Skip to content

chore(deps-dev): bump the dev-dependencies-minor group across 1 directory with 5 updates#591

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-minor-98c59c4b5c
Open

chore(deps-dev): bump the dev-dependencies-minor group across 1 directory with 5 updates#591
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-minor-98c59c4b5c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps the dev-dependencies-minor group with 5 updates in the / directory:

Package From To
@typescript-eslint/parser 8.55.0 8.58.0
dotenv 17.2.4 17.3.1
handlebars 4.7.8 4.7.9
openai 6.21.0 6.33.0
pnpm 10.29.3 10.33.0

Updates @typescript-eslint/parser from 8.55.0 to 8.58.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
  • eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
  • typescript-estree: skip createIsolatedProgram fallback for projectService (#12066, #12065)

❤️ Thank You

See GitHub Releases for more information.

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

... (truncated)

Commits

Updates dotenv from 17.2.4 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.
Commits

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view

Updates openai from 6.21.0 to 6.33.0

Release notes

Sourced from openai's releases.

v6.33.0

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

  • api: add keys field to computer action types (27a850e)
  • client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

  • api: align SDK response types with expanded item schemas (491cd52)
  • types: make type required in ResponseInputMessageItem (2012293)

Chores

  • ci: skip lint on metadata-only changes (74a917f)
  • internal: refactor imports (cfe9c60)
  • internal: update gitignore (71bd114)
  • tests: bump steady to v0.19.4 (f2e9dea)
  • tests: bump steady to v0.19.5 (37c6cf4)
  • tests: bump steady to v0.19.6 (496b3af)
  • tests: bump steady to v0.19.7 (8491eb6)

Refactors

  • tests: switch from prism to steady (47c0581)

v6.32.0

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

  • api: 5.4 nano and mini model slugs (068df6d)

v6.31.0

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

  • api: add in/nin filter types to ComparisonFilter (b2eda27)

... (truncated)

Changelog

Sourced from openai's changelog.

6.33.0 (2026-03-25)

Full Changelog: v6.32.0...v6.33.0

Features

  • api: add keys field to computer action types (27a850e)
  • client: add async iterator and stream() to WebSocket classes (e1c16ee)

Bug Fixes

  • api: align SDK response types with expanded item schemas (491cd52)
  • types: make type required in ResponseInputMessageItem (2012293)

Chores

  • ci: skip lint on metadata-only changes (74a917f)
  • internal: refactor imports (cfe9c60)
  • internal: update gitignore (71bd114)
  • tests: bump steady to v0.19.4 (f2e9dea)
  • tests: bump steady to v0.19.5 (37c6cf4)
  • tests: bump steady to v0.19.6 (496b3af)
  • tests: bump steady to v0.19.7 (8491eb6)

Refactors

  • tests: switch from prism to steady (47c0581)

6.32.0 (2026-03-17)

Full Changelog: v6.31.0...v6.32.0

Features

  • api: 5.4 nano and mini model slugs (068df6d)

6.31.0 (2026-03-16)

Full Changelog: v6.30.1...v6.31.0

Features

  • api: add in/nin filter types to ComparisonFilter (b2eda27)

6.30.1 (2026-03-16)

Full Changelog: v6.30.0...v6.30.1

... (truncated)

Commits
  • e412414 release: 6.33.0
  • 8ad76b2 fix(api): align SDK response types with expanded item schemas
  • c160eb9 feat(api): add keys field to computer action types
  • 499d71e chore(tests): bump steady to v0.19.7
  • 6170c06 chore(ci): skip lint on metadata-only changes
  • f895852 chore(tests): bump steady to v0.19.6
  • 33baf00 fix(types): make type required in ResponseInputMessageItem
  • 33f69d0 chore(internal): update gitignore
  • 4ddd31b chore(tests): bump steady to v0.19.5
  • 78d2abf feat(client): add async iterator and stream() to WebSocket classes
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openai since your current version.


Updates pnpm from 10.29.3 to 10.33.0

Release notes

Sourced from pnpm's releases.

pnpm 10.33

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.33.0

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

10.32.1

Patch Changes

  • Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

10.32.0

Minor Changes

  • Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #10136.

Patch Changes

  • Reverted change related to setting explicitly the npm config file path, which caused regressions.
  • Reverted fix related to lockfile-include-tarball-url. Fixes #10915.

10.31.0

Minor Changes

  • When pnpm updates the pnpm-workspace.yaml, comments, string formatting, and whitespace will be preserved.

Patch Changes

  • Added -F as a short alias for the --filter option in the help output.
  • Handle undefined pkgSnapshot in pnpm why -r #10700.
  • Fix headless install not being used when a project has an injected self-referencing file: dependency that resolves to link: in the lockfile.

... (truncated)

Commits
  • be07631 chore(release): 10.33.0
  • cb17c44 fix(dlx): fix race conditions in parallel dlx calls sharing
  • eaae772 chore(release): 10.32.1
  • cda9b1d fix: update dependencies
  • 5163697 fix: restore default workspace package patterns when packages field is missin...
  • 49d249b chore(release): 10.32.0
  • f733456 revert: "fix: explicitly tell npm the config file path (#10154)"
  • 229c244 chore(release): 10.31.0
  • 80be7f5 chore: update sponsors list to match main branch
  • 733447a fix(test): use npm_config_ prefix for env var override test
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-minor-98c59c4b5c branch from ddaf870 to f45b994 Compare April 6, 2026 21:51
@dependabot
chore(deps-dev): bump the dev-dependencies-minor group across 1 direc…
3751b99 
…tory with 5 updates

Bumps the dev-dependencies-minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.55.0` | `8.58.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.4` | `17.3.1` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |
| [openai](https://github.com/openai/openai-node) | `6.21.0` | `6.33.0` |
| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `10.29.3` | `10.33.0` |



Updates `@typescript-eslint/parser` from 8.55.0 to 8.58.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.0/packages/parser)

Updates `dotenv` from 17.2.4 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.4...v17.3.1)

Updates `handlebars` from 4.7.8 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9)

Updates `openai` from 6.21.0 to 6.33.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v6.21.0...v6.33.0)

Updates `pnpm` from 10.29.3 to 10.33.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.33.0/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.33.0/pnpm)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies-minor
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies-minor
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies-minor
- dependency-name: openai
  dependency-version: 6.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies-minor
- dependency-name: pnpm
  dependency-version: 10.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-minor-98c59c4b5c branch from f45b994 to 3751b99 Compare April 13, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants