chore(deps): bump the minor-production-deps group across 1 directory with 9 updates

[dependabot]

Bumps the minor-production-deps group with 8 updates in the / directory:

Package	From	To
@oclif/core	4.8.0	4.10.2
@oclif/plugin-autocomplete	3.2.40	3.2.42
@oclif/plugin-help	6.2.37	6.2.40
@oclif/plugin-plugins	5.4.55	5.4.59
@oclif/plugin-warn-if-update-available	3.1.55	3.1.57
ora	9.1.0	9.3.0
simple-git	3.30.0	3.33.0
slugify	1.6.6	1.6.8

Updates @oclif/core from 4.8.0 to 4.10.2

Release notes

Sourced from @​oclif/core's releases.

4.10.2

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (64f4b92)

4.10.1

Bug Fixes

• refresh yarn.lock (745f56e)

4.10.0

Bug Fixes

• include multiple property in cached arg metadata (32b4bb7)
• provide clearer messages on invalid variadic args (454ae3d)

Features

• add ArgDefinition overloads for variadic arg return types (6fea593)
• add definition-time validation for variadic arg constraints (20d2543)
• add multiple property to ArgProps interface (fb76263)
• allow array of default values for varargs (da42b29)
• implement variadic arg parsing with shift/pop algorithm (eba40b5)
• show ... suffix for variadic args in help text (fc53652)

4.9.0

Features

• warn on hidden, deprecated aliases (af47f67)

4.8.4

Bug Fixes

• --flags-dir works on 3rd party plugins @​W-21178947@ (8bd57c0)

4.8.3

Bug Fixes

• expanded process title checks for windows shell identification @​W-21239801@ (d2c1913)

4.8.2

Bug Fixes

• deps: bump minimatch from 10.2.1 to 10.2.4 (d1d9831)

4.8.1

Bug Fixes

• deps: bump minimatch from 9.0.5 to 10.2.1 (2815e37)

Changelog

Sourced from @​oclif/core's changelog.

4.10.2 (2026-03-21)

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (64f4b92)

4.10.1 (2026-03-20)

Bug Fixes

• refresh yarn.lock (745f56e)

4.10.0 (2026-03-19)

Bug Fixes

• include multiple property in cached arg metadata (32b4bb7)
• provide clearer messages on invalid variadic args (454ae3d)

Features

• add ArgDefinition overloads for variadic arg return types (6fea593)
• add definition-time validation for variadic arg constraints (20d2543)
• add multiple property to ArgProps interface (fb76263)
• allow array of default values for varargs (da42b29)
• implement variadic arg parsing with shift/pop algorithm (eba40b5)
• show ... suffix for variadic args in help text (fc53652)

4.9.0 (2026-03-12)

Features

• warn on hidden, deprecated aliases (af47f67)

4.8.4 (2026-03-09)

... (truncated)

Commits

• 2a0dc8b chore(release): 4.10.2 [skip ci]
• e78f752 Merge pull request #1560 from oclif/dependabot-npm_and_yarn-flatted-3.4.2
• 64f4b92 fix(deps): bump flatted from 3.3.2 to 3.4.2
• 958a98f chore(release): 4.10.1 [skip ci]
• 9aac3dc Merge pull request #1559 from oclif/ew/deps
• 745f56e fix: refresh yarn.lock
• a5facdb chore(release): 4.10.0 [skip ci]
• 4c6b3d7 Merge pull request #1554 from rexxars/feat/native-variadic-args
• da42b29 feat: allow array of default values for varargs
• 454ae3d fix: provide clearer messages on invalid variadic args
• Additional commits viewable in compare view

Updates @oclif/plugin-autocomplete from 3.2.40 to 3.2.42

Release notes

Sourced from @​oclif/plugin-autocomplete's releases.

3.2.42

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#1118) (fd847d4)

3.2.41

Bug Fixes

• deps: bump @​oclif/core from 4.8.0 to 4.9.0 (#1117) (ea110a4)

Changelog

Sourced from @​oclif/plugin-autocomplete's changelog.

3.2.42 (2026-03-21)

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#1118) (fd847d4)

3.2.41 (2026-03-15)

Bug Fixes

• deps: bump @​oclif/core from 4.8.0 to 4.9.0 (#1117) (ea110a4)

Commits

• 85caeba chore(release): 3.2.42 [skip ci]
• fd847d4 fix(deps): bump flatted from 3.3.2 to 3.4.2 (#1118)
• 2fb1dae chore(dev-deps): bump eslint from 9.39.3 to 9.39.4 (#1113)
• e109c54 chore(dev-deps): bump @​oclif/plugin-help from 6.2.37 to 6.2.38 (#1114)
• 50f6ec9 chore(dev-deps): bump oclif from 4.22.79 to 4.22.87 (#1115)
• c7e92fd chore(dev-deps): bump eslint-config-oclif from 6.0.140 to 6.0.148 (#1116)
• e9560d9 chore(release): 3.2.41 [skip ci]
• ea110a4 fix(deps): bump @​oclif/core from 4.8.0 to 4.9.0 (#1117)
• c73b332 Merge pull request #1106 from oclif/ew/slack-webhook-secret
• 0e0fa1c chore: pass slack webhook secret [skip ci]
• Additional commits viewable in compare view

Updates @oclif/plugin-help from 6.2.37 to 6.2.40

Release notes

Sourced from @​oclif/plugin-help's releases.

6.2.40

Bug Fixes

• deps: bump @​oclif/core from 4.9.0 to 4.10.2 (#1107) (4e38fa6)

6.2.39

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#1104) (30584d8)

6.2.38

Bug Fixes

• deps: bump @​oclif/core from 4.8.3 to 4.9.0 (#1103) (6ed1cff)

Changelog

Sourced from @​oclif/plugin-help's changelog.

6.2.40 (2026-03-22)

Bug Fixes

• deps: bump @​oclif/core from 4.9.0 to 4.10.2 (#1107) (4e38fa6)

6.2.39 (2026-03-21)

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#1104) (30584d8)

6.2.38 (2026-03-14)

Bug Fixes

• deps: bump @​oclif/core from 4.8.3 to 4.9.0 (#1103) (6ed1cff)

Commits

• a1b6141 chore(release): 6.2.40 [skip ci]
• 4e38fa6 fix(deps): bump @​oclif/core from 4.9.0 to 4.10.2 (#1107)
• 4f3ebe3 chore(dev-deps): bump eslint-config-oclif from 6.0.149 to 6.0.151 (#1108)
• d9836c9 chore(release): 6.2.39 [skip ci]
• 30584d8 fix(deps): bump flatted from 3.3.2 to 3.4.2 (#1104)
• 1ea3229 chore(dev-deps): bump eslint-config-oclif from 6.0.146 to 6.0.148 (#1101)
• aea5156 chore(dev-deps): bump oclif from 4.22.85 to 4.22.87 (#1102)
• c3173fb chore(release): 6.2.38 [skip ci]
• 6ed1cff fix(deps): bump @​oclif/core from 4.8.3 to 4.9.0 (#1103)
• 455f1f7 chore(dev-deps): bump eslint from 9.39.3 to 9.39.4 (#1100)
• Additional commits viewable in compare view

Updates @oclif/plugin-plugins from 5.4.55 to 5.4.59

Release notes

Sourced from @​oclif/plugin-plugins's releases.

5.4.59

Bug Fixes

• bump npm (d19c81c)

5.4.58

Bug Fixes

• add validation check for JIT plugin versions (d1139dd)

5.4.57

Bug Fixes

• corrected stubbing errors in tests @​W-21178947@ (28ac927)

5.4.56

Bug Fixes

• deps: bump semver from 7.7.3 to 7.7.4 (#1280) (5173591)

Changelog

Sourced from @​oclif/plugin-plugins's changelog.

5.4.59 (2026-03-19)

Bug Fixes

• bump npm (d19c81c)

5.4.58 (2026-03-06)

Bug Fixes

• add validation check for JIT plugin versions (d1139dd)

5.4.57 (2026-03-04)

Bug Fixes

• corrected stubbing errors in tests @​W-21178947@ (28ac927)

5.4.56 (2026-02-07)

Bug Fixes

• deps: bump semver from 7.7.3 to 7.7.4 (#1280) (5173591)

Commits

• 651f8a4 chore(release): 5.4.59 [skip ci]
• 8994a23 fix: Merge pull request #1291 from oclif/ew/bump-npm
• d19c81c fix: bump npm
• 777d4f1 chore(release): 5.4.58 [skip ci]
• 6ea42ab Merge pull request #1287 from bailey-coding/patch-1
• ac5bee6 Merge pull request #1290 from oclif/mm/fix/repository-prefix-devcenter-links
• 02a0cae adding repositoryPrefix so CLI command doc links point to this plugin’s repo ...
• d1139dd fix: add validation check for JIT plugin versions
• df1243b chore(release): 5.4.57 [skip ci]
• e4e52c5 Merge pull request #1288 from oclif/d/W-21178947
• Additional commits viewable in compare view

Updates @oclif/plugin-warn-if-update-available from 3.1.55 to 3.1.57

Release notes

Sourced from @​oclif/plugin-warn-if-update-available's releases.

3.1.57

Bug Fixes

• deps: bump @​oclif/core from 4.8.0 to 4.8.3 (#997) (97832af)

3.1.56

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#999) (797298d)

Changelog

Sourced from @​oclif/plugin-warn-if-update-available's changelog.

3.1.57 (2026-03-21)

Bug Fixes

• deps: bump @​oclif/core from 4.8.0 to 4.8.3 (#997) (97832af)

3.1.56 (2026-03-21)

Bug Fixes

• deps: bump flatted from 3.3.2 to 3.4.2 (#999) (797298d)

Commits

• 9207dbf chore(release): 3.1.57 [skip ci]
• 97832af fix(deps): bump @​oclif/core from 4.8.0 to 4.8.3 (#997)
• 45abc14 chore(dev-deps): bump eslint-config-oclif from 6.0.142 to 6.0.146 (#998)
• 01f729b chore(release): 3.1.56 [skip ci]
• 797298d fix(deps): bump flatted from 3.3.2 to 3.4.2 (#999)
• 246b887 Merge pull request #990 from oclif/ew/slack-webhook-secret
• cbc5280 chore: pass slack webhook secret [skip ci]
• 405bb97 chore(dev-deps): bump eslint-config-oclif from 6.0.137 to 6.0.140 (#987)
• 92e9435 chore(dev-deps): bump eslint from 9.39.2 to 9.39.3 (#988)
• 1bbf6b2 chore(dev-deps): bump oclif from 4.22.77 to 4.22.79 (#989)
• Additional commits viewable in compare view

Updates ora from 9.1.0 to 9.3.0

Release notes

Sourced from ora's releases.

v9.3.0

• Reduce flicker in rendering 2ab4f76

---

sindresorhus/ora@v9.2.0...v9.3.0

v9.2.0

• Update stdin-discarder dependency (#251) 020eaba

---

sindresorhus/ora@v9.1.0...v9.2.0

Commits

• 4496362 9.3.0
• 2ab4f76 Reduce flicker in rendering
• 8d17b13 Add FAQ item
• 4cf47fc Add more tests for discardStdin
• 9763e60 Document Ctrl+C behavior for discardStdin
• 5408a1e 9.2.0
• 020eaba Update stdin-discarder dependency (#251)
• See full diff in compare view

Updates semver from 7.7.3 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 5993c2e chore: release 7.7.4 (#839)
• 120968b deps: @​npmcli/template-oss@​4.29.0 (#840)
• a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
• 1d28d5e docs: fix typos and update -n CLI option documentation (#836)
• 5816d4c chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
• ab9e28a chore: bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
• 44d7130 chore: bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
• 7073576 chore: reorder parameters in invalid-versions.js test (#820)
• 16a35f5 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
• 3a3459d chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
• See full diff in compare view

Updates simple-git from 3.30.0 to 3.33.0

Release notes

Sourced from simple-git's releases.

simple-git@3.33.0

Minor Changes

• a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

• e253a0d: Enhanced git -c checks in unsafe plugin.

  Thanks to @​JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

Changelog

Sourced from simple-git's changelog.

3.33.0

Minor Changes

• a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

• e253a0d: Enhanced git -c checks in unsafe plugin.

  Thanks to @​JohannesLks for identifying the issue

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

... (truncated)

Commits

• 8bbbabc Version Packages
• a263635 Clone API use pathspec (#1132)
• e253a0d Fix/block unsafe 2603 (#1135)
• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• 4bb2081 Version Packages
• 7ae7537 Match tokens to word boundary
• c47ad10 Lint
• 8d02097 Enhanced clone switch detection
• f6909a5 Remove test timeout override
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.

Updates slugify from 1.6.6 to 1.6.8

Changelog

Sourced from slugify's changelog.

Change Log

Commits

• fbbb8ff 1.6.8
• a71a725 patch: fix package.json
• 21b2bfc 1.6.7
• f1b83a4 fix: change declare module to namespace in slugify.d.ts (#206)
• b94fedb CI: add Node 24 (#202)
• c99c574 Add Node.js 22 to CI & update CI actions (#193)
• 4860d7e Merge pull request #188 from stscoundrel/patch-1
• 6dc0bba Run CI in Node.js 20
• daab928 Update changelog
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions