweight internal Observable implementation. The package is much smaller for most users now.
  • Chore: Bump dependencies.
Commits
  • b43359d chore: Publish new release
  • 24ecae2 chore: fix yarn.lock
  • b078d97 fix: validate package engine compatibility
  • 3a49f9f chore(deps-dev): Bump oxfmt in the formatting group (#2143)
  • 9cc492f chore(deps): Bump fast-wrap-ansi from 0.2.0 to 0.2.2 (#2146)
  • feb7edf chore(deps-dev): Bump @​types/node in the types group (#2145)
  • a05eb68 chore(deps-dev): Bump the build group with 3 updates (#2144)
  • f6ddfce chore(deps-dev): Bump the linting group with 3 updates (#2142)
  • 5ca6d11 chore: Publish new release
  • 2520349 feat(@​inquirer/core): support keybindings env defaults
  • Additional commits viewable in compare view

Updates openai from 6.39.0 to 6.39.1

Release notes

Sourced from openai's releases.

v6.39.1

6.39.1 (2026-05-27)

Full Changelog: v6.39.0...v6.39.1

Bug Fixes

  • Improve undici dispatcher mismatch guidance (#1898) (b6e5fd6)
  • treat text/plan with format: binary as raw upload (f9a632a)
  • treat text/plan with format: binary as raw upload (323cb78)

Chores

  • internal: codegen related update (d32deef)
Changelog

Sourced from openai's changelog.

6.39.1 (2026-05-27)

Full Changelog: v6.39.0...v6.39.1

Bug Fixes

  • Improve undici dispatcher mismatch guidance (#1898) (b6e5fd6)
  • treat text/plan with format: binary as raw upload (f9a632a)
  • treat text/plan with format: binary as raw upload (323cb78)

Chores

  • internal: codegen related update (d32deef)
Commits
  • 6c11a74 release: 6.39.1
  • a91a7aa fix: Improve undici dispatcher mismatch guidance (#1898)
  • 13520f4 chore(internal): codegen related update
  • a22dd6b Merge pull request #1867 from openai/docs/readme-gpt-5.5
  • 00e1d1a Update README models to gpt-5.5 and gpt-realtime-2
  • See full diff in compare view

Updates @typescript/native-preview from 7.0.0-dev.20260523.1 to 7.0.0-dev.20260527.2

Commits

Updates devtools-protocol from 0.0.1634055 to 0.0.1638241

Commits

Updates es-toolkit from 1.46.1 to 1.47.0

Release notes

Sourced from es-toolkit's releases.

v1.47.0

Released on May 25th, 2026.

  • Added es-toolkit/server entrypoint with colors namespace for ANSI terminal color utilities. ([#1683])
  • Added exec function. ([#1689])
  • Added sortKeys to the object entrypoint. ([#1674])
  • Added cartesianProduct and combinations to the array entrypoint. ([#1713])
  • Added allKeyed to the promise entrypoint. ([#1672])
  • Added percentile to the math entrypoint. ([#1710])
  • Added an interactive playground page to docs. ([#1720])
  • Reorganized docs to introduce a flavor switcher and co-locate compat under /compat/. ([#1699])
  • Fixed uniqWith in compat to match lodash's comparator argument order. ([#1729])
  • Fixed compat/omitBy to not treat plain objects with numeric length as array-like. ([#1709])

We sincerely thank @​Antoliny0919, @​ATOM00blue, @​dayongkr, @​guesung, @​myeong-jae-hwi, @​raon0211, @​seungrodotlee, and @​Xiaohang0316 for their contributions. We appreciate your great efforts!

Changelog

Sourced from es-toolkit's changelog.

Version v1.47.0

Released on May 25th, 2026.

  • Added es-toolkit/server entrypoint with colors namespace for ANSI terminal color utilities. (#1683)
  • Added exec function. (#1689)
  • Added sortKeys to the object entrypoint. (#1674)
  • Added cartesianProduct and combinations to the array entrypoint. (#1713)
  • Added allKeyed to the promise entrypoint. (#1672)
  • Added percentile to the math entrypoint. (#1710)
  • Added an interactive playground page to docs. (#1720)
  • Reorganized docs to introduce a flavor switcher and co-locate compat under /compat/. (#1699)
  • Fixed uniqWith in compat to match lodash's comparator argument order. (#1729)
  • Fixed compat/omitBy to not treat plain objects with numeric length as array-like. (#1709)

We sincerely thank @​Antoliny0919, @​ATOM00blue, @​dayongkr, @​guesung, @​myeong-jae-hwi, @​raon0211, @​seungrodotlee, and @​Xiaohang0316 for their contributions. We appreciate your great efforts!

Commits
  • 9f35cf9 v1.47.0
  • b73e0bc docs[playground]: add link to playground editor title (#1735)
  • a6d40df docs[server]: add localized server docs (#1733)
  • ecbdd36 docs[playground]: separate playground page layout (#1732)
  • 52ac49c docs(compat): align method chaining guidance across locales (#1731)
  • c011690 fix(docs): fix issues in playground page (#1727)
  • 03ca6ea fix(uniqWith): match lodash comparator argument order in compat (#1729)
  • 8a978e3 build(deps): bump dahlia/submark (#1730)
  • 6d3ca81 docs: introduce flavor switcher and co-locate compat under /compat/ (#1699)
  • 970ae85 fix: add alt text to VitePress logo (#1722)
  • Additional commits viewable in compare view

Updates oxfmt from 0.51.0 to 0.52.0

Changelog

Sourced from oxfmt's changelog.

[0.52.0] - 2026-05-26

🚀 Features

  • 16b8058 oxfmt: Support vite-plus/resolveConfig for vite.config.ts (#22454) (leaysgur)

[0.50.0] - 2026-05-15

🐛 Bug Fixes

  • 43b9978 formatter/sort_imports: Treat subpath imports as internal (#22440) (leaysgur)

[0.49.0] - 2026-05-11

🚀 Features

  • 6e8e818 oxfmt: Experimental .svelte support (#21700) (leaysgur)

[0.45.0] - 2026-04-13

🐛 Bug Fixes

  • 50c389b oxfmt: Support .editorconfig quote_type (#20989) (leaysgur)

[0.44.0] - 2026-04-06

🐛 Bug Fixes

  • dd2df87 npm: Export package.json for oxlint and oxfmt (#20784) (kazuya kawaguchi)
  • 4216380 oxfmt: Support .editorconfig tab_width fallback (#20988) (leaysgur)

[0.43.0] - 2026-03-30

🚀 Features

  • 6ef440a oxfmt: Support bool for object style options (#20853) (leaysgur)

[0.42.0] - 2026-03-24

🚀 Features

  • 416865a formatter,oxfmt: Add doc comments for JsdocConfig (#20644) (leaysgur)
  • 4fec907 formatter: Add JSDoc comment formatting support (#19828) (Dunqing)

[0.40.0] - 2026-03-12

🐛 Bug Fixes

  • bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#20273) (leaysgur)

... (truncated)

Commits

Updates oxlint from 1.66.0 to 1.67.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.67.0] - 2026-05-26

🚀 Features

  • b84941e linter/vue: Implement no-expose-after-await rule (#22675) (bab)
  • 98b98c1 linter/vue: Implement no-computed-properties-in-data rule (#22674) (bab)
  • 2d4c919 oxlint: Support vite-plus/resolveConfig for vite.config.ts (#22456) (leaysgur)
  • 2a60012 linter/vue: Implement require-render-return rule (#22613) (bab)
  • 9f227fd linter/vue: Implement no-deprecated-props-default-this rule (#21892) (bab)
  • 87f065e linter/vue: Implement return-in-emits-validator rule (#21935) (bab)
  • ea0380c linter/unicorn: Implement import-style rule (#22173) (Hao Chen)
  • dde40fe linter/vue: Implement no-watch-after-await rule (#22006) (bab)
  • a735eb0 linter/vue: Implement valid-next-tick rule (#22531) (bab)
  • 6dc615d linter/vue: Implement no-shared-component-data rule (#21842) (bab)
  • a656418 linter/vue: Implement valid-define-options rule (#22107) (bab)
  • bb6f1b2 linter/vue: Implement require-slots-as-functions rule (#22244) (bab)
  • 5fa4774 linter/n: Implement callback-return rule (#22470) (Mikhail Baev)
Commits
  • 68b455d release(apps): oxlint v1.67.0 && oxfmt v0.52.0 (#22735)
  • b84941e feat(linter/vue): implement no-expose-after-await rule (#22675)
  • 98b98c1 feat(linter/vue): implement no-computed-properties-in-data rule (#22674)
  • 2d4c919 feat(oxlint): Support vite-plus/resolveConfig for vite.config.ts (#22456)
  • 2a60012 feat(linter/vue): implement require-render-return rule (#22613)
  • 9f227fd feat(linter/vue): implement no-deprecated-props-default-this rule (#21892)
  • 87f065e feat(linter/vue): implement return-in-emits-validator rule (#21935)
  • ea0380c feat(linter/unicorn): implement import-style rule (#22173)
  • dde40fe feat(linter/vue): implement no-watch-after-await rule (#22006)
  • a735eb0 feat(linter/vue): implement valid-next-tick rule (#22531)
  • Additional commits viewable in compare view

Updates puppeteer-core from 25.0.4 to 25.1.0

Release notes

Sourced from puppeteer-core's releases.

puppeteer-core: v25.1.0

25.1.0 (2026-05-26)

🎉 Features

🛠️ Fixes

📄 Documentation

🏗️ Refactor

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4
Changelog

Sourced from puppeteer-core's changelog.

25.1.0 (2026-05-26)

🎉 Features

🛠️ Fixes

🏗️ Refactor

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4

📄 Documentation

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the dependencies group with 10 updates
175330b 
Bumps the dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [@google/genai](https://github.com/googleapis/js-genai) | `2.6.0` | `2.7.0` |
| [commander](https://github.com/tj/commander.js) | `14.0.3` | `15.0.0` |
| [inquirer](https://github.com/SBoudrias/Inquirer.js) | `13.4.3` | `14.0.1` |
| [openai](https://github.com/openai/openai-node) | `6.39.0` | `6.39.1` |
| [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260523.1` | `7.0.0-dev.20260527.2` |
| [devtools-protocol](https://github.com/ChromeDevTools/devtools-protocol) | `0.0.1634055` | `0.0.1638241` |
| [es-toolkit](https://github.com/toss/es-toolkit) | `1.46.1` | `1.47.0` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.51.0` | `0.52.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.66.0` | `1.67.0` |
| [puppeteer-core](https://github.com/puppeteer/puppeteer) | `25.0.4` | `25.1.0` |


Updates `@google/genai` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/googleapis/js-genai/releases)
- [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/js-genai@v2.6.0...v2.7.0)

Updates `commander` from 14.0.3 to 15.0.0
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v14.0.3...v15.0.0)

Updates `inquirer` from 13.4.3 to 14.0.1
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.4.3...inquirer@14.0.1)

Updates `openai` from 6.39.0 to 6.39.1
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v6.39.0...v6.39.1)

Updates `@typescript/native-preview` from 7.0.0-dev.20260523.1 to 7.0.0-dev.20260527.2
- [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md)
- [Commits](https://github.com/microsoft/typescript-go/commits)

Updates `devtools-protocol` from 0.0.1634055 to 0.0.1638241
- [Commits](ChromeDevTools/devtools-protocol@v0.0.1634055...v0.0.1638241)

Updates `es-toolkit` from 1.46.1 to 1.47.0
- [Release notes](https://github.com/toss/es-toolkit/releases)
- [Changelog](https://github.com/toss/es-toolkit/blob/main/CHANGELOG.md)
- [Commits](toss/es-toolkit@v1.46.1...v1.47.0)

Updates `oxfmt` from 0.51.0 to 0.52.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.52.0/npm/oxfmt)

Updates `oxlint` from 1.66.0 to 1.67.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.67.0/npm/oxlint)

Updates `puppeteer-core` from 25.0.4 to 25.1.0
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-core-v25.0.4...puppeteer-core-v25.1.0)

---
updated-dependencies:
- dependency-name: "@google/genai"
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: commander
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: inquirer
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: openai
  dependency-version: 6.39.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@typescript/native-preview"
  dependency-version: 7.0.0-dev.20260527.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: devtools-protocol
  dependency-version: 0.0.1638241
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: es-toolkit
  dependency-version: 1.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: oxfmt
  dependency-version: 0.52.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: oxlint
  dependency-version: 1.67.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: puppeteer-core
  dependency-version: 25.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@clawsweeper
Copy link
Copy Markdown

clawsweeper Bot commented May 29, 2026
edited
Loading

Codex review: needs maintainer review before merge. Reviewed May 29, 2026, 7:04 PM ET / 23:04 UTC.

Summary
The PR updates package.json and pnpm-lock.yaml for 10 dependency versions, including commander 15, inquirer 14, OpenAI/Gemini SDKs, Puppeteer, DevTools Protocol, TypeScript native preview, oxfmt, oxlint, and es-toolkit.

Reproducibility: not applicable. this is dependency maintenance, not a reported runtime bug. Source inspection identifies the affected CLI, TUI, provider, tooling, and browser paths to validate.

Review metrics: 3 noteworthy metrics.

  • Dependency updates: 10 versions updated. The PR mixes runtime SDKs, CLI/TUI libraries, browser automation tooling, and formatter/linter packages in one review surface.
  • Semver-major production deps: 2 direct deps. Commander and inquirer are user-facing runtime dependencies rather than dev-only lockfile churn.
  • Files changed: 2 files, +375/-555. Most of the patch is lockfile churn, so review should focus on package surface and upgrade validation rather than code edits.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Run focused CLI/help/doctor, TUI, install/build/check, and browser smoke validation under the supported Node version.
  • [P2] Split commander or inquirer into separate PRs if either major upgrade needs investigation.

Risk before merge

  • [P1] Commander 15 and Inquirer 14 are semver-major direct production updates on the CLI parser and interactive TUI paths, so option defaults, help behavior, and prompt flow need focused validation under the supported Node version.
  • [P1] Puppeteer-core and devtools-protocol updates touch browser automation helpers; AGENTS.md and docs/manual-tests.md call for browser/serve smoke coverage when that surface changes.
  • [P1] The lockfile also refreshes native/tooling packages such as TypeScript native preview, oxfmt, and oxlint, so cross-platform install/build/format behavior remains an upgrade-safety check.

Maintainer options:

  1. Validate The Grouped Upgrade (recommended)
    Run the focused CLI/TUI/build/browser smoke set under the supported Node version and merge if those upgrade checks pass.
  2. Split Major Runtime Bumps
    If commander or inquirer shows behavioral drift, split those semver-major updates into separate PRs and keep the lower-risk patch/minor updates grouped.
  3. Accept Dependency Drift Risk
    Maintainers may intentionally merge the grouped bump if they are comfortable owning any CLI/TUI/browser regressions found after release.

Next step before merge

  • [P2] The remaining blocker is maintainer dependency-upgrade validation and possible split judgment, not a narrow automated code repair.

Security
Cleared: The diff only updates existing dependency versions and the lockfile; I found no new scripts, actions, permissions, secrets handling, or lifecycle-hook changes.

Review details

Best possible solution:

Land the grouped dependency bump only after focused CLI/help/doctor, TUI, install/build/check, and browser smoke evidence; split commander or inquirer out if either major upgrade needs investigation.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is dependency maintenance, not a reported runtime bug. Source inspection identifies the affected CLI, TUI, provider, tooling, and browser paths to validate.

Is this the best way to solve the issue?

Unclear until validation: the dependency refresh is a reasonable maintenance path, but grouping semver-major commander and inquirer with browser/tooling updates is safest only with focused smoke evidence or a split if behavior changes.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6019a199e44c.

Label changes

Label changes:

  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

  • P2: This is a normal dependency improvement with meaningful but bounded CLI/TUI/browser compatibility risk.
  • merge-risk: 🚨 compatibility: Merging the PR could change existing CLI option parsing, TUI prompting, or browser automation behavior through major and tooling dependency upgrades.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a Dependabot PR, so the external-contributor real behavior proof gate is not applied; maintainer smoke validation is still the merge blocker.
Evidence reviewed

What I checked:

  • PR diff scope: The PR head changes only package.json and pnpm-lock.yaml, with 375 additions and 555 deletions across the lockfile-heavy dependency refresh. (package.json:69, 175330b99d54)
  • Runtime dependency updates: The package.json diff raises commander from ^14.0.3 to ^15.0.0 and inquirer from 13.4.3 to 14.0.1, both direct production dependencies. (package.json:69, 175330b99d54)
  • Current CLI parser surface: Current main imports commander in the top-level CLI and defines the root command and many flags through it, so commander behavior is user-facing. (bin/oracle-cli.ts:5, 6019a199e44c)
  • Current TUI prompt surface: Current main imports inquirer for the interactive TUI and uses inquirer.prompt plus Separator choices, so inquirer behavior is user-facing. (src/cli/tui/index.ts:2, 6019a199e44c)
  • Browser validation policy: AGENTS.md says to rerun manual smokes that cover the change surface, especially browser/serve paths, and docs/manual-tests.md documents browser smoke expectations. (AGENTS.md:13, 6019a199e44c)
  • Current main still has old versions: Current main package.json still lists commander ^14.0.3, inquirer 13.4.3, devtools-protocol 0.0.1634055, oxfmt 0.51.0, and the old devtools override, so the dependency bump is not already implemented on main. (package.json:69, 6019a199e44c)

Likely related people:

  • Peter Steinberger: Blame and history tie the current package baseline plus commander, inquirer, browser-tools, and TUI files to the v0.13.0 release commit and repeated dependency refresh work. (role: dependency and CLI/TUI area owner; confidence: high; commits: abb7c9a7d9c8, dcb10bc1dfd0, 302f816d40eb; files: package.json, pnpm-lock.yaml, bin/oracle-cli.ts)
  • Bruce Weaver: Recent current-main work touches bin/oracle-cli.ts and browser/session recovery paths that are relevant to validating the puppeteer-core and devtools-protocol part of this bump. (role: recent adjacent browser/session contributor; confidence: medium; commits: 6019a199e44c; files: bin/oracle-cli.ts, src/browser/reattachability.ts, src/cli/browserTabs.ts)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. and removed rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels May 29, 2026
@steipete steipete merged commit 4490e00 into main May 31, 2026
4 checks passed
@steipete steipete deleted the dependabot/npm_and_yarn/dependencies-90ba3088ac branch May 31, 2026 06:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steipete steipete steipete approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. P2 Normal priority bug or improvement with limited blast radius. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steipete