deps: bump the production group across 1 directory with 12 updates

[dependabot]

Bumps the production group with 12 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	1.26.0	1.29.0
ajv	8.18.0	8.20.0
cosmiconfig	9.0.0	9.0.1
inquirer	13.2.2	13.4.2
ora	9.2.0	9.4.0
tree-sitter	0.21.1	0.25.0
tree-sitter-go	0.21.2	0.25.0
tree-sitter-java	0.21.0	0.23.5
tree-sitter-javascript	0.21.4	0.25.0
tree-sitter-python	0.21.0	0.25.0
tree-sitter-rust	0.21.0	0.24.0
tree-sitter-typescript	0.21.2	0.23.2

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in modelcontextprotocol/typescript-sdk#1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in modelcontextprotocol/typescript-sdk#1640
• chore: bump version to 1.29.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

• @​tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623
• @​jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #580) by @​antogyn in modelcontextprotocol/typescript-sdk#757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in modelcontextprotocol/typescript-sdk#1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in modelcontextprotocol/typescript-sdk#1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in modelcontextprotocol/typescript-sdk#1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in modelcontextprotocol/typescript-sdk#1738
• chore: bump version to 1.28.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

• @​antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757
• @​tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596
• @​poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

• feat: implement auth/pre-registration conformance scenario by @​felixweinberger in modelcontextprotocol/typescript-sdk#1545
• docs: add governance documentation for SEP-1730 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1547
• docs: comprehensive feature documentation for SEP-1730 Tier 1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1548
• fix: prevent command injection in example URL opening (v1.x backport) by @​maxisbey in modelcontextprotocol/typescript-sdk#1579
• fix: call onerror for silently swallowed transport errors by @​qing-ant in modelcontextprotocol/typescript-sdk#1580
• chore: bump version to 1.27.1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

• @​qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits

• e12cbd7 chore: bump version to 1.29.0 (#1820)
• 3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
• 5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
• 7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
• 364f38c v1.x npm audit fix (#1780)
• c95cc09 Add typings exports (#1623)
• ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
• 2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
• 13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
• a056569 chore: bump version to 1.28.0 (#1746)
• Additional commits viewable in compare view

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in ajv-validator/ajv#2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

• fix prototype pollution via format keyword using $data ref by @​epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

• 0fba0b8 8.20.0
• 9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
• 2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
• 154b58d 8.19.0
• e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
• See full diff in compare view

Updates cosmiconfig from 9.0.0 to 9.0.1

Changelog

Sourced from cosmiconfig's changelog.

9.0.1

• Fixed a race condition where multiple instances existing simultaneously could cause cosmiconfig to fail to load TypeScript config files.
• Fixed an issue on Windows where CWD being a short path (e.g. C:\Users\USERNA~1) would cause cosmiconfig to fail to load ESM config files.

Commits

• 9a5cda3 9.0.1
• 2174017 update changelog
• 536d4a0 Prevent race conditions when running multiple instances of cosmiconfig and ...
• 4b48611 remove debug log
• 53d1745 remove more EOL node versions
• 7c1a1e3 replace resolve with realpath
• fcc9084 add additional path.resolve for windows short paths
• 7e995c8 debug
• 52b6b1c drop node 14 build as it seems to fail for unreachable reasons
• db45e38 fix tests on windows (3)
• Additional commits viewable in compare view

Updates inquirer from 13.2.2 to 13.4.2

Release notes

Sourced from inquirer's releases.

inquirer@13.4.2

• Fix: some Windows terminals would freeze and not react to keypresses.

inquirer@13.4.1

• Improve expand prompt type inferrence.

inquirer@13.4.0

• Feat: Added a loading message while validating editor prompt input.
• Type improvement: Better type inference with checkbox, search and expand prompts.
• Fix: editor prompt not always properly handling editor path on windows.

inquirer@13.3.2

• Fix broken 1.3.1 release process.

inquirer@13.2.5

What's Changed

• fix(@​inquirer/input): handle numeric default values by @​SBoudrias in SBoudrias/Inquirer.js#1978
• chore(deps-dev): Bump the linting group with 4 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1982
• chore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by @​dependabot[bot] in SBoudrias/Inquirer.js#1983
• chore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by @​dependabot[bot] in SBoudrias/Inquirer.js#1984
• chore(deps): Bump the types group with 2 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1985
• refactor(@​inquirer/core): replace wrap-ansi with fast-wrap-ansi by @​njg7194 in SBoudrias/Inquirer.js#1981
• chore(deps): Bump semver from 7.7.3 to 7.7.4 by @​dependabot[bot] in SBoudrias/Inquirer.js#1992
• chore(deps-dev): Bump the build group with 3 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1990
• chore(deps): Bump the types group with 2 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1991
• chore(deps-dev): Bump oxfmt from 0.27.0 to 0.28.0 in the formatting group by @​dependabot[bot] in SBoudrias/Inquirer.js#1989
• feat(@​inquirer/testing): add E2E testing support for CLI applications by @​SBoudrias in SBoudrias/Inquirer.js#1980
• fix(@​inquirer/testing): auto-mock @​inquirer/prompts barrel re-exports by @​SBoudrias in SBoudrias/Inquirer.js#1994
• ci: auto-merge dependabot PRs for patch and minor updates by @​SBoudrias in SBoudrias/Inquirer.js#1995
• fix(@​inquirer/testing): prevent artificial line wrapping in test output by @​SBoudrias in SBoudrias/Inquirer.js#1996
• fix(@​inquirer/testing): declare @inquirer/* packages as optional peerDependencies by @​SBoudrias in SBoudrias/Inquirer.js#1997
• chore(deps-dev): Bump oxfmt from 0.28.0 to 0.32.0 in the formatting group by @​dependabot[bot] in SBoudrias/Inquirer.js#1999
• chore(deps-dev): Bump turbo from 2.8.3 to 2.8.9 in the build group by @​dependabot[bot] in SBoudrias/Inquirer.js#2000
• chore(deps-dev): Bump the types group with 2 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#2001
• chore(deps-dev): Bump vitest from 3.2.4 to 4.0.18 in the testing group by @​dependabot[bot] in SBoudrias/Inquirer.js#1998
• chore(deps): Bump @​xterm/headless from 5.5.0 to 6.0.0 by @​dependabot[bot] in SBoudrias/Inquirer.js#2002
• fix(@​inquirer/testing): handle SWC-style module namespace objects in wrapPrompt by @​SBoudrias in SBoudrias/Inquirer.js#2004

New Contributors

• @​njg7194 made their first contribution in SBoudrias/Inquirer.js#1981

Full Changelog: https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.2.5

inquirer@13.2.4

What's Changed

• fix(@​inquirer/input): handle numeric default values by @​SBoudrias in SBoudrias/Inquirer.js#1978
• chore(deps-dev): Bump the linting group with 4 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1982
• chore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by @​dependabot[bot] in SBoudrias/Inquirer.js#1983
• chore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by @​dependabot[bot] in SBoudrias/Inquirer.js#1984
• chore(deps): Bump the types group with 2 updates by @​dependabot[bot] in SBoudrias/Inquirer.js#1985

... (truncated)

Commits

• 35bda2a chore: Publish new release
• 98eee29 fix(lint): suppress no-unnecessary-type-parameters on parseJSON helper
• aba5965 chore(deps-dev): Bump @​types/node in the types group (#2088)
• db8fbf1 chore(deps-dev): Bump turbo from 2.9.5 to 2.9.6 in the build group (#2087)
• 3cdecf5 chore(deps-dev): Bump oxfmt in the formatting group (#2086)
• e370b57 chore(deps-dev): Bump the linting group with 5 updates (#2085)
• 2787267 chore(deps-dev): Bump the testing group with 3 updates (#2084)
• 0c55499 chore(deps-dev): Bump the formatting group with 2 updates (#2081)
• e7115d9 fix(@​inquirer/core): mute output after readline initialization (#2077)
• e5e14ab chore(deps): Bump dependabot/fetch-metadata from 2 to 3 (#2078)
• Additional commits viewable in compare view

Updates ora from 9.2.0 to 9.4.0

Release notes

Sourced from ora's releases.

v9.4.0

• Add successSymbol and failSymbol options to oraPromise 3d2e0a9

---

sindresorhus/ora@v9.3.0...v9.4.0

v9.3.0

• Reduce flicker in rendering 2ab4f76

---

sindresorhus/ora@v9.2.0...v9.3.0

Commits

• 46a6703 9.4.0
• 3d2e0a9 Add successSymbol and failSymbol options to oraPromise
• f70f613 Test tweaks
• 7cf29a7 Validate some options better
• 4496362 9.3.0
• 2ab4f76 Reduce flicker in rendering
• 8d17b13 Add FAQ item
• 4cf47fc Add more tests for discardStdin
• 9763e60 Document Ctrl+C behavior for discardStdin
• See full diff in compare view

Updates tree-sitter from 0.21.1 to 0.25.0

Release notes

Sourced from tree-sitter's releases.

v0.22.4

Full Changelog: tree-sitter/node-tree-sitter@v0.22.3...v0.22.4

Commits

• 3343ab8 0.25.0
• 6d718f9 Bump core lib to 0.25.5
• 8ff5c15 chore: update FUNDING.yml
• 558bfd4 chore: add FUNDING.yml
• 483e185 0.22.4
• 733a096 ci(publish): ensure filenames are unique
• fe9facc 0.22.3
• 8fdbb4c ci(publish): correct gh release step
• 424fb65 docs(readme): fix docs badge
• e1c5781 0.22.2
• Additional commits viewable in compare view

Updates tree-sitter-go from 0.21.2 to 0.25.0

Release notes

Sourced from tree-sitter-go's releases.

v0.25.0

NOTE: Download tree-sitter-go.tar.gz for the complete source code.

v0.23.4

NOTE: Download tree-sitter-go.tar.xz for the complete source code.

v0.23.3

NOTE: Download tree-sitter-go.tar.xz for the complete source code.

v0.23.2

NOTE: Download tree-sitter-go.tar.xz for the complete source code.

Commits

• 1547678 0.25.0
• 3f912e9 chore: generate
• 179ca03 feat: expose statement list
• e25214e fix: allow the terminator to be omitted for the last element
• edea6bf fix: give index expressions a dynamic precedence of 1
• e1076e5 feat: support generic type aliases
• 00a299e ci: update test failures, use macos-15
• 93c2bb6 build: update bindings
• 1496eb7 feat: use the new reserved rules api
• c350fa5 ci: bump actions/checkout from 4 to 5
• Additional commits viewable in compare view

Updates tree-sitter-java from 0.21.0 to 0.23.5

Release notes

Sourced from tree-sitter-java's releases.

v0.23.5

NOTE: Download tree-sitter-java.tar.xz for the complete source code.

v0.23.4

NOTE: Download tree-sitter-java.tar.xz for the complete source code.

v0.23.3

NOTE: Download tree-sitter-java.tar.xz for the complete source code.

Commits

• 94703d5 0.23.5
• de81673 chore: generate
• 4885576 feat: allow reserved identifiers in element_value_pair
• 24a58d8 fix: correct floating point literal parsing
• 33a3868 fix: allow annotations after the ellipsis in a spread parameter
• e75fda2 fix: give yield in _reserved_identifier a precedence of 0
• 04a649d feat(highlights): add more keywords
• a1bbe92 0.23.4
• 875834d ci(publish): add attestations and generate parser
• 68dd781 ci: bump tree-sitter/setup-action from 1 to 2
• Additional commits viewable in compare view

Updates tree-sitter-javascript from 0.21.4 to 0.25.0

Release notes

Sourced from tree-sitter-javascript's releases.

v0.25.0

NOTE: Download tree-sitter-javascript.tar.gz for the complete source code.

v0.23.1

NOTE: Download tree-sitter-javascript.tar.xz for the complete source code.

Commits

• 44c892e 0.25.0
• 5f100b0 docs: clarify targeted ECMAScript version
• 2409583 chore: generate
• 39798e2 feat: add await to reserved identifiers
• c220d3e feat: add reserved words
• 7ef8551 fix: allow of as identifiers in for loops
• ebdb4f1 feat: add using declaration
• 166a565 ci: use macos-latest
• be1e969 build: update bindings
• b131ccb ci: bump actions/checkout from 4 to 5
• Additional commits viewable in compare view

Updates tree-sitter-python from 0.21.0 to 0.25.0

Release notes

Sourced from tree-sitter-python's releases.

v0.25.0

NOTE: Download tree-sitter-python.tar.gz for the complete source code.

v0.23.6

NOTE: Download tree-sitter-python.tar.xz for the complete source code.

v0.23.5

NOTE: Download tree-sitter-python.tar.xz for the complete source code.

v0.23.4

NOTE: Download tree-sitter-python.tar.xz for the complete source code.

v0.23.3

NOTE: Download tree-sitter-python.tar.xz for the complete source code.

Commits

• 293fdc0 0.25.0
• 34a91a2 chore: generate
• 8ad8a51 ci: update failing files
• a0b84ed test: update tests
• 1b1ca93 fix: give a higher lexical precedence to the * in except*
• a4c106f feat: allow multiple exception expressions without parenthesis
• 29e3bc2 refactor!: simplify exceptions
• d8f9e69 feat: add PEP 750 template string support
• 7ff26da feat: simplify try statement by accepting missing else/except/finally blocks
• afdba00 build: update bindings
• Additional commits viewable in compare view

Updates tree-sitter-rust from 0.21.0 to 0.24.0

Release notes

Sourced from tree-sitter-rust's releases.

v0.24.0

NOTE: Download tree-sitter-rust.tar.gz for the complete source code.

v0.23.3

NOTE: Download tree-sitter-rust.tar.gz for the complete source code.

v0.23.2

NOTE: Download tree-sitter-rust.tar.xz for the complete source code.

v0.23.1

NOTE: Download tree-sitter-rust.tar.xz for the complete source code.

Commits

• 18b0515 0.24.0
• a1f37e8 Regenerate w/ latest ABI
• 3d087c3 0.23.3
• 377ca96 add expr_2021 and pat_param to fragment_specifier (#266)
• 5b8dd57 parse async closures (#265)
• 4bbd594 add tuple_type to possible dynamic types (#257)
• e86119b parse impl types (abstract types) where the lifetime comes first (#258)
• bb08b6f add parsing support for use ::* syntax (#261)
• 5edb201 fix where clauses in type aliases and allow empty where clauses (#259)
• 5ebbba1 fix shebang parsing (#260)
• Additional commits viewable in compare view

Updates tree-sitter-typescript from 0.21.2 to 0.23.2

Release notes

Sourced from tree-sitter-typescript's releases.

v0.23.2

NOTE: Download tree-sitter-typescript.tar.xz for the complete source code.

v0.23.1

NOTE: Download tree-sitter-typescript.tar.xz for the complete source code.

Commits

• f975a62 0.23.2
• 61e2a77 0.23.1
• 7bfe051 fix(rust): don't fetch files from node_modules
• aa6c28f fix: remove glimmer tags
• 9230875 build: move tree-sitter-javascript to dependencies
• 14af167 chore: regenerate
• 31725c1 build: update bindings
• 89e0420 feat(node): support single-file executables via bun build --compile
• 73c4447 chore: regenerate
• 18bb23a build: update bindings
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	tree-sitter-go@​0.21.2 ⏵ 0.25.0			+1
	tree-sitter-java@​0.21.0 ⏵ 0.23.5	+1		+1
	tree-sitter-python@​0.21.0 ⏵ 0.25.0			+1
	tree-sitter-javascript@​0.21.4 ⏵ 0.25.0	+1		+2
	tree-sitter-typescript@​0.21.2 ⏵ 0.23.2			+1
	cosmiconfig@​9.0.0 ⏵ 9.0.1	+1
	tree-sitter-rust@​0.21.0 ⏵ 0.24.0	+1		+1
	tree-sitter@​0.21.1 ⏵ 0.25.0	+1		+3
	ora@​9.2.0 ⏵ 9.4.0	+1		+1
	ajv@​8.18.0 ⏵ 8.20.0	+1
	@​modelcontextprotocol/​sdk@​1.26.0 ⏵ 1.29.0
	inquirer@​13.2.2 ⏵ 13.4.2

View full report