Skip to content

chore(deps): bump the cli-dependencies group across 1 directory with 3 updates#220

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/cli/cli-dependencies-aa6882a36d
Open

chore(deps): bump the cli-dependencies group across 1 directory with 3 updates#220
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/cli/cli-dependencies-aa6882a36d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the cli-dependencies group with 3 updates in the /cli directory: commander, dotenv and conf.

Updates commander from 12.1.0 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

  • show excess command-arguments in error message (#2384)

Fixed

  • Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
  • update example to use compatible character for MINGW64 (#2475)

Changed

  • Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
  • Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
  • dev: switch tests from Jest to node:test test runner (#2463)

Deleted

  • Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

[14.0.3] (2026-01-31)

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)

... (truncated)

Commits

Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

... (truncated)

Commits

Updates conf from 12.0.0 to 15.1.0

Release notes

Sourced from conf's releases.

v15.1.0

  • Add encryptionAlgorithm option ee03ae8

sindresorhus/conf@v15.0.2...v15.1.0

v15.0.2

  • Fix build 6287608

sindresorhus/conf@v15.0.1...v15.0.2

v15.0.1

  • Fix handling of legacy decryption (#204) ce28bd6

sindresorhus/conf@v15.0.0...v15.0.1

v15.0.0

There are no known breaking changes, but it's a major release since it contains a large refactor, and that introduces risk.

  • Add .appendToArray() method a1dbf86
  • Fix constructor validation preventing migrations from fixing invalid schema data a1b43e6
  • Fix clear() method to emit single change event 9b83a9d
  • Fix store setter to preserve internal migration data ceefe13

sindresorhus/conf@v14.0.0...v15.0.0

v14.0.0

Breaking

  • Require Node.js 20 b8cc931

Improvements

  • Add TypeScript type definitions for dot notation property access (#200) 83cb242

sindresorhus/conf@v13.1.0...v14.0.0

v13.1.0

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

@dependabot @github

dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: cli, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title chore(deps): bump the cli-dependencies group in /cli with 3 updates chore(deps): bump the cli-dependencies group across 1 directory with 3 updates Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cli/cli-dependencies-aa6882a36d branch from 87ff9bf to f9471a9 Compare June 22, 2026 09:24
@dependabot
chore(deps): bump the cli-dependencies group across 1 directory with …
c4325c7 
…3 updates

Bumps the cli-dependencies group with 3 updates in the /cli directory: [commander](https://github.com/tj/commander.js), [dotenv](https://github.com/motdotla/dotenv) and [conf](https://github.com/sindresorhus/conf).


Updates `commander` from 12.1.0 to 15.0.0
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v12.1.0...v15.0.0)

Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.4.2)

Updates `conf` from 12.0.0 to 15.1.0
- [Release notes](https://github.com/sindresorhus/conf/releases)
- [Commits](sindresorhus/conf@v12.0.0...v15.1.0)

---
updated-dependencies:
- dependency-name: commander
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cli-dependencies
- dependency-name: conf
  dependency-version: 15.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cli-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cli-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cli/cli-dependencies-aa6882a36d branch from f9471a9 to c4325c7 Compare June 29, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants