Skip to content

deps: bump the dev-dependencies group with 3 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-2a7e040422
Open

deps: bump the dev-dependencies group with 3 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-2a7e040422

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026
edited
Loading

Bumps the dev-dependencies group with 3 updates: @mariozechner/pi-coding-agent, @semantic-release/github and vitest.

Updates @mariozechner/pi-coding-agent from 0.68.1 to 0.70.0

Release notes

Sourced from @​mariozechner/pi-coding-agent's releases.

v0.70.0

New Features

Breaking Changes

  • Disabled OSC 9;4 terminal progress indicators by default. Set terminal.showTerminalProgress to true in /settings to re-enable (#3588)

Added

  • Added searchable auth provider login flow with fuzzy filtering in the provider selector (#3572 by @​mitsuhiko)
  • Added GPT-5.5 Codex model
  • Added auth source labels in /login so provider entries can show when auth comes from --api-key, an environment variable, or custom provider fallback without exposing secrets.

Changed

  • Updated default model selection across providers to current recommended models.
  • Improved stale extension context errors after session replacement or reload to tell extension authors to avoid captured pi/command ctx and use withSession for post-replacement work.

Fixed

  • Fixed /model selector cancellation to request render instead of incorrectly triggering login selector.
  • Changed login, OAuth, and extension selectors for more consistent styling.
  • Added Amazon Bedrock setup guidance to /login and updated /model copy to refer to configured providers instead of only API keys.
  • Improved no-model and missing-auth warnings to point users to /login for OAuth or API key setup.
  • Fixed /quit shutdown ordering to stop the TUI before extension UI teardown can repaint, preserving the final rendered frame while still emitting session_shutdown before process exit.
  • Fixed SettingsManager.inMemory() initial settings being lost after reloads triggered by SDK resource loading (#3616)
  • Fixed models.json provider compatibility to accept compat.supportsLongCacheRetention, allowing proxies to opt out of long-retention cache fields when needed while long retention is enabled by default when requested (#3543)
  • Fixed --thinking xhigh for openai-codex gpt-5.5 so it is no longer downgraded to high.
  • Fixed git package installs with custom npmCommand values such as pnpm by avoiding npm-specific production flags in that compatibility path (#3604)
  • Fixed first user messages rendering without spacing after existing notices such as compaction summaries or status messages (#3613)
  • Fixed the handoff extension example to use the replacement-session context after creating a new session, avoiding stale ctx errors when it installs the generated prompt (#3606)
  • Fixed session replacement and /quit teardown ordering to run host-owned extension UI cleanup synchronously after session_shutdown handlers complete but before invalidating the old extension context, preventing stale extension UI from rendering against a disposed session (#3597 by @​vegarsti)
  • Fixed crash on /quit when an extension registers a custom footer whose render() accesses ctx, by tearing down extension-provided UI before invalidating the extension runner during shutdown (#3595)
  • Fixed auto-retry to treat Bedrock/Smithy HTTP/2 transport failures like http2 request did not get a response as transient errors, so the agent retries automatically instead of waiting for a manual nudge (#3594)
  • Fixed the CLI/SDK tool-selection split so --no-builtin-tools and createAgentSession({ noTools: "builtin" }) disable only built-in default tools while keeping extension/custom tools enabled, instead of falling through to the same "disable everything" path as --no-tools (#3592)
  • Fixed remaining hardcoded pi / .pi branding to route through APP_NAME and CONFIG_DIR_NAME extension points, so SDK rebrands get consistent naming in /quit description, process.title, and the project-local extensions directory (#3583 by @​jlaneve)
  • Fixed pi-coding-agent shipping uuid@11, which triggered npm audit moderate vulnerability reports for downstream installs; the package now depends on uuid@14 (#3577)
  • Fixed openai-completions streamed tool-call assembly to coalesce deltas by stable tool index when OpenAI-compatible gateways mutate tool call IDs mid-stream, preventing malformed Kimi K2.6/OpenCode tool streams from splitting one call into multiple bogus tool calls (#3576)
  • Fixed ctx.ui.setWorkingMessage() to persist across loader recreation, matching the behavior of ctx.ui.setWorkingIndicator() (#3566)
  • Fixed coding-agent fs.watch error handling for theme and git-footer watchers to retry after transient watcher failures such as EMFILE, avoiding startup crashes in large repos (#3564)
  • Fixed built-in kimi-coding model generation to attach the expected User-Agent header so direct Kimi Coding requests use the provider's expected client identity (#3586)
  • Fixed extension shortcut conflict diagnostics to display at startup instead of only on reload, so extension authors discover reserved keybinding conflicts immediately rather than discovering them later through user feedback (#3617)
  • Fixed models.json Anthropic-compatible provider configuration to accept compat.supportsEagerToolInputStreaming, allowing proxies that reject per-tool eager_input_streaming to use the legacy fine-grained tool streaming beta header instead (#3575)
  • Fixed startup banner extension labels to strip trailing index.js/index.ts suffixes (#3596 by @​aliou)

... (truncated)

Changelog

Sourced from @​mariozechner/pi-coding-agent's changelog.

[0.70.0] - 2026-04-23

New Features

Breaking Changes

  • Disabled OSC 9;4 terminal progress indicators by default. Set terminal.showTerminalProgress to true in /settings to re-enable (#3588)

Added

  • Added searchable auth provider login flow with fuzzy filtering in the provider selector (#3572 by @​mitsuhiko)
  • Added GPT-5.5 Codex model
  • Added auth source labels in /login so provider entries can show when auth comes from --api-key, an environment variable, or custom provider fallback without exposing secrets.

Changed

  • Updated default model selection across providers to current recommended models.
  • Improved stale extension context errors after session replacement or reload to tell extension authors to avoid captured pi/command ctx and use withSession for post-replacement work.

Fixed

  • Fixed /model selector cancellation to request render instead of incorrectly triggering login selector.
  • Changed login, OAuth, and extension selectors for more consistent styling.
  • Added Amazon Bedrock setup guidance to /login and updated /model copy to refer to configured providers instead of only API keys.
  • Improved no-model and missing-auth warnings to point users to /login for OAuth or API key setup.
  • Fixed /quit shutdown ordering to stop the TUI before extension UI teardown can repaint, preserving the final rendered frame while still emitting session_shutdown before process exit.
  • Fixed SettingsManager.inMemory() initial settings being lost after reloads triggered by SDK resource loading (#3616)
  • Fixed models.json provider compatibility to accept compat.supportsLongCacheRetention, allowing proxies to opt out of long-retention cache fields when needed while long retention is enabled by default when requested (#3543)
  • Fixed --thinking xhigh for openai-codex gpt-5.5 so it is no longer downgraded to high.
  • Fixed git package installs with custom npmCommand values such as pnpm by avoiding npm-specific production flags in that compatibility path (#3604)
  • Fixed first user messages rendering without spacing after existing notices such as compaction summaries or status messages (#3613)
  • Fixed the handoff extension example to use the replacement-session context after creating a new session, avoiding stale ctx errors when it installs the generated prompt (#3606)
  • Fixed session replacement and /quit teardown ordering to run host-owned extension UI cleanup synchronously after session_shutdown handlers complete but before invalidating the old extension context, preventing stale extension UI from rendering against a disposed session (#3597 by @​vegarsti)
  • Fixed crash on /quit when an extension registers a custom footer whose render() accesses ctx, by tearing down extension-provided UI before invalidating the extension runner during shutdown (#3595)
  • Fixed auto-retry to treat Bedrock/Smithy HTTP/2 transport failures like http2 request did not get a response as transient errors, so the agent retries automatically instead of waiting for a manual nudge (#3594)
  • Fixed the CLI/SDK tool-selection split so --no-builtin-tools and createAgentSession({ noTools: "builtin" }) disable only built-in default tools while keeping extension/custom tools enabled, instead of falling through to the same "disable everything" path as --no-tools (#3592)
  • Fixed remaining hardcoded pi / .pi branding to route through APP_NAME and CONFIG_DIR_NAME extension points, so SDK rebrands get consistent naming in /quit description, process.title, and the project-local extensions directory (#3583 by @​jlaneve)
  • Fixed pi-coding-agent shipping uuid@11, which triggered npm audit moderate vulnerability reports for downstream installs; the package now depends on uuid@14 (#3577)
  • Fixed openai-completions streamed tool-call assembly to coalesce deltas by stable tool index when OpenAI-compatible gateways mutate tool call IDs mid-stream, preventing malformed Kimi K2.6/OpenCode tool streams from splitting one call into multiple bogus tool calls (#3576)
  • Fixed ctx.ui.setWorkingMessage() to persist across loader recreation, matching the behavior of ctx.ui.setWorkingIndicator() (#3566)
  • Fixed coding-agent fs.watch error handling for theme and git-footer watchers to retry after transient watcher failures such as EMFILE, avoiding startup crashes in large repos (#3564)
  • Fixed built-in kimi-coding model generation to attach the expected User-Agent header so direct Kimi Coding requests use the provider's expected client identity (#3586)
  • Fixed extension shortcut conflict diagnostics to display at startup instead of only on reload, so extension authors discover reserved keybinding conflicts immediately rather than discovering them later through user feedback (#3617)
  • Fixed models.json Anthropic-compatible provider configuration to accept compat.supportsEagerToolInputStreaming, allowing proxies that reject per-tool eager_input_streaming to use the legacy fine-grained tool streaming beta header instead (#3575)
  • Fixed startup banner extension labels to strip trailing index.js/index.ts suffixes (#3596 by @​aliou)

... (truncated)

Commits
  • 612be54 Release v0.70.0
  • 55fbd9b chore(coding-agent): audit and update changelog entries since v0.69.0
  • f2f0361 fix(coding-agent): update provider auth guidance and defaults
  • bffb760 fix(coding-agent): improve auth setup warnings
  • 27c05b7 feat(ui): Lower /scoped-models height to same as /models
  • d4d3c2f feat(login): More consistent styling
  • 40edf7e fix: /model cancellation
  • d7fb9aa docs(coding-agent): audit unreleased changelog
  • 6bb4a55 fix(coding-agent): preserve final TUI frame on quit
  • 86ba08a fix(coding-agent): preserve in-memory settings on reload
  • Additional commits viewable in compare view

Updates @semantic-release/github from 11.0.6 to 12.0.6

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.6

12.0.6 (2026-02-12)

Bug Fixes

  • latest: add make_latest property to the GH release PATCH request during publish (#1169) (f516337)

v12.0.5

12.0.5 (2026-02-07)

Bug Fixes

  • latest: add make_latest property to the GH release POST request during publish (#1157) (38051ba)

v12.0.4

12.0.4 (2026-02-06)

Bug Fixes

  • remove failTitle arg in findSRIssues call (#1164) (f7bdd88)

v12.0.3

12.0.3 (2026-01-30)

Bug Fixes

  • extend GraphQL alias prefix to prevent hash collisions (#1134) (ea6386d)

v12.0.2

12.0.2 (2025-11-08)

Bug Fixes

  • add undici ProxyAgent support for GitHub Enterprise Server behind proxies (#1104) (15def77)

v12.0.1

12.0.1 (2025-10-31)

Bug Fixes

  • deps: update dependency @​octokit/plugin-paginate-rest to v14 (#1112) (8df8d4a)

v12.0.0

12.0.0 (2025-10-15)

... (truncated)

Commits
  • f516337 fix(latest): add make_latest property to the GH release PATCH request during ...
  • f367e3a chore(deps): lock file maintenance (#1168)
  • 5ba629b chore(deps): update dependency cpy to v13.2.0 (#1167)
  • dfc7aa0 chore(deps): update npm to v11.9.0 (#1166)
  • ed2b0bd chore(deps): update dependency cpy to v13.1.0 (#1165)
  • 38051ba fix(latest): add make_latest property to the GH release POST request during...
  • be62f5e chore(deps): update dependency cpy to v13 (#1161)
  • f7bdd88 fix: remove failTitle arg in findSRIssues call (#1164)
  • fce4835 chore(deps): update dependency tempy to v3.2.0 (#1162)
  • e044f74 chore(deps): update dependency semantic-release to v25.0.3 (#1159)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/github since your current version.


Updates vitest from 3.2.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

... (truncated)

Commits
  • e399846 chore: release v4.1.5
  • 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
  • 9787ded fix: respect diff config options in soft assertions (#8696)
  • 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
  • 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
  • 663b99f fix: alias agent reporter to minimal (#10157)
  • 122c25b fix: fix vi.defineHelper called as object method (#10163)
  • 6abd557 feat(api): make test-specification options writable (#10154)
  • 596f739 fix: project color label on html reporter (#10142)
  • 9423dc0 fix: --project negation excludes browser instances (#10131)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the dev-dependencies group with 3 updates
f60ab67 
Bumps the dev-dependencies group with 3 updates: [@mariozechner/pi-coding-agent](https://github.com/badlogic/pi-mono/tree/HEAD/packages/coding-agent), [@semantic-release/github](https://github.com/semantic-release/github) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@mariozechner/pi-coding-agent` from 0.68.1 to 0.70.0
- [Release notes](https://github.com/badlogic/pi-mono/releases)
- [Changelog](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/CHANGELOG.md)
- [Commits](https://github.com/badlogic/pi-mono/commits/v0.70.0/packages/coding-agent)

Updates `@semantic-release/github` from 11.0.6 to 12.0.6
- [Release notes](https://github.com/semantic-release/github/releases)
- [Commits](semantic-release/github@v11.0.6...v12.0.6)

Updates `vitest` from 3.2.4 to 4.1.5
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest)

---
updated-dependencies:
- dependency-name: "@mariozechner/pi-coding-agent"
  dependency-version: 0.70.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@semantic-release/github"
  dependency-version: 12.0.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants