Skip to content

build(deps): bump inquirer from 13.1.0 to 14.0.2#5

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/inquirer-14.0.2
Closed

build(deps): bump inquirer from 13.1.0 to 14.0.2#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/inquirer-14.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

Bumps inquirer from 13.1.0 to 14.0.2.

Release notes

Sourced from inquirer's releases.

inquirer@14.0.2

  • Fix security warnings in external-editor

inquirer@14.0.1

  • Rolled back mute-stream dependency from v4 to v3 to undo breaking compatible engines.
  • Added tooling to prevent regression of the above in the future. This surfaced our min engines already enforced a higher limit, so adjusted the explicit limits to match the current state.

inquirer@14.0.0

  • Fix (breaking): Inquirer will now throw when encountering non-registered prompt. Prior to this fix, Inquirer would default to type: 'input' in such cases - this behaviour was misleading and made it harder to detect broken code when not using Typescript.
  • Feat: Read env variable INQUIRER_KEYBINDINGS to enable vim or emacs keybindings; making this a user preference instead of a library author preference. One caveat is doing so disable the search feature in the select prompt. Syntax: INQUIRER_KEYBINDINGS=vim,emacs.
  • Fix: Line wraps would sometime cause the cursor to be mispositioned relative to the input.
  • Chore: Dropped the rxjs dependency in favor of a lightweight internal Observable implementation. The package is much smaller for most users now.
  • Chore: Bump dependencies.

inquirer@13.4.3

  • Fix: Windows rendering bug
  • Fix: Preserve exact literal types in choices array (Typescript only)
  • Fix: Allow input default value to be of type undefined (Typescript only)
  • Bump dependencies

inquirer@13.4.2

  • Fix: some Windows terminals would freeze and not react to keypresses.

inquirer@13.4.1

  • Improve expand prompt type inferrence.

inquirer@13.4.0

  • Feat: Added a loading message while validating editor prompt input.
  • Type improvement: Better type inference with checkbox, search and expand prompts.
  • Fix: editor prompt not always properly handling editor path on windows.

inquirer@13.3.2

  • Fix broken 1.3.1 release process.

inquirer@13.2.5

What's Changed

... (truncated)

Commits
  • bfd8710 chore: Publish new release
  • 55cc5f3 feat: add reusable package lint CLI
  • 3af9ed0 test(inquirer): capture prompt runner output
  • 4381857 fix(@​inquirer/input): remove stale lint suppression
  • 45df331 fix(@​inquirer/external-editor): harden editor temp files
  • adef323 chore: limit CI token permissions
  • b43359d chore: Publish new release
  • 24ecae2 chore: fix yarn.lock
  • b078d97 fix: validate package engine compatibility
  • 3a49f9f chore(deps-dev): Bump oxfmt in the formatting group (#2143)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026
@socket-security

socket-security Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedinquirer@​13.1.0 ⏵ 14.0.210010010098100

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/inquirer-14.0.2 branch 4 times, most recently from c1e7197 to 1f9e59a Compare June 4, 2026 01:10
@dependabot
build(deps): bump inquirer from 13.1.0 to 14.0.2
90d0709 
Bumps [inquirer](https://github.com/SBoudrias/Inquirer.js) from 13.1.0 to 14.0.2.
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.1.0...inquirer@14.0.2)

---
updated-dependencies:
- dependency-name: inquirer
  dependency-version: 14.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/inquirer-14.0.2 branch from 1f9e59a to 90d0709 Compare June 4, 2026 06:48
@zacharyr0th zacharyr0th mentioned this pull request Jun 11, 2026
Merged
zacharyr0th added a commit that referenced this pull request Jun 11, 2026
@zacharyr0th @admin-raintree @claude
build(deps): apply pending dependabot bumps in one pass (#23)
5a874c5 
* build(deps): apply pending dependabot bumps in one pass

Root: chalk 5.6.2, ora 9.4.0, commander 15.0.0, inquirer 14.0.2,
eslint 10.4.1 + @eslint/js 10.0.1 (with { cause } added to three
re-thrown errors for the new preserve-caught-error rule).
Site: react/react-dom/@types/react 19.2.7, typescript 6.0.3.
Actions: bump pinned SHAs for actions/checkout (v6.0.3) and
actions/setup-node (v6.4.0).

Covers dependabot PRs #4, #5, #6, #7, #8, #10, #12, #13, #15.
Skipped: tailwindcss 4 (#11, needs a real v4 migration) and site
eslint 10 (#14, eslint-config-next incompatible).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix: update site bun.lock instead of adding a package-lock.json

Site CI installs with bun --frozen-lockfile; the npm lockfile was
never used.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: admin-raintree <277948009+admin-raintree@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
@zacharyr0th

zacharyr0th commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Superseded by #23, which applied this bump (merged to main as 5a874c5).

@dependabot @github

dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/inquirer-14.0.2 branch June 11, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zacharyr0th