chore(deps): bump commander from 13.1.0 to 14.0.0#7
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
dependabot
Bot
added
dependencies
Bumps [commander](https://github.com/tj/commander.js) from 13.1.0 to 14.0.0. - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](tj/commander.js@v13.1.0...v14.0.0) --- updated-dependencies: - dependency-name: commander dependency-version: 14.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/commander-14.0.0
branch
from
68ebd57 to
ffc8d38
Compare
Contributor
Author
|
Looks like commander is up-to-date now, so this is no longer needed. |
5 tasks
This was referenced Apr 25, 2026
Merged
edobry
added a commit
that referenced
this pull request
May 6, 2026
R1-A BLOCKING #1 (command injection at session-commands.ts CAS site): The shell-interpolated mainRef in could let a crafted .minsky-freshness-sha file inject commands. Closed by adding strict regex validation in readFreshnessMarker: - mainRef must match /^[A-Za-z0-9._/-]+$/ (rejects quotes, backticks, semicolons, dollar-signs, parens, all shell metacharacters) - sha must match /^[0-9a-f]{40}$/ (lowercase 40-hex) A malicious marker now fails parsing -> CAS bypasses with no-marker instead of running the rev-parse with poisoned input. R1-B BLOCKING #5 (cleanup not on early-return paths): Marker was only cleaned after a successful CAS check, leaving stale state on clean-tree early returns, NothingToCommitError, and pre-CAS exceptions. Restructured sessionCommit to wrap the entire post-workdir body in try/finally with cleanupFreshnessMarker(workdir) in the finally. Cleanup now runs on every exit path: successful CAS+push, CAS abort, commit failure, push failure, and both early-return cases. Removed the redundant inline cleanup from the CAS block. R1-B BLOCKING #6 (marker write on budget-skipped path): The hook's gate () was too loose. The overBudget(GIT_TIMEOUT_MS * 2) path returns mainRef but skips the listCommitsAhead probe, so the marker would be written despite the freshness comparison never running. Fix: added to BranchFreshnessResult, set true only on the two paths that pass through listCommitsAhead (count===0 silent + count>0 blocked). Marker write now requires . R1-A NON-BLOCKING #2 (duplication): replaced the hook's inline writeFile + FRESHNESS_MARKER_FILENAME literal with an import of writeFreshnessMarker from src/domain/session/freshness-marker.ts. Single source of truth for marker payload shape and filename; the hook now uses the same helper as the read+CAS side. Verified bun resolves the cross-directory import without dependency-surface bloat (the helper imports only node:fs + node:path + the local errors module). R1-A NON-BLOCKING #3 (validation hardening): subsumed by R1-A BLOCKING #1 fix above (SHA + ref shape validation in readFreshnessMarker). R1-A NON-BLOCKING #4 (CAS error code): introduced FreshnessCasError class with and structured fields (capturedSha, currentSha, mainRef). session-commands now throws FreshnessCasError on CAS abort instead of generic MinskyError. Allows UX/policy/telemetry layers to distinguish a CAS-prevented push from other commit failures programmatically. R1-B NON-BLOCKING #7 (.git/ existence): documented the assumption in markerPath + writeFreshnessMarker JSDoc — workdir must be a regular git checkout (always true for session workspaces). Bare repos / worktrees / unusual layouts are out of scope. R1-B NON-BLOCKING #8 (sessionCommit integration test): declined for this round. The unit-test coverage on freshness-marker.ts (decision matrix + 3 spec acceptance scenarios) plus the now-finally-guaranteed cleanup behavior covers the substantive paths. Adding a full sessionCommit integration test would require spinning up a temp git repo + fake hook + push target — out of proportion to the marginal value vs the existing coverage. Can be filed as a follow-up if the reviewer wants explicit end-to-end coverage of the new CAS branch. Tests: 4 new freshness-marker tests covering the validation regex (shell metachars rejected, rejected, short SHA rejected, nested-feature ref accepted). 90 tests pass total (16 prior + 4 new + 70 hook tests). validate-all clean.
6 tasks
edobry
added a commit
that referenced
this pull request
May 8, 2026
…y-flows
## Summary
mt#1635 (DONE) made the `/mcp` dialog badges go green by returning JSON 404s on the OAuth discovery endpoints instead of Express's HTML 404. But a residual `SDK auth failed: ...` line persisted because Claude Code's MCP SDK frames any non-2xx OAuth probe as failure, even when static-bearer auth is already working.
This task refines the stub: return `200` with RFC 8414 (Authorization Server Metadata) / RFC 9728 (Protected Resource Metadata) minimal documents that **advertise the server's existence as an OAuth authority but declare zero usable flows** (`response_types_supported: []`, no `authorization_endpoint`, no `token_endpoint`, no `registration_endpoint`). Spec-conformant SDKs treat this as "OAuth advertised but no flow usable → fall through to static-bearer," which should suppress the dialog cosmetic.
The metadata is a strict-subset of what mt#1634 (umbrella full-OAuth implementation) will produce. **Not throw-away work** — mt#1634 extends this foundation with real flow advertisements (`authorization_endpoint`, `token_endpoint`, `registration_endpoint`, `grant_types_supported`, etc.). `/register` stays at 400 since DCR is genuinely unsupported in the stub tier; mt#1634 will replace it.
## Key changes
- **`src/commands/mcp/start-command.ts`**:
- New exported builder functions `buildAuthorizationServerMetadata(issuer)` and `buildProtectedResourceMetadata(resource)` returning `Object.freeze`'d minimal-metadata documents.
- Removed `OAUTH_DISCOVERY_NOT_SUPPORTED_BODY` (the 404+error-body constant from mt#1635).
- `OAUTH_REGISTER_NOT_SUPPORTED_BODY` unchanged.
- Added `app.set("trust proxy", true)` so Railway's `X-Forwarded-Proto` / `X-Forwarded-Host` populate `req.protocol` and `req.get("host")` correctly. Without this, `req.protocol` returns `"http"` (Railway terminates TLS at the edge), producing a wrong `issuer` URL the SDK would reject.
- The two `.well-known` handlers now compute issuer/resource URL per-request from request headers, call the builders, and respond `200` (not `404`).
- **`src/commands/mcp/start-command.test.ts`**:
- 14 new tests covering both builders + the unchanged `OAUTH_REGISTER_NOT_SUPPORTED_BODY`.
- Strict-subset assertions: builders explicitly do NOT include `authorization_endpoint`, `token_endpoint`, `registration_endpoint`, `grant_types_supported`, `scopes_supported` (the whole point of mt#1655).
- Frozen-state and JSON round-trip pinning.
- 26/26 tests pass.
## Why a 200 with empty-flows works (when 404 didn't)
| Response | What the SDK sees | What the SDK does |
|---|---|---|
| **HTML 404** (pre-mt#1635) | Unparseable | `JSON parse error` shown literally; dialog badges red |
| **JSON 404 + `not_supported`** (mt#1635) | "OAuth probe failed" | Badges green (other paths working), but bottom line shows `SDK auth failed: <our error_description>` |
| **JSON 200 + RFC 8414 with empty flows** (mt#1655) | "OAuth metadata exists, no flows usable" | Spec-conformant: silently fall through to static-bearer; bottom line clears |
## Acceptance test coverage
| # | Spec criterion | How tested |
|---|---|---|
| 1 | `/.well-known/oauth-authorization-server` returns 200 with `issuer` + `response_types_supported: []` | unit (`start-command.test.ts`) — builder shape pinned |
| 2 | Strict subset: NO flow endpoints advertised | unit — explicit `toBeUndefined` assertions for each excluded field |
| 3 | `/.well-known/oauth-protected-resource` returns 200 with `resource` only | unit |
| 4 | Both bodies frozen + JSON-serializable | unit |
| 5 | `POST /register` continues to return 400 | unchanged from mt#1635; existing tests cover |
| 6 | `curl https://...up.railway.app/.well-known/oauth-authorization-server` returns 200 with the expected metadata | manual post-deploy |
| 7 | Claude Code `/mcp` dialog shows NO `SDK auth failed` line | **manual post-deploy — this is the load-bearing acceptance test** |
## Empirical-verification dependency
Criterion #7 is an SDK behavioral assertion — verifiable only by deploying and observing the dialog. If a 200-with-empty-flows still produces a misleading line, this task may need a second round to tweak the body shape (e.g., omit `response_types_supported` entirely, add a stub `service_documentation` field, etc.). The unit tests pin the JSON shape; the dialog observation is the load-bearing acceptance test.
## Out of scope
- Wiring real OAuth flows (mt#1634).
- Identity model, PKCE, token issuance (mt#1634).
- ADR-006 amendments (mt#1634).
- Replacing `/register`'s 400 response (DCR is genuinely unsupported until mt#1634).
## Concurrency analysis
(N/A — no check-then-act pattern introduced. The builders are pure functions; the handlers are stateless responders that compute URL from per-request headers and return constant-shape JSON.)
## Verification artifact
(N/A per implement-task §7a — pure-function builders with full unit-test coverage. The empirical SDK-behavior verification is operator-driven post-deploy: probe the live endpoints + observe the dialog.)
## Test plan
- [x] `bun test src/commands/mcp/start-command.test.ts` — 26/26 pass
- [x] `mcp__minsky__validate_typecheck` — 0 errors
- [x] `mcp__minsky__validate_lint` — 0 errors, 0 warnings
- [ ] Post-deploy: `curl https://minsky-mcp-production.up.railway.app/.well-known/oauth-authorization-server` returns 200 + RFC 8414 metadata
- [ ] Post-deploy: `curl https://minsky-mcp-production.up.railway.app/.well-known/oauth-protected-resource` returns 200 + RFC 9728 metadata
- [ ] Post-deploy: open Claude Code `/mcp`; `minsky-hosted` shows no `SDK auth failed` line
## Origin
Discovered 2026-05-08, post-deploy of mt#1635: the dialog status went from red-failed to green-authenticated, but a residual `SDK auth failed: Dynamic Client Registration is not implemented; ...` line persisted. The user is implementing full OAuth in mt#1634 soon, so option B (refine to RFC 8414 200-with-empty-flows, which converges with mt#1634's foundation) was chosen over option A (accept residual line).
Co-Authored-By: minsky-ai[bot] <minsky-ai[bot]@users.noreply.github.com>
This was referenced May 8, 2026
edobry
added a commit
that referenced
this pull request
May 11, 2026
…xt delivery ## Summary Closes the agent-context delivery gap (the third of three originally-named gaps in `feedback_event_resumption_toolkit_survey`) for `mcp__minsky__pr_watch_create`. Watches now route to the registering agent's conversation context via the wake-signal infrastructure from mt#1481/mt#1661, instead of firing only to the local desktop bell + macOS Notification Center via `OperatorNotify`. mt#1295 shipped the PR-watch reconciler; mt#1618 closed gaps 1 and 2 (real Octokit-backed GH client + reviewer-service scheduler). This task closes gap 3 — the load-bearing one, since without agent-context delivery the agent that registered the watch had no way to learn it had fired. ## Architectural decision mt#1661's spec explicitly named "Plumbing pr_watch OperatorNotify into WakeSignalSink" as out-of-scope follow-up. This PR is that follow-up. Three scheduler-topology options were enumerated in the planning-gate retrospective (see spec `## Findings` section 5): - (a) Agent-side scheduler in local MCP server lifecycle - (b) Reviewer-service scheduler routes per-watcher via `WakeSignalSink` keyed on `parentSessionId` captured at registration - (c) Webhook/push transport (long-term, mt#1001) Selected (b). Reuses the existing reviewer-service scheduler and the wake-signal infrastructure from mt#1481/mt#1661. Bounded scope: schema add `parent_session_id` column, capture at `pr_watch_create` time, route through `runWatcher` to a new `WakeSignalSink`-backed notifier alongside `OperatorNotify`. Inherits mt#1661 v0's coverage profile and `wake.enrichment.no_session_id` telemetry. mt#1506 (PLANNING) is the long-term retirement path for v0's addressing limitations. ## Key changes - **Migration 0034** (`src/domain/storage/migrations/pg/0034_pr_watches_parent_session_id.sql`) — adds nullable `parent_session_id` text column to `pr_watches` plus a partial index on non-null values. Idempotent (`ADD COLUMN IF NOT EXISTS`); applied to shared Supabase DB. - **Schema + repository** (`src/domain/storage/schemas/pr-watch-schema.ts`, `src/domain/pr-watch/repository.ts`, `src/domain/pr-watch/types.ts`) — `parentSessionId` plumbed through `PrWatchRecord` / `PrWatchInsert` / `PrWatch` / `CreatePrWatchInput` and the `toPrWatch` / `toInsert` mappings; `FakePrWatchRepository.create` mirrors. Schema's `idx_pr_watches_parent_session` declared as a partial index matching the migration's `WHERE parent_session_id IS NOT NULL` predicate (R1 fix). - **WakeSignalPayload generalization** (`src/domain/ask/wake-on-respond.ts`) — added optional `kind: "ask.review" | "pr.watch"` discriminator. The historically-`quality.review`-shaped fields (`askId`, `reviewBody`, `reviewState`, `reviewAuthor`) now have documented dual-use semantics for `pr.watch` events; `prNumber` was already shared. Backward-compatible: existing emitters/consumers with no `kind` field continue to work unchanged (treated as `ask.review` by default). - **Watcher firing** (`src/domain/pr-watch/watcher.ts`) — `runWatcher` and `processWatch` accept an optional `WakeSignalSink` parameter. When present and the watch has a `parentSessionId`, firing emits a `pr.watch`-kind wake signal alongside the existing `OperatorNotify` calls. When absent or `parentSessionId` is null, logs `pr_watch.no_session_id` and continues with the existing notification path only. - **Adapter wiring** (`src/adapters/shared/commands/pr-watch.ts`) — added `extractSessionId` helper and `buildCompositeWakeSink` factory mirroring the pattern from `src/adapters/shared/commands/asks.ts`. `pr_watch_create` captures `parentSessionId` from the MCP call's session-arg context; `pr_watch_run` constructs a `CompositeWakeSignalSink` composing `LoggingWakeSignalSink` + `PersistentWakeSignalSink(WakePendingRepository)` and passes it to `runWatcher`. - **Wake-enrichment allowlist** (`src/mcp/middleware/wake-enrichment.ts`) — uses dot-separated MCP tool IDs (`tasks.get`, `pr.watch.list`, `tasks.status.get`, `session.pr.get`, `session.pr.list`) matching the `command-mapper.normalizeMethodName` output (R1 fix; R0 used wrong underscore-style IDs). - **E2E test** (`src/domain/pr-watch/wake-integration.test.ts`) — 6 test cases covering: fired watch with `parentSessionId` writes `pr.watch` row to `wake_pending`; `enrichWakeResponse` delivers wake-events block when called with matching session; idempotent delivery; watch without `parentSessionId` skipped; cross-session isolation; `pr.watch.list` allowlist trigger. - **Documentation propagation** (gate (h) consumers per spec): - `.claude/skills/implement-task/SKILL.md` — "inert today" paragraph rewritten to reflect functional status with WakeSignalSink integration. - Memory `557006ff` (`feedback_event_resumption_toolkit_survey`) — three-gap status-list updated to mark all three closed; `pr_watch_create` re-recommended as a viable mechanism with its v0 coverage profile documented; budget retired with mt#1725's shipping. ## Testing 75 tests pass across `src/domain/pr-watch/` and `src/mcp/middleware/wake-enrichment.test.ts`. CI: `build` + `Prevent Placeholder Tests` both green on commit `27126a45e`. ### Execution evidence: ``` $ bun test --preload ./tests/setup.ts --timeout=15000 src/domain/pr-watch/wake-integration.test.ts bun test v1.2.21 (7c45ed97) src/domain/pr-watch/wake-integration.test.ts: 🔇 Global test setup: Logger and console mocked to prevent output during tests (pass) pr_watch wake-integration > fired watch with parentSessionId writes a pr.watch row to wake_pending [1.11ms] (pass) pr_watch wake-integration > enrichWakeResponse delivers the wake block when called with matching session [0.25ms] (pass) pr_watch wake-integration > second enrichWakeResponse call returns null (idempotent delivery) [0.01ms] (pass) pr_watch wake-integration > watch without parentSessionId does not write to wake_pending [0.07ms] (pass) pr_watch wake-integration > cross-session isolation: only the matching session receives the wake block [0.05ms] (pass) pr_watch wake-integration > pr.watch.list tool in allowlist triggers enrichWakeResponse delivery 6 pass 0 fail 32 expect() calls Ran 6 tests across 1 file. [123.00ms] ``` ## Live verification Deferred to post-merge. The smoke pattern requires real GitHub auth + the reviewer-service scheduler to be live (`PR_WATCH_ENABLED=true`). After merge: register a watch on a known-soon-to-receive-review PR with `event: "review-posted"`, do unrelated work, observe the wake-events block on the next MCP tool call. Existing `services/reviewer/scripts/smoke-pr-watch.ts` covers the pre-mt#1725 reconciler scope; a future smoke artifact specific to the WakeSignalSink path can be added if recurrence detection on this integration warrants it. ## Concurrency analysis The watcher's check-then-act pattern (predicate match → state mutation → notification) is unchanged in shape from mt#1295. The new `WakeSignalSink.emit` call sits inside the existing notification block (after state mutation, alongside `operatorNotify.bell()` + `notify(...)`) and inherits mt#1483's analysis of the firing-block races. The new code does not introduce additional decision-action gaps beyond what's documented; the wake-signal write is itself idempotent in the failure mode that matters (a duplicate `wake_pending` row drains the same way as a single one — `enrichWakeResponse` filters by `drained_at IS NULL`). ## Out of scope - Facets 1 (Minsky-side mechanism-choice), 2 (empirical-calibration), 3 (status-communication), 4 (Railway-side toolkit-survey) of the retrospective. Owners: mt#1593, two new follow-up tasks named in spec Findings #7, mt#1733/mt#1730. - mt#1506 InterfaceBinding model (long-term retirement path for v0 addressing limitations). - Reviewer-service scheduler topology beyond per-watcher routing (the existing `setInterval` stays as-is). Co-Authored-By: minsky-ai[bot] <minsky-ai[bot]@users.noreply.github.com>
edobry
added a commit
that referenced
this pull request
May 20, 2026
…sorb PR #682 (mt#1936) ## Summary Top-level README and four highest-visibility `docs/*` files refreshed to the Macx-prose register (terse, technically loaded, presupposing reader literacy) per the brand foundation locked in mt#1929. Brand vocabulary (principal, substrate, flock) used where it appropriately replaces generic equivalents, never force-injected. Anime-stylized references stay in the brand layer only — README uses plain-language "exocortex" framing per spec criterion #1. Part of mt#1929 (brand workstream umbrella) — child #7 / Phase 3. **Supersedes & closes PR #682 (mt#1050)** by absorbing its "Attention as the scarce resource" README subsection into this PR per gate-(g) absorb-and-close resolution decided 2026-05-20 (planning session captured in mt#1936 spec). ## Key changes ### `README.md` (top-level) - **New opening:** locked myth in plain language — *"An exocortex for software organizations led by a principal — the substrate that holds the cognition of one mind across a flock of agents, and translates declared intent into coordinated realized work."* Plus new intro paragraph naming the recursive-principality framing. - **Absorbed PR #682's `### Attention as the scarce resource`** subsection under "Why Minsky?" — content preserved verbatim with `operator` → `principal` to match locked vocabulary. - **New `## Brand & identity` section** pointing at: [Principal Substrate position paper](https://www.notion.so/365937f03cb481e78fd5e0594a6507c1) (mt#1931), [`docs/brand-system.md`](https://github.com/edobry/minsky/blob/main/docs/brand-system.md) (mt#1932), [`minsky-brand` skill](https://github.com/edobry/minsky/blob/main/.claude/skills/minsky-brand/SKILL.md) (mt#1933), [`marketing-site-design` skill](https://github.com/edobry/minsky/blob/main/.claude/skills/marketing-site-design/SKILL.md), [`pz-voice` skill](https://github.com/edobry/minsky/blob/main/.claude/skills/pz-voice/SKILL.md) (mt#1952). - **Cross-reference added:** §"Design philosophy" closes with a pointer to the [Levels of principality](https://www.notion.so/366937f03cb4812691c4db4cc44a0776) follow-on paper (mt#1953) for the recursive-principality argument. - Section-heading case normalized to sentence-case (matches brand voice rules: all-caps for structural labels only). - Tightened generic phrasing: "platform" → "substrate" where natural; SaaS-shaped doc prose replaced with direct technical prose. ### `docs/README.md` - Refreshed opening: names what this directory is *for* (code-adjacent operational reference) and what lives elsewhere. - Added pointers to the brand stack and CLAUDE.md §Documentation Taxonomy. ### `docs/architecture.md` - Refreshed opening: names the conceptual frame (five-organ cybernetic substrate) before the code-level walk-through. Added pointer to `theory-of-operation.md` as the theoretical companion. ### `docs/configuration-guide.md` - Refreshed Overview: replaced "centralized, validated approach" / "best practices" SaaS-shape with direct description of the precedence chain and the fail-loud-at-boot validation discipline. ### `docs/development-workflow.md` - Refreshed opening + Overview: names the routing principle (cheaper decisions to the substrate, surface only what requires human judgement) referencing the README §"Attention as the scarce resource" subsection. Notes the system-speaks register the hooks implement (denial messages name rule + override mechanism). Cost-scales-with-depth framing replaces generic "rigorous workflow" prose (per spec criterion #6). ## PR #682 closure plan When this PR converges and merges, PR #682 (mt#1050) will be closed without merge, with a comment pointing here. Its content (the "Attention as the scarce resource" subsection) is preserved in this PR; closing #682 removes the open redundant change. This is the absorb-and-close path the user approved during /plan-task gate (g). ## Testing All seven acceptance tests from the spec verified before PR: 1. ✓ `head -10 README.md` shows refreshed opening + locked-myth paragraph. 2. ✓ `grep -c "Brand & identity"` returns 1. 3. ✓ Each of the three pointers (position paper / brand-system / marketing-site-design) appears at least once in README. 4. ✓ `grep -ni "the future of|transforms your|supercharge your|from your first.*IPO"` returns 0 matches across all 5 refreshed files. 5. ✓ 4 `docs/*` files touched (`docs/README.md`, `docs/architecture.md`, `docs/configuration-guide.md`, `docs/development-workflow.md`) — meets the ≥4 spec floor. 6. ✓ Tone recognizably technical-restrained Macx-prose register (subjective; reviewer-bot welcome to verify). 7. ✓ PR #682 "Attention as the scarce resource" subsection absorbed verbatim into README (with `operator` → `principal` vocab match). Repo-wide `bun run format:check` passes. Docs-only change. No verification artifact required per `/implement-task` §7a. ## Out of scope (per spec) - `CLAUDE.md`, `AGENTS.md`, `.minsky/rules/**` — each has its own voice register (operational instructions for agents); shouldn't shift to brand-marketing voice. - `docs/testing-patterns.md` — does not exist; testing material lives in the `testing-guide` skill per CLAUDE.md `§Build & Test`. Stale reference in original spec removed during /plan-task. - Full `docs/` refresh — out of scope; targeted subset is the right move per spec. - Cockpit visual refresh (mt#1935) and site rebuild (mt#1934) — sibling tasks under mt#1929. Co-Authored-By: minsky-ai[bot] <minsky-ai[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps commander from 13.1.0 to 14.0.0.
Release notes
Sourced from commander's releases.
Changelog
Sourced from commander's changelog.
Commits
395cf71Preparing for Commander v14.0.0 (#2366)dd7edf4Add typings for helpGroup support (#2367)c324ea3Add support for groups of options and commands in the help (#2328)00af603Merge branch 'develop' into release/14.xfe4bedbci: Update node-version (#2365)ed70e5bBump eslint from 9.23.0 to 9.25.1 (#2362)5bb7b6eBump@eslint/jsfrom 9.23.0 to 9.25.1 (#2363)d0380cfBump typescript from 5.8.2 to 5.8.3 (#2364)a2eebf3Bump@types/nodefrom 22.13.14 to 22.15.3 (#2361)1276c4cBump eslint-config-prettier from 10.1.1 to 10.1.2 (#2360)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)