chore(deps): bump the production-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the production-dependencies group with 8 updates in the / directory:

Package	From	To
@types/node	22.19.0	25.3.3
react-refresh	0.14.2	0.18.0
@inquirer/prompts	7.9.0	8.3.0
commander	12.1.0	14.0.3
chokidar	4.0.3	5.0.0
esbuild	0.25.12	0.27.3
ws	8.18.3	8.19.0
@clack/prompts	0.9.1	1.1.0

Updates @types/node from 22.19.0 to 25.3.3

Commits

• See full diff in compare view

Updates react-refresh from 0.14.2 to 0.18.0

Release notes

Sourced from react-refresh's releases.

0.14.10 (October 14, 2020)

React

• Backport support for the new JSX transform to 0.14.x. (@​lunaruan in #18299 and @​gaearon in #20024)

v0.14.8

React

• Fixed memory leak when rendering on the server

v0.14.7

React

• Fixed bug with <option> tags when using dangerouslySetInnerHTML
• Fixed memory leak in synthetic event system

React TestUtils Add-on

• Fixed bug with calling setState in componentWillMount when using shallow rendering

v0.14.6

React

• Updated fbjs dependency to pick up change affecting handling of undefined document.

v0.14.5

React

• More minor internal changes for better compatibility with React Native

v0.14.4

React

• Minor internal changes for better compatibility with React Native

React DOM

• The autoCapitalize and autoCorrect props are now set as attributes in the DOM instead of properties to improve cross-browser compatibility
• Fixed bug with controlled <select> elements not handling updates properly

React Perf Add-on

• Some DOM operation names have been updated for clarity in the output of .printDOM()

v0.14.3

React DOM

• Added support for nonce attribute for <script> and <style> elements
• Added support for reversed attribute for <ol> elements

React TestUtils Add-on

• Fixed bug with shallow rendering and function refs

React CSSTransitionGroup Add-on

• Fixed bug resulting in timeouts firing incorrectly when mounting and unmounting rapidly

React on Bower

• Added react-dom-server.js to expose renderToString and renderToStaticMarkup for usage in the browser

Changelog

Sourced from react-refresh's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

... (truncated)

Commits

• See full diff in compare view

Updates @inquirer/prompts from 7.9.0 to 8.3.0

Release notes

Sourced from @​inquirer/prompts's releases.

@​inquirer/prompts@​8.3.0

• Fix: Keypresses happening before a prompt is rendered are now ignored.
• Fix (checkbox): Element who're both checked and disabled are now always included in the returned array.
• Feat (select/checkbox): Cursor will now hover disabled options of the list; but they still cannot be interacted with. This prevents the cursor jumping ahead in ways that can be confusing.
• Feat: various new theme options to make all prompts content localizable.

Finally, see our new @inquirer/i18n package!

@​inquirer/prompts@​8.2.1

• chore: Switch wrap-ansi with fast-wrap-ansi

@​inquirer/prompts@​8.2.0

• feat(search): Add support for default.
• feat(rawlist): Add support for description of choices. That information is displayed under the list when the choice is highlighted.
• Bump dependencies

@​inquirer/prompts@​8.1.0

• Feat: rawlist now supports default option.
• Fix: select now infer return type properly when passing a choices array of string literals.

@​inquirer/prompts@​8.0.2

• Fix Typescript not discovering types when moduleResolution is set to commonjs (you probably want to fix that in your project if it's still in your tsconfig)

@​inquirer/prompts@​8.0.0

Release Notes

🚨 Breaking Changes

This is a major release that modernizes the codebase for Node.js ≥ 20.

ESM Only - No More CommonJS Support

Impact: All packages are now ESM-only. CommonJS imports are no longer supported.

If you're on modern Node versions (≥ 20), this should be transparent and have no impact.

Node.js Version Requirement

Minimum Node.js version is now 20.x

Node.js versions below 20 are no longer supported. Please upgrade to Node.js 20 or later.

Node min versions: >=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0

Deprecated APIs Removed

The following deprecated APIs have been removed after being deprecated in previous releases:

list prompt alias removed (affects inquirer package only)

... (truncated)

Commits

• 526eca2 chore: Publish new release
• 60d02c4 docs(@​inquirer/prompts): highlight auto-detected locale in i18n section (#2011)
• f773d21 feat(@​inquirer/prompts-i18n) New i18n package with first set of localization ...
• dd52bbe feat: allow cursor to land on disabled choices (#2008)
• 64622ed feat(@​inquirer/testing): add nextRender() to unit test render API (#2010)
• 32ed010 refactor(@​inquirer/select,@​inquirer/checkbox): clean up disabled choice rende...
• b23a483 fix(@​inquirer/checkbox): include disabled+checked items in the answer
• fd40b43 fix(@​inquirer/core): discard keystrokes buffered before prompt creation
• fd001c1 chore: Publish new release
• 260d7eb fix(@​inquirer/testing): handle SWC-style namespace objects and missing option...
• Additional commits viewable in compare view

Updates commander from 12.1.0 to 14.0.3

Release notes

Sourced from commander's releases.

v14.0.3

Added

• Release Policy document (#2462)

Changes

• old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
• clarify typing for deprecated callback parameter to .outputHelp() (#2427)
• simple readability improvements to README (#2465)

v14.0.2

Changed

• improve negative number auto-detection test (#2428)
• update (dev) dependencies

v14.0.1

Fixed

• broken markdown link in README (#2369)

Changed

• improve code readability by using optional chaining (#2394)
• use more idiomatic code with object spread instead of Object.assign() (#2395)
• improve code readability using string.endsWith() instead of string.slice() (#2396)
• refactor .parseOptions() to process args array in-place (#2409)
• change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
• update (dev) dependencies

v14.0.0

Added

• support for groups of options and commands in the help using low-level .helpGroup() on Option and Command, and higher -level .optionsGroup() and .commandsGroup() which can be used in chaining way to specify group title for following option s/commands (#2328)
• support for unescaped negative numbers as option-arguments and command-arguments (#2339)
• TypeScript: add parseArg property to Argument class (#2359)

Fixed

• remove bogus leading space in help when option has default value but not a description (#2348)
• .configureOutput() now makes copy of settings instead of modifying in-place, fixing side-effects (#2350)

Changed

• Breaking: Commander 14 requires Node.js v20 or higher
• internal refactor of Help class adding .formatItemList() and .groupItems() methods (#2328)

... (truncated)

Changelog

Sourced from commander's changelog.

[14.0.3] (2026-01-31)

Added

• Release Policy document (#2462)

Changes

• old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
• clarify typing for deprecated callback parameter to .outputHelp() (#2427)
• simple readability improvements to README (#2465)

[14.0.2] (2025-10-25)

Changed

• improve negative number auto-detection test (#2428)
• update (dev) dependencies

[14.0.1] (2025-09-12)

Fixed

• broken markdown link in README (#2369)

Changed

• improve code readability by using optional chaining (#2394)
• use more idiomatic code with object spread instead of Object.assign() (#2395)
• improve code readability using string.endsWith() instead of string.slice() (#2396)
• refactor .parseOptions() to process args array in-place (#2409)
• change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
• update (dev) dependencies

[14.0.0] (2025-05-18)

Added

• support for groups of options and commands in the help using low-level .helpGroup() on Option and Command, and higher-level .optionsGroup() and .commandsGroup() which can be used in chaining way to specify group title for following options/commands (#2328)
• support for unescaped negative numbers as option-arguments and command-arguments (#2339)
• TypeScript: add parseArg property to Argument class (#2359)

Fixed

• remove bogus leading space in help when option has default value but not a description (#2348)
• .configureOutput() now makes copy of settings instead of modifying in-place, fixing side-effects (#2350)

Changed

• Breaking: Commander 14 requires Node.js v20 or higher

... (truncated)

Commits

• 8247364 14.0.3
• e281fe3 Update docs for 14.0.3 (#2474)
• 7357dda Separate out a more detailed release policy document (#2462)
• b6e2e3a Bump eslint from 9.39.1 to 9.39.2 (#2470)
• d6f63a7 Bump ts-jest from 29.4.5 to 29.4.6 (#2467)
• 2a9768a Bump prettier from 3.6.2 to 3.7.4 (#2466)
• 9211918 docs(README): Tweak formatting, punctuation for clarity (#2465)
• 4208a96 Bump typescript-eslint from 8.46.2 to 8.48.0 (#2458)
• 03308ce Bump eslint-plugin-jest from 29.0.1 to 29.2.1 (#2457)
• 4d2db1f Bump globals from 16.4.0 to 16.5.0 (#2456)
• Additional commits viewable in compare view

Updates chokidar from 4.0.3 to 5.0.0

Release notes

Sourced from chokidar's releases.

5.0.0

• Make the package ESM-only. Reduces on-disk package size from ~150kb to ~80kb
• Increase minimum node.js version to v20.19. The versions starting from it support loading esm files from cjs
• fix: Make types more precise paulmillr/chokidar#1424
• perf: re-use double slash regex paulmillr/chokidar#1435
• Update readdirp to ESM-only v5
• Lots of minor improvements in tests
• Increase security of NPM releases. Switch to token-less Trusted Publishing, with help of jsbt
• Switch compilation mode to isolatedDeclaration-based typescript for simplified auto-generated docs

New Contributors

• @​mhkeller made their first contribution in paulmillr/chokidar#1426
• @​btea made their first contribution in paulmillr/chokidar#1432

Full Changelog: paulmillr/chokidar@4.0.3...5.0.0

Commits

• c0c8d20 Release 5.0.0.
• b211cec Remove src from npm
• 8742246 Upgrade dev deps, jsbt, ci files. Upgrade readdirp to v5.
• de5a34c Merge pull request #1442 from paulmillr/flaky-buns
• c08a6c4 fix: throttle based on dir + target
• 0c55ab3 test: wait for explicit calls in directory test
• ce81be5 perf: re-use double slash regex (#1435)
• 7d9c1ed Merge pull request #1433 from paulmillr/super-matrices
• 3915541 Merge pull request #1430 from paulmillr/esm-only
• 9308bed chore: use Nodejs 24 in CI (#1432)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chokidar since your current version.

Updates esbuild from 0.25.12 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates ws from 8.18.3 to 8.19.0

Release notes

Sourced from ws's releases.

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

Commits

• 61349ec [dist] 8.19.0
• 3f9ffc6 [feature] Introduce the closeTimeout option (#2308)
• 1998485 [fix] Ensure all remaining data is read as a single chunk
• 726c373 [doc] Sort options alphabetically
• b151f1e [ci] Update actions/checkout action to v6
• dabdd5b [ci] Update actions/setup-node action to v6
• 86eac5b [ci] Test on node 25
• 1891e14 [ci] Update actions/setup-node action to v5
• aa28c77 [ci] Update actions/checkout action to v5
• See full diff in compare view

Updates @clack/prompts from 0.9.1 to 1.1.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.1.0

Minor Changes

• e3333fb: Replaces picocolors with Node.js built-in styleText.

Patch Changes

• c3666e2: destruct limitOption param for better code readability, tweak types definitions
• ba3df8e: Fixes withGuide support in intro, outro, and cancel messages.
• Updated dependencies [e3333fb]
  • @​clack/core@​1.1.0

@​clack/prompts@​1.0.1

Patch Changes

• 6404dc1: Disallows selection of disabled options in autocomplete.
• 86e36d8: Adds withGuide support to select prompt.
• c697439: Fixes line wrapping behavior in autocomplete.
• 0ded19c: Simplifies withGuide option checks.
• 0e4ddc9: Fixes withGuide support in password and path prompts.
• 76550d6: Adds withGuide support to selectKey prompt.
• f9b9953: Adds withGuide support to password prompt.
• 0e93ccb: Adds vertical arrangement option to confirm prompt.
• 4e9ae13: Adds withGuide support to confirm prompt.
• 0256238: Adds withGuide support to spinner prompt.
• Updated dependencies [6404dc1]
• Updated dependencies [2533180]
  • @​clack/core@​1.0.1

@​clack/prompts@​1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 415410b: This adds a custom filter function to autocompleteMultiselect. It could be used, for example, to support fuzzy searching logic.

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 8409f2c: feat: add styleFrame option for spinner

• 2837845: Adds suggestion and path prompts

• 99c3530: Adds format option to the note prompt to allow formatting of individual lines

• 0aaee4c: Added new taskLog prompt for log output which is cleared on success

... (truncated)

Changelog

Sourced from @​clack/prompts's changelog.

1.1.0

Minor Changes

• e3333fb: Replaces picocolors with Node.js built-in styleText.

Patch Changes

• c3666e2: destruct limitOption param for better code readability, tweak types definitions
• ba3df8e: Fixes withGuide support in intro, outro, and cancel messages.
• Updated dependencies [e3333fb]
  • @​clack/core@​1.1.0

1.0.1

Patch Changes

• 6404dc1: Disallows selection of disabled options in autocomplete.
• 86e36d8: Adds withGuide support to select prompt.
• c697439: Fixes line wrapping behavior in autocomplete.
• 0ded19c: Simplifies withGuide option checks.
• 0e4ddc9: Fixes withGuide support in password and path prompts.
• 76550d6: Adds withGuide support to selectKey prompt.
• f9b9953: Adds withGuide support to password prompt.
• 0e93ccb: Adds vertical arrangement option to confirm prompt.
• 4e9ae13: Adds withGuide support to confirm prompt.
• 0256238: Adds withGuide support to spinner prompt.
• Updated dependencies [6404dc1]
• Updated dependencies [2533180]
  • @​clack/core@​1.0.1

1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 415410b: This adds a custom filter function to autocompleteMultiselect. It could be used, for example, to support fuzzy searching logic.

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 8409f2c: feat: add styleFrame option for spinner

• 2837845: Adds suggestion and path prompts

• 99c3530: Adds format option to the note prompt to allow formatting of individual lines

• 0aaee4c: Added new taskLog prompt for log output which is cleared on success

• 729bbb6: Add support for customizable spinner cancel and error messages. Users can now customize these messages either per spinner instance or globally via the updateSettings function to support multilingual CLIs.

  This update also improves the architecture by exposing the core settings to the prompts package, enabling more consistent default message handling across the codebase.

... (truncated)

Commits

• 56edf97 [ci] release (#472)
• ba3df8e fix(prompts): honor withGuide for intro/outro/cancel messages (#474)
• e3333fb refactor(core, prompts): replace picocolors with styleText (#403)
• 594c58a [ci] format
• c3666e2 chore(prompts): destruct limitOption param for better code readability (#457)
• 667572b [ci] release (#456)
• 6404dc1 fix: support disabled options in autocomplete (#466)
• ba10721 [ci] format
• 0e4ddc9 fix: respect withGuide option in password and path prompts (#460)
• 0ded19c chore(prompts): simplify guide option checks (#459)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​clack/prompts since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions