build(deps): bump the dependencies group across 1 directory with 24 updates

[dependabot]

Bumps the dependencies group with 24 updates in the / directory:

Package	From	To
@google/genai	1.44.0	2.8.0
@modelcontextprotocol/sdk	1.27.1	1.29.0
@steipete/sweet-cookie	0.2.0	0.3.0
commander	14.0.3	15.0.0
dotenv	17.3.1	17.4.2
inquirer	13.3.0	14.0.2
markdansi	0.2.1	0.3.0
openai	6.27.0	6.42.0
osc-progress	0.3.0	0.3.1
qs	6.15.0	6.15.2
shiki	4.0.1	4.2.0
zod	4.3.6	4.4.3
@types/chrome-remote-interface	0.33.0	0.34.0
@types/node	25.3.5	25.9.3
@vitest/coverage-v8	4.0.18	4.1.8
devtools-protocol	0.0.1595872	0.0.1643702
es-toolkit	1.45.1	1.47.0
esbuild	0.27.3	0.28.0
oxfmt	0.36.0	0.54.0
oxlint	1.51.0	1.69.0
puppeteer-core	24.38.0	25.1.0
tsx	4.21.0	4.22.4
typescript	5.9.3	6.0.3
vitest	4.0.18	4.1.8

Updates @google/genai from 1.44.0 to 2.8.0

Release notes

Sourced from @​google/genai's releases.

v2.8.0

2.8.0 (2026-06-03)

Features

• Add Agent Platform MCP support to async generate_content (baeaeaa)
• Add transcription language code. (d2981d6)
• Add TranslationConfig for live translation. (8c44240)
• Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)

v2.7.0

2.7.0 (2026-05-27)

Features

• Add Skill Registry ListSkills and DeleteSkill to SDK (d75582a)
• additional computer_use field support for vertex. (54a692b)
• interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (3cc830e)
• interaction-api: Enable BigQuery tool in Deep Research config. (58c8c7e)
• Support Reinforcement Tuning in GenAI SDK (418cc35)

v2.6.0

2.6.0 (2026-05-21)

Features

• add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (f780f3c)
• Add budget_exceeded status (1e97bd0)
• Add gemini-3.5-flash (1e97bd0)
• add new fields (b78eeee)

v2.5.0

2.5.0 (2026-05-20)

Features

• Add Gemini 3.5 Flash model to options (fcf26e3)

v2.4.0

2.4.0 (2026-05-17)

Features

• support Agent and Environment APIs. (b0d9d2b)

... (truncated)

Changelog

Sourced from @​google/genai's changelog.

2.8.0 (2026-06-03)

Features

• Add Agent Platform MCP support to async generate_content (baeaeaa)
• Add transcription language code. (d2981d6)
• Add TranslationConfig for live translation. (8c44240)
• Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)

2.7.0 (2026-05-27)

Features

• Add Skill Registry ListSkills and DeleteSkill to SDK (d75582a)
• additional computer_use field support for vertex. (54a692b)
• interaction-api: Allow "text/csv" as a supported document mime type for Interaction API. (3cc830e)
• interaction-api: Enable BigQuery tool in Deep Research config. (58c8c7e)
• Support Reinforcement Tuning in GenAI SDK (418cc35)

2.6.0 (2026-05-21)

Features

• add enable_prompt_injection_detection for Computer Use feature for the Gemini API. (f780f3c)
• Add budget_exceeded status (1e97bd0)
• Add gemini-3.5-flash (1e97bd0)
• add new fields (b78eeee)

2.5.0 (2026-05-20)

Features

• Add Gemini 3.5 Flash model to options (fcf26e3)

2.4.0 (2026-05-17)

Features

• support Agent and Environment APIs. (b0d9d2b)

Bug Fixes

• output_text for turns that don't end with text. (1a3d94f)

... (truncated)

Commits

• ea0dd60 chore(main): release 2.8.0 (#1646)
• 36f0bfb feat: Support ReinforcementTuning in GenAI SDK including ValidateReward API m...
• d2981d6 feat: Add transcription language code.
• 98ac90d chore: deprecate Google Maps grounding widget API fields
• 8c44240 feat: Add TranslationConfig for live translation.
• baeaeaa feat: Add Agent Platform MCP support to async generate_content
• c1d3cb7 chore: Internal cleanup
• bd78ed3 chore: Fix relative import path in pagers.ts.
• 2821346 chore(main): release 2.7.0 (#1630)
• 54a692b feat: additional computer_use field support for vertex.
• Additional commits viewable in compare view

Install script changes

This version adds preinstall script that runs during installation. Review the package contents before updating.

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #580) by @​antogyn in modelcontextprotocol/typescript-sdk#757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in modelcontextprotocol/typescript-sdk#1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in modelcontextprotocol/typescript-sdk#1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in modelcontextprotocol/typescript-sdk#1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in modelcontextprotocol/typescript-sdk#1738
• chore: bump version to 1.28.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

• @​antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757
• @​tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596
• @​poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• a056569 chore: bump version to 1.28.0 (#1746)
• Additional commits viewable in compare view

Updates @steipete/sweet-cookie from 0.2.0 to 0.3.0

Release notes

Sourced from @​steipete/sweet-cookie's releases.

v0.3.0

Fixed

• Enable node:sqlite readBigInts on Node 22+ so current Chromium cookie expiry values do not overflow on the active LTS line. ([#25](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/25), thanks @navarch-orion)
• Support Firefox 147+ Linux XDG profile roots under $XDG_CONFIG_HOME/mozilla/firefox, with legacy ~/.mozilla/firefox fallback. ([#28](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/28), thanks @solomonneas)
• Warn when Chromium v20 App-Bound encrypted cookies fail to decrypt instead of silently dropping them. ([#24](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/24), thanks @devskale)

Release Proof

• npm: https://www.npmjs.com/package/@​steipete/sweet-cookie/v/0.3.0
• registry tarball: https://registry.npmjs.org/@​steipete/sweet-cookie/-/sweet-cookie-0.3.0.tgz
• npm integrity: sha512-eGjIEtWe6PPO1kOGGcxloiI8CXuIRdUzDbNBjhoZyvS9FiL0U3vVussNDV0EBuu3OILGrCKizpkxmpJ9G3BcHg==
• CI: https://github.com/steipete/sweet-cookie/actions/runs/25886548509
• local gates: pnpm build, pnpm check, pnpm test, pnpm test:bun
• fresh install smoke: npm i @steipete/sweet-cookie@0.3.0; ESM import returned function function

Changelog

Sourced from @​steipete/sweet-cookie's changelog.

0.3.0 - 2026-05-14

Fixed

• Enable node:sqlite readBigInts on Node 22+ so current Chromium cookie expiry values do not overflow on the active LTS line. ([#25](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/25), thanks @navarch-orion)
• Support Firefox 147+ Linux XDG profile roots under $XDG_CONFIG_HOME/mozilla/firefox, with legacy ~/.mozilla/firefox fallback. ([#28](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/28), thanks @solomonneas)
• Warn when Chromium v20 App-Bound encrypted cookies fail to decrypt instead of silently dropping them. ([#24](https://github.com/steipete/sweet-cookie/tree/HEAD/packages/core/issues/24), thanks @devskale)

Commits

• f7f8d66 chore(release): 0.3.0
• a099c5f feat: add v20 App-Bound Encryption detection and warning (#24)
• 3c4c510 test: lock node:sqlite bigint support matrix
• 446c704 fix(firefox): support Linux XDG profile roots
• d7b30f5 chore: use tsgo for TypeScript builds
• See full diff in compare view

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

• ba6d13d Fix release dates in changelog (#2523)
• a752ed9 Pin GitHub actions with hash (#2521)
• 74d5dfe Drop EOL node 20 from test matrix, and add node 26 (#2520)
• 6df9b68 Update details for 15.0.0 release (#2519)
• 01ce5d0 Remove jest esm examples (#2517)
• d785d8b Update dependencies (#2518)
• 9098b48 Update dependencies (#2506)
• 373f660 Use node:util stripVTControlCharacters instead of own code (#2486)
• 987f289 Use simple match in test (to avoid warning about expensive regex) (#2485)
• 0ea3bb3 Update dependecies and lint (#2489)
• Additional commits viewable in compare view

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates inquirer from 13.3.0 to 14.0.2

Release notes

Sourced from inquirer's releases.

inquirer@14.0.2

• Fix security warnings in external-editor

inquirer@14.0.1

• Rolled back mute-stream dependency from v4 to v3 to undo breaking compatible engines.
• Added tooling to prevent regression of the above in the future. This surfaced our min engines already enforced a higher limit, so adjusted the explicit limits to match the current state.

inquirer@14.0.0

• Fix (breaking): Inquirer will now throw when encountering non-registered prompt. Prior to this fix, Inquirer would default to type: 'input' in such cases - this behaviour was misleading and made it harder to detect broken code when not using Typescript.
• Feat: Read env variable INQUIRER_KEYBINDINGS to enable vim or emacs keybindings; making this a user preference instead of a library author preference. One caveat is doing so disable the search feature in the select prompt. Syntax: INQUIRER_KEYBINDINGS=vim,emacs.
• Fix: Line wraps would sometime cause the cursor to be mispositioned relative to the input.
• Chore: Dropped the rxjs dependency in favor of a lightweight internal Observable implementation. The package is much smaller for most users now.
• Chore: Bump dependencies.

inquirer@13.4.3

• Fix: Windows rendering bug
• Fix: Preserve exact literal types in choices array (Typescript only)
• Fix: Allow input default value to be of type undefined (Typescript only)
• Bump dependencies

inquirer@13.4.2

• Fix: some Windows terminals would freeze and not react to keypresses.

inquirer@13.4.1

• Improve expand prompt type inferrence.

inquirer@13.4.0

• Feat: Added a loading message while validating editor prompt input.
• Type improvement: Better type inference with checkbox, search and expand prompts.
• Fix: editor prompt not always properly handling editor path on windows.

inquirer@13.3.2

• Fix broken 1.3.1 release process.

inquirer@13.3.1

• Bump dependencies

Commits

• bfd8710 chore: Publish new release
• 55cc5f3 feat: add reusable package lint CLI
• 3af9ed0 test(inquirer): capture prompt runner output
• 4381857 fix(@​inquirer/input): remove stale lint suppression
• 45df331 fix(@​inquirer/external-editor): harden editor temp files
• adef323 chore: limit CI token permissions
• b43359d chore: Publish new release
• 24ecae2 chore: fix yarn.lock
• b078d97 fix: validate package engine compatibility
• 3a49f9f chore(deps-dev): Bump oxfmt in the formatting group (#2143)
• Additional commits viewable in compare view

Updates markdansi from 0.2.1 to 0.3.0

Release notes

Sourced from markdansi's releases.

Markdansi 0.3.0

Changes

• CLI: support markdansi file.md positional input files (#3, thanks @​risenowrise).
• Fix table truncation for styled, linked, CJK, and emoji cells without leaking ANSI/OSC state (#4, thanks @​devYRPauli).

Verification

• npm version page: https://www.npmjs.com/package/markdansi/v/0.3.0
• Registry tarball: https://registry.npmjs.org/markdansi/-/markdansi-0.3.0.tgz
• npm integrity: sha512-M6Nc2awN0jCBWcMO79ahKmel5IksN0qcHtIeokJhJPVgfaH8SJF2sf4XEuK8xCtmNhNO1Tod6pZL+7+2E9x77w==
• npm publish time: 2026-06-10T07:20:50.997Z
• Git tag: v0.3.0 at ff715a22aa4c3c629705c2f6c3dc7f55fa9ae257
• Current-main CI: ci/test passed at https://github.com/steipete/Markdansi/actions/runs/27259979030 and Dependabot passed at https://github.com/steipete/Markdansi/actions/runs/27259981195.
• Local proof: pnpm format:check, pnpm lint, pnpm typecheck, pnpm types, pnpm test, pnpm build, compiled CLI positional-input smoke, ANSI/OSC truncation raw-output proof, and autoreview clean.

Changelog

Sourced from markdansi's changelog.

0.3.0 (2026-06-10)

• CLI: support markdansi file.md positional input files (#3, thanks @​risenowrise).
• Fix table truncation for styled, linked, CJK, and emoji cells without leaking ANSI/OSC state (#4, thanks @​devYRPauli).

Commits

• ff715a2 chore: release 0.3.0
• d1e2d6b Merge pull request #4 from devYRPauli/fix/table-truncation-ansi-aware
• 4e735f6 fix: preserve OSC links in table truncation
• 908ca83 fix: truncate table cells by visible width and keep ANSI balanced
• ec49069 fix(cli): support positional input files
• 095d9ac fix: include tsgo runtime dependency
• f781f61 chore: update TypeScript dependencies
• 7a15e09 chore: fix copyright header
• ec850a1 build: adopt oxlint oxfmt and tsgo
• See full diff in compare view

Updates openai from 6.27.0 to 6.42.0

Release notes

Sourced from openai's releases.

v6.42.0

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

v6.41.0

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

v6.40.0

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (aee09f3)

Chores

• remove migrate CLI (673c618)

v6.39.1

6.39.1 (2026-05-27)

Full Changelog: v6.39.0...v6.39.1

Bug Fixes

• Improve undici dispatcher mismatch guidance (#1898) (b6e5fd6)
• treat text/plan with format: binary as raw upload (f9a632a)
• treat text/plan with format: binary as raw upload (323cb78)

Chores

• internal: codegen related update (d32deef)

v6.39.0

6.39.0 (2026-05-21)

... (truncated)

Changelog

Sourced from openai's changelog.

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (aee09f3)

Chores

• remove migrate CLI (673c618)

6.39.1 (2026-05-27)

Full Changelog: v6.39.0...v6.39.1

Bug Fixes

• Improve undici dispatcher mismatch guidance (#1898) (b6e5fd6)
• treat text/plan with format: binary as raw upload (f9a632a)
• treat text/plan with format: binary as raw upload (323cb78)

Chores

• internal: codegen related update (d32deef)

6.39.0 (2026-05-21)

Full Changelog: v6.38.0...v6.39.0

Features

... (truncated)

Commits

• 6f849f4 release: 6.42.0
• 579edb2 feat(api): responses.moderation and chat_completions.moderation
• 7fa93eb release: 6.41.0
• 3b7fe31 feat(api): Add Amazon Bedrock Responses support (#1899)
• caf499a codegen metadata
• 77bec5b release: 6.40.0
• 0fb7602 feat(api): workload identity in audit logs, additional_tools item in response...
• 4a860b8 chore: remove migrate CLI
• 6c11a74 release: 6.39.1
• a91a7aa fix: Improve undici dispatcher mismatch guidance (#1898)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openai since your current version.

Updates osc-progress from 0.3.0 to 0.3.1

Release notes

Sourced from osc-progress's releases.

0.3.1

Fixed

• Add a package export default condition so CJS-style resolvers can find the ESM entrypoint. ([#8](https://github.com/steipete/osc-progress/issues/8), thanks @grimmjoww)
• Strip control characters from OSC progress labels so labels cannot break emitted progress sequences. ([#15](https://github.com/steipete/osc-progress/issues/15), thanks @devYRPauli)

Release Proof

• npm: osc-progress@0.3.1
• Registry tarball: osc-progress-0.3.1.tgz
• Integrity: sha512-2+kMidO/YodbpyjdKUfR2Io978LuXfWpgu47zT8rF6hsaiWeD7CxHpU9deG8nB953M9og+A4qDlcmR6VFqAHaQ==
• Published: 2026-06-10T07:18:07.613Z
• Commit: 73eb0140437860de954ff9bb9ff1279c476e8976
• CI: main ci run 27259801063 passed.
• Fresh release gate immediately before npm publish: 0 open issues, 0 open PRs, and main CI green for the release commit.

Changelog

Sourced from osc-progress's changelog.

0.3.1 - 2026-06-10

Fixed

• Add a package export default condition so CJS-style resolvers can find the ESM entrypoint. ([#8](https://github.com/steipete/osc-progress/issues/8), thanks @grimmjoww)
• Strip control characters from OSC progress labels so labels cannot break emitted progress sequences. ([#15](https://github.com/steipete/osc-progress/issues/15), thanks @devYRPauli)

Commits

• 73eb014 chore: prepare 0.3.1 release
• cde5ca3 fix: strip interior control characters in sanitizeLabel
• ac66ed9 build(deps-dev): bump the dependencies group with 6 updates (#14)
• 14d1f78 build(deps-dev): bump the dependencies group with 3 updates (#13)
• 379f0e8 build(deps-dev): bump the dependencies group with 8 updates (#12)
• 8a7bd14 build(deps-dev): bump the dependencies group with 7 updates (#11)
• 67ab356 build(deps): bump pnpm/action-setup from 5 to 6 in the actions group (#9)
• a6b1352 build(deps-dev): bump the dependencies group with 6 updates (#10)
• 242e317 fix(exports): add default export condition
• d7114c4 build(deps): bump pnpm/action-setup from 4 to 5 in the actions group (#6)
• Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

• [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
• [Fix] stringify: use configured delimiter after charsetSentinel (#555)
• [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
• [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
• [Fix] parse: handle nested bracket groups and add regression tests (#530)
• [readme] fix grammar (#550)
• [Dev Deps] update @ljharb/eslint-config
• [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

Commits

• 9aca407 v6.15.2
• 5e33d33 [Dev Deps] update @ljharb/eslint-config
• 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
• a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
• e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
• 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
• 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
• 96755ab [readme] fix grammar
• a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
• 3f5e1c5 v6.15.1
• Additional commits viewable in compare view

Updates shiki from 4.0.1 to 4.2.0

Release notes

Sourced from shiki's releases.

v4.2.0

   🚀 Features

• Add @​shikijs/stream and @​shikijs/magic-move packages  -  by @​antfu in shikijs/shiki#1283 (d031f)

   🐞 Bug Fixes

• transformers: Handle YAML comment prefixes correctly for v3  -  by @​AkaHarshit in shikijs/shiki#1266 (f694a)
• vitepress-twoslash: Scroll blocking on mobile viewports  -  by @​micaiguai in shikijs/shiki#1262 (9e0e8)

    View changes on GitHub

v4.1.0

   🐞 Bug Fixes

• twoslash: Forward tsModule to createTwoslasher  -  by @​arthurfiorette in shikijs/shi...

  Description has been truncated