chore(deps): bump the all-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the all-dependencies group with 2 updates in the / directory: grimoire-wizard and vitest.

Updates grimoire-wizard from 0.5.2 to 0.6.1

Release notes

Sourced from grimoire-wizard's releases.

v0.6.1

Full Changelog: YosefHayim/grimoire@v0.6.0...v0.6.1

v0.6.0

What's Changed

• feat: batch 1 — bug fix + schema/config enhancements (#26, #12, #23, #13, #11) by @​YosefHayim in YosefHayim/grimoire#27
• feat: batch 2 — theme & styling enhancements (#25, #14, #22) by @​YosefHayim in YosefHayim/grimoire#28
• feat: batch 3 — runner/API enhancements (#16, #21, #20) by @​YosefHayim in YosefHayim/grimoire#29
• docs: document answer caching, progress persistence, and pipelines (#17, #18) by @​YosefHayim in YosefHayim/grimoire#31
• feat: batch 6 — browser step type + optionsProvider tests (#6, #8) by @​YosefHayim in YosefHayim/grimoire#32
• feat: batch 7 — async lifecycle hooks with HookContext (#4, #5) by @​YosefHayim in YosefHayim/grimoire#33
• feat: batch 9 — multi-column layout for select/multiselect/search (#19) by @​YosefHayim in YosefHayim/grimoire#35
• feat: batch 4 — custom banner/logo, screen clearing, demo showcase (#9, #15) by @​YosefHayim in YosefHayim/grimoire#30
• feat: batch 8 — expanded loading TUI (#24) by @​YosefHayim in YosefHayim/grimoire#34
• feat: batch 10 — compound steps via HookContext.prompt + openBrowser (#7) by @​YosefHayim in YosefHayim/grimoire#36

Full Changelog: YosefHayim/grimoire@v0.5.2...v0.6.0

Changelog

Sourced from grimoire-wizard's changelog.

[0.6.1] - 2026-03-18

Fixed

• Progress auto-restores even when disabled — resume: false and cache: false now both fully prevent progress file restoration. Previously, a cancelled wizard would save a checkpoint and resume from that step on the next run, ignoring resume: false and cache: false. (#48)
• Cancel no longer saves progress when resume is disabled — performCancel() now checks resumeEnabled before writing the progress file. Previously it always wrote, causing phantom resume behavior.
• grimoire cache clear now also clears progress files — the CLI command was only clearing the cache directory (~/.config/grimoire/cache/) but not the progress directory (~/.config/grimoire/progress/), so cleared users still got resume behavior.

Added

• clearAllProgress() export — new function to programmatically wipe all progress files; used internally by grimoire cache clear and available for library consumers.

[0.6.0] - 2026-03-16

Added

• HookContext.openBrowser(url) — lifecycle hooks can open a URL in the system browser (macOS/Linux/Windows) with URL validation and no shell injection
• HookContext.prompt(config) — hooks can ask the user additional questions mid-flow without needing a dedicated wizard step; supports text, password, confirm, select, number
• checksStyle: 'tasklist' — pre-flight checks render as an in-place animated task list with cursor-aware TTY guard (falls back to spinner in non-TTY/CI)
• meta.clearBetweenSteps — clears the terminal between each step for a focused one-question-at-a-time UX
• meta.banner / meta.subtitle — custom ASCII banner text and subtitle shown in the wizard header
• HookContext.setNextStep('__done__') — call this sentinel to finish the wizard early from any hook
• NoteStyle on note steps — steps can specify a box style for the rendered note
• Multi-column layout — select/multiselect/search steps support columns to render options side-by-side
• ChecksStyle type export — checksStyle is now a typed export from the package

Fixed

• SIGINT saves progress — Ctrl-C cancellation now runs onCancel, persists resume state, and emits session:end before exiting
• ClackRenderer tasklist mode — suppresses duplicate check:pass/check:fail lines when tasklist owns the terminal
• Note/message steps excluded from answers — note, message, and browser step answers are no longer stored in the final answers object
• Mock fail-fast — mock mode always throws on missing answers instead of silently falling through to interactive prompt

Commits

• 2c3f576 chore: release v0.6.1 — fix resume/progress ignoring cache:false and resume:f...
• 422a7f6 test: add 6 regression tests for resume/progress behavior (issue #48)
• ec38ceb fix: resume/progress respects cache:false and resume:false; cache clear also ...
• 03d548e ci: skip CI on dependabot PRs, auto-merge all updates, add dependabot config
• 45c238f chore: release v0.6.0
• 871b9e6 feat: batch 10 — compound steps via HookContext.prompt + openBrowser (#7) (#36)
• 04000ef feat: batch 8 — expanded loading TUI (#24) (#34)
• 7f91570 feat: batch 4 — custom banner/logo, screen clearing, demo showcase (#9, #15) ...
• 86153a1 feat: batch 9 — multi-column layout for select/multiselect/search (#19) (#35)
• 5f1ff06 feat: batch 7 — async lifecycle hooks with HookContext (#4, #5) (#33)
• Additional commits viewable in compare view

Updates vitest from 4.1.0 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in vitest-dev/vitest#9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9949 (0d5f9)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• 1f2d318 chore: release v4.1.1
• ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
• 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
• eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Upgrade grimoire-wizard to 0.6.1 and vitest to 4.1.2 to add new wizard features, fix resume/cache behavior, and address a transitive CVE in Vitest’s dependencies.

• Dependencies
  • grimoire-wizard 0.6.1
    • Adds HookContext.openBrowser(), HookContext.prompt(), banner/subtitle, meta.clearBetweenSteps, and multi-column selects.
    • Fixes progress handling to honor resume: false / cache: false; grimoire cache clear now wipes progress files.
  • vitest 4.1.2
    • Updates flatted to resolve a CVE and includes small fixes (e.g., stops resolving setupFiles from parent).
    • No config changes required.

^{Written for commit 335f4bb. Summary will update on new commits.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 335f4bb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[cubic-dev-ai]

No issues found across 2 files