Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 9 updates#184

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-f00e28f249
Open

chore(deps): bump the production-dependencies group across 1 directory with 9 updates#184
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-f00e28f249

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026

Bumps the production-dependencies group with 9 updates in the / directory:

Package From To
playwright 1.58.0 1.58.2
@typescript-eslint/types 8.54.0 8.57.0
@typescript-eslint/typescript-estree 8.54.0 8.57.0
@modelcontextprotocol/sdk 1.25.3 1.27.1
commander 14.0.2 14.0.3
@inquirer/prompts 8.2.0 8.3.0
figlet 1.10.0 1.11.0
@modelcontextprotocol/ext-apps 1.0.1 1.2.0
esbuild 0.27.2 0.27.3

Updates playwright from 1.58.0 to 1.58.2

Release notes

Sourced from playwright's releases.

v1.58.2

Highlights

#39121 fix(trace viewer): make paths via stdin work #39129 fix: do not force swiftshader on chromium mac

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0
Commits

Updates @typescript-eslint/types from 8.54.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/types's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

  • eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

  • eslint-plugin: [strict-void-return] false positives with overloads (#12055)
  • eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
  • eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
  • eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
  • eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
  • typescript-estree: switch back to use ts.getModifiers() (#12034)
  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/types's changelog.

8.57.0 (2026-03-09)

🩹 Fixes

  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for types to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/typescript-estree from 8.54.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/typescript-estree's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

  • eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

  • eslint-plugin: [strict-void-return] false positives with overloads (#12055)
  • eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
  • eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
  • eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
  • eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
  • typescript-estree: switch back to use ts.getModifiers() (#12034)
  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/typescript-estree's changelog.

8.57.0 (2026-03-09)

🩹 Fixes

  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)
  • typescript-estree: switch back to use ts.getModifiers() (#12034)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for typescript-estree to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

This was a version bump only for typescript-estree to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

🩹 Fixes

  • typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits
  • 2c6aeee chore(release): publish 8.57.0
  • f696dad chore: use pnpm catalog (#12047)
  • 53f473b fix(typescript-estree): if the template literal is tagged and the text has an...
  • a8cff44 fix(typescript-estree): switch back to use ts.getModifiers() (#12034)
  • a09921e chore: update vitest to 4.x (#12071)
  • 96a04a9 chore(release): publish 8.56.1
  • f2dbd4b chore(deps): update dependency minimatch to v10.2.2 (#12074)
  • 8b8b68f chore(release): publish 8.56.0
  • fedfe86 chore(release): publish 8.55.0
  • af12785 fix(typescript-estree): forbid invalid modifier in object expression (#11931)
  • Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.25.3 to 1.27.1

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

Commits
  • 4faa8c8 chore: bump version to 1.27.1 (#1581)
  • 09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
  • e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
  • 342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
  • 2084a22 docs: add governance documentation for SEP-1730 (#1547)
  • f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
  • 8cbc658 chore: bump version for v1.27.0 (#1541)
  • 5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
  • 97ab379 feat: add url property to RequestInfo interface (#1353)
  • 825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
  • Additional commits viewable in compare view

Updates commander from 14.0.2 to 14.0.3

Release notes

Sourced from commander's releases.

v14.0.3

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)
  • simple readability improvements to README (#2465)
Changelog

Sourced from commander's changelog.

[14.0.3] (2026-01-31)

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)
  • simple readability improvements to README (#2465)
Commits

Updates @inquirer/prompts from 8.2.0 to 8.3.0

Release notes

Sourced from @​inquirer/prompts's releases.

@​inquirer/prompts@​8.3.0

  • Fix: Keypresses happening before a prompt is rendered are now ignored.
  • Fix (checkbox): Element who're both checked and disabled are now always included in the returned array.
  • Feat (select/checkbox): Cursor will now hover disabled options of the list; but they still cannot be interacted with. This prevents the cursor jumping ahead in ways that can be confusing.
  • Feat: various new theme options to make all prompts content localizable.

Finally, see our new @inquirer/i18n package!

@​inquirer/prompts@​8.2.1

  • chore: Switch wrap-ansi with fast-wrap-ansi
Commits
  • 526eca2 chore: Publish new release
  • 60d02c4 docs(@​inquirer/prompts): highlight auto-detected locale in i18n section (#2011)
  • f773d21 feat(@​inquirer/prompts-i18n) New i18n package with first set of localization ...
  • dd52bbe feat: allow cursor to land on disabled choices (#2008)
  • 64622ed feat(@​inquirer/testing): add nextRender() to unit test render API (#2010)
  • 32ed010 refactor(@​inquirer/select,@​inquirer/checkbox): clean up disabled choice rende...
  • b23a483 fix(@​inquirer/checkbox): include disabled+checked items in the answer
  • fd40b43 fix(@​inquirer/core): discard keystrokes buffered before prompt creation
  • fd001c1 chore: Publish new release
  • 260d7eb fix(@​inquirer/testing): handle SWC-style namespace objects and missing option...
  • Additional commits viewable in compare view

Updates figlet from 1.10.0 to 1.11.0

Release notes

Sourced from figlet's releases.

v1.11.0

Added Future Thin and Future Smooth fonts.

Commits
  • 58f240c Update README.md typo
  • 3c703d4 1.11.0
  • 72e5759 remove blank line
  • c3af4a3 adjustments
  • c75c510 Updated README
  • bd5cefd Merge pull request #151 from patorjk/dependabot/npm_and_yarn/rollup-4.59.0
  • 640fd85 Merge pull request #148 from patorjk/dependabot/npm_and_yarn/lodash-4.17.23
  • 5edfa4e Bump rollup from 4.46.2 to 4.59.0
  • e055a07 Merge pull request #150 from twocaretcat/feat/add-future-thin-font
  • 3959e79 Merge branch 'main' into feat/add-future-thin-font
  • Additional commits viewable in compare view

Updates @modelcontextprotocol/ext-apps from 1.0.1 to 1.2.0

Release notes

Sourced from @​modelcontextprotocol/ext-apps's releases.

1.2.0

Changes since 1.1.2:

Features

  • feat: add readServerResource() and listServerResources() API to App (#470, #528)

Fixes

  • fix: replace platform-specific optionalDependencies with bun devDependency (#518)
  • fix: autoResize reporting viewport height when content is taller (#525)
  • fix: remove duplicate --color-text-ghost from McpUiStyleVariableKey (#523)
  • fix: examples servers' npm run start:stdio (#507)
  • fix: work around tsx watch hang on Windows in quickstart (#428)

Refactors

  • refactor: remove unnecessary type assertions (#471)
  • refactor: replace deprecated RESOURCE_URI_META_KEY with modern format (#457)

Examples & Plugin

  • pdf-server: ignore client roots by default (#510)
  • plugin: refactor create-mcp-app skill to reference patterns.md (#416)

Docs

  • docs: add Security documentation section and SEO improvements (#524)
  • docs: add MCP client configuration examples to CONTRIBUTING.md (#508, #526)
  • docs: use apps.extensions.modelcontextprotocol.io domain for docs URLs (#499)
  • docs: add SECURITY.md with GitHub Security Advisories guidance (#472)

Full Changelog: modelcontextprotocol/ext-apps@v1.1.2...v1.2.0

1.1.2

What's Changed

Full Changelog: modelcontextprotocol/ext-apps@v1.1.1...v1.1.2

1.1.1

What's Changed

... (truncated)

Commits
  • 6b12fff chore: bump ext-apps to 1.2.0 (#527)
  • 9228662 fix CI (#456)
  • 7046d7b docs: ask contributors to allow maintainer edits on PRs (#529)
  • 5d6fff2 Update basic-host imports to use package exports (#400)
  • 38e1f7a refactor: remove unnecessary type assertions (#471)
  • 61951a5 Refactor create-mcp-app skill to reference patterns.md (#416)
  • c000ba6 Work around tsx watch hang on Windows in quickstart (#428)
  • 19fe73a Replace deprecated RESOURCE_URI_META_KEY usage with modern format (#457)
  • ef8fc6e fix: make listServerResources() params optional (#528)
  • 4f9a7eb feat: add readServerResource() and listServerResources() api to App (#470)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
0d45fb0 
…y with 9 updates

Bumps the production-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [playwright](https://github.com/microsoft/playwright) | `1.58.0` | `1.58.2` |
| [@typescript-eslint/types](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/types) | `8.54.0` | `8.57.0` |
| [@typescript-eslint/typescript-estree](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-estree) | `8.54.0` | `8.57.0` |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.3` | `1.27.1` |
| [commander](https://github.com/tj/commander.js) | `14.0.2` | `14.0.3` |
| [@inquirer/prompts](https://github.com/SBoudrias/Inquirer.js) | `8.2.0` | `8.3.0` |
| [figlet](https://github.com/patorjk/figlet.js) | `1.10.0` | `1.11.0` |
| [@modelcontextprotocol/ext-apps](https://github.com/modelcontextprotocol/ext-apps) | `1.0.1` | `1.2.0` |
| [esbuild](https://github.com/evanw/esbuild) | `0.27.2` | `0.27.3` |



Updates `playwright` from 1.58.0 to 1.58.2
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.58.0...v1.58.2)

Updates `@typescript-eslint/types` from 8.54.0 to 8.57.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/types/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.0/packages/types)

Updates `@typescript-eslint/typescript-estree` from 8.54.0 to 8.57.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-estree/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.0/packages/typescript-estree)

Updates `@modelcontextprotocol/sdk` from 1.25.3 to 1.27.1
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.25.3...v1.27.1)

Updates `commander` from 14.0.2 to 14.0.3
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v14.0.2...v14.0.3)

Updates `@inquirer/prompts` from 8.2.0 to 8.3.0
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.0...@inquirer/prompts@8.3.0)

Updates `figlet` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/patorjk/figlet.js/releases)
- [Commits](patorjk/figlet.js@v1.10.0...v1.11.0)

Updates `@modelcontextprotocol/ext-apps` from 1.0.1 to 1.2.0
- [Release notes](https://github.com/modelcontextprotocol/ext-apps/releases)
- [Changelog](https://github.com/modelcontextprotocol/ext-apps/blob/main/RELEASES.md)
- [Commits](modelcontextprotocol/ext-apps@v1.0.1...v1.2.0)

Updates `esbuild` from 0.27.2 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.2...v0.27.3)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.58.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@typescript-eslint/types"
  dependency-version: 8.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@typescript-eslint/typescript-estree"
  dependency-version: 8.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: commander
  dependency-version: 14.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@inquirer/prompts"
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: figlet
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@modelcontextprotocol/ext-apps"
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 10, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants