Bump the production-dependencies group with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates:

Package	From	To
@clack/prompts	1.1.0	1.2.0
minimatch	10.2.4	10.2.5
preact	10.29.0	10.29.1
toml	3.0.0	4.1.1
@types/node	25.5.0	25.5.2
esbuild	0.27.4	0.28.0

Updates @clack/prompts from 1.1.0 to 1.2.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.2.0

Minor Changes

• 9786226: Externalize fast-string-width and fast-wrap-ansi to avoid double dependencies
• 090902c: Adds date prompt with format support (YMD, MDY, DMY)

Patch Changes

• 134a1a1: Fix the path prompt so directory: true correctly enforces directory-only selection while still allowing directory navigation, and add regression tests for both directory and default file selection behavior.
• bdf89a5: Adds placeholder option to autocomplete. When the placeholder is set and the input is empty, pressing tab will set the value to placeholder.
• 336495a: Apply guide to wrapped multi-line messages in confirm prompt.
• 9fe8de6: Respect withGuide: false in autocomplete and multiselect prompts.
• 29a50cb: Fix path directory mode so pressing Enter with an existing directory initialValue submits that current directory instead of the first child option, and add regression coverage for immediate submit and child-directory navigation.
• Updated dependencies [9786226]
• Updated dependencies [bdf89a5]
• Updated dependencies [417b451]
• Updated dependencies [090902c]
  • @​clack/core@​1.2.0

Changelog

Sourced from @​clack/prompts's changelog.

1.2.0

Minor Changes

• 9786226: Externalize fast-string-width and fast-wrap-ansi to avoid double dependencies
• 090902c: Adds date prompt with format support (YMD, MDY, DMY)

Patch Changes

• 134a1a1: Fix the path prompt so directory: true correctly enforces directory-only selection while still allowing directory navigation, and add regression tests for both directory and default file selection behavior.
• bdf89a5: Adds placeholder option to autocomplete. When the placeholder is set and the input is empty, pressing tab will set the value to placeholder.
• 336495a: Apply guide to wrapped multi-line messages in confirm prompt.
• 9fe8de6: Respect withGuide: false in autocomplete and multiselect prompts.
• 29a50cb: Fix path directory mode so pressing Enter with an existing directory initialValue submits that current directory instead of the first child option, and add regression coverage for immediate submit and child-directory navigation.
• Updated dependencies [9786226]
• Updated dependencies [bdf89a5]
• Updated dependencies [417b451]
• Updated dependencies [090902c]
  • @​clack/core@​1.2.0

Commits

• aa488fc [ci] release (#482)
• 9fe8de6 feat: respect withGuide: false in autocomplete and multiselect prompts (#500)
• 001351e test: specify locale in tests (#497)
• 336495a fix: correctly wrap multi-line messages in confirm prompt (#495)
• ffbdcb0 [ci] format
• fe32e13 ref(dates): adjust date interface (#487)
• bdf89a5 feat(prompts,core): make autocomplete placeholder tabbable (#485)
• 52fce8a fix(date): resolve timezone issues in DatePrompt (#486)
• 090902c feat(core, prompts): add DatePrompt for date input with customizable formats ...
• 29a50cb fix(prompts): submit initial directory value in path prompt (#484)
• Additional commits viewable in compare view

Updates minimatch from 10.2.4 to 10.2.5

Commits

• 693c823 10.2.5
• 7953af1 do not allow .. to consume drive letter on Windows
• 1caf918 lint and format
• 7783ed6 ignore docs
• 6d9b356 update deps etc
• See full diff in compare view

Updates preact from 10.29.0 to 10.29.1

Release notes

Sourced from preact's releases.

10.29.1

Fixes

• Create a unique event-clock for each Preact instance on a page. (#5068, thanks @​JoviDeCroock)
• Fix incorrect DOM order with conditional ContextProvider and inner keys (#5067, thanks @​JoviDeCroock)

Maintenance

• fix: Remove postinstall script for playwright setup (#5063, thanks @​rschristian)
• chore: speed up tests by using playwright instead of webdriverio (#5060, thanks @​marvinhagemeister)
• chore: migrate remaining .js -> .jsx files (#5059, thanks @​marvinhagemeister)
• chore: rename .test.js -> .test.jsx when JSX is used (#5058, thanks @​marvinhagemeister)
• Migrate from biome to oxfmt (#5033, thanks @​JoviDeCroock)

Commits

• 4dc9b50 10.29.1 (#5071)
• 0560f9a Create a unique event-clock for each Preact instance on a page. (#5068)
• cda06de Fix incorrect DOM order with conditional ContextProvider and inner keys (#506...
• c859700 fix: Remove postinstall script for playwright setup (#5063)
• 110966a Merge pull request #5060 from preactjs/playwright
• 20a9be1 chore: speed up tests by using playwright instead of webdriverio
• dacefd5 Merge pull request #5059 from preactjs/jsx-migrate2
• 2a61642 chore: migrate remaining .js -> .jsx files
• 71ecde6 Merge pull request #5058 from preactjs/jsx-tests
• cd1c4af chore: rename *.js -> *.jsx when JSX is used
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates toml from 3.0.0 to 4.1.1

Changelog

Sourced from toml's changelog.

4.1.1 - March 31 2026

• Increase performance ~5x (#68)

4.1.0 - March 31 2026

• Add spec v1.1.0 support (#67)

4.0.1 - March 31 2026

• Minor packaging changes

4.0.0 - March 31 2026

• Modernize tooling and support TOML v1.0.0 spec (#66)

---

2.3.0 - July 13 2015

• Correctly handle quoted keys (#21)

2.2.3 - June 8 2015

• Support empty inline tables (#24)
• Do not allow implicit table definitions to replace value (#23)
• Don't allow tables to replace inline tables (#25)

2.2.2 - April 3 2015

• Correctly handle newlines at beginning of string (#22)

2.2.1 - March 17 2015

• Parse dates generated by Date#toISOString() (#20)

2.2.0 - Feb 26 2015

• Support TOML spec v0.4.0

2.1.0 - Jan 7 2015

... (truncated)

Commits

• 3840fac 4.1.1
• 5b7b728 4.1.0
• 4178324 Update changelog
• 07626bc Merge pull request #68 from BinaryMuse/mkt/perf
• a06aa28 Improve performance ~5x
• e04b6b9 Merge pull request #67 from BinaryMuse/mkt/spec-1-1-0
• 7261002 Update README and package.json for TOML v1.1.0 compliance
• 341d9ad Add TOML v1.1.0 support
• be46336 4.0.1
• 9910d08 Update changelog
• Additional commits viewable in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates esbuild from 0.27.4 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

v0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }

... (truncated)

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• 2025c9f publish 0.27.7 to npm
• c6b586e fix typo in Makefile for @esbuild/win32-x64
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions