Build(deps): Bump the all-minor-patch group across 1 directory with 8 updates

[dependabot]

Bumps the all-minor-patch group with 7 updates in the / directory:

Package	From	To
@actions/core	3.0.0	3.0.1
@actions/github	9.1.0	9.1.1
@github/copilot	1.0.32	1.0.44
@vitest/coverage-v8	4.1.4	4.1.5
eslint	10.2.0	10.3.0
lefthook	2.1.5	2.1.6
prettier	3.8.2	3.8.3

Updates @actions/core from 3.0.0 to 3.0.1

Changelog

Sourced from @​actions/core's changelog.

3.0.1

• Bump undici from 6.23.0 to 6.24.1 #2348

Commits

• See full diff in compare view

Updates @actions/github from 9.1.0 to 9.1.1

Changelog

Sourced from @​actions/github's changelog.

9.1.1

• Bump undici from 6.23.0 to 6.24.0 #2346

Commits

• See full diff in compare view

Updates @github/copilot from 1.0.32 to 1.0.44

Release notes

Sourced from @​github/copilot's releases.

1.0.44

2026-05-08

• Path completion in /add-dir no longer flickers or gets intercepted by @ and # pickers
• Slash commands can now appear mid-input, and multiple skills can be invoked in a single message
• userPromptSubmitted hooks can now handle requests directly, bypassing the LLM and returning a response without making a model call
• Faster /user list and /user switch for multi-account users
• Add optional prerelease argument to copilot update and /update to fetch the latest prerelease build
• Shell commands via ! prefix work correctly with all shell configurations
• Shell aliases and rc file settings now work in ! commands
• Quota display correctly shows remaining usage for Free users instead of always showing 100% used
• Tool permissions granted in autopilot mode are preserved after /clear
• Effort level applies correctly when switching models via the /model picker
• Pressing Ctrl+C while a permission prompt is pending no longer causes the CLI to hang
• Project info remains visible in slash command picker when no results match
• Invalid URL entries in settings.json no longer crash CLI startup and are skipped with a warning
• Timeline shows the resolved model for rubber-duck sub-agents (e.g. Rubber-duck(claude-opus-4.7))

1.0.44-3

Added

• userPromptSubmitted hooks can now handle requests directly, bypassing the LLM and returning a response without making a model call

Improved

• Faster /user list and /user switch for multi-account users

1.0.44-2

Added

• Add optional prerelease argument to copilot update and /update to fetch the latest prerelease build

Fixed

• Shell commands via ! prefix work correctly with all shell configurations

1.0.44-1

Improved

• Shell aliases and rc file settings now work in ! commands

1.0.44-0

Improved

• Timeline shows the resolved model for rubber-duck sub-agents (e.g. Rubber-duck(claude-opus-4.7))

Fixed

• Quota display correctly shows remaining usage for Free users instead of always showing 100% used
• Tool permissions granted in autopilot mode are preserved after /clear
• Effort level applies correctly when switching models via the /model picker
• Pressing Ctrl+C while a permission prompt is pending no longer causes the CLI to hang
• Project info remains visible in slash command picker when no results match
• Invalid URL entries in settings.json no longer crash CLI startup and are skipped with a warning

1.0.43

2026-05-06

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.44 - 2026-05-08

• Path completion in /add-dir no longer flickers or gets intercepted by @ and # pickers
• Slash commands can now appear mid-input, and multiple skills can be invoked in a single message
• userPromptSubmitted hooks can now handle requests directly, bypassing the LLM and returning a response without making a model call
• Faster /user list and /user switch for multi-account users
• Add optional prerelease argument to copilot update and /update to fetch the latest prerelease build
• Shell commands via ! prefix work correctly with all shell configurations
• Shell aliases and rc file settings now work in ! commands
• Quota display correctly shows remaining usage for Free users instead of always showing 100% used
• Tool permissions granted in autopilot mode are preserved after /clear
• Effort level applies correctly when switching models via the /model picker
• Pressing Ctrl+C while a permission prompt is pending no longer causes the CLI to hang
• Project info remains visible in slash command picker when no results match
• Invalid URL entries in settings.json no longer crash CLI startup and are skipped with a warning
• Timeline shows the resolved model for rubber-duck sub-agents (e.g. Rubber-duck(claude-opus-4.7))

1.0.43 - 2026-05-06

• Add username toggle to /statusline picker to display the active account in the footer
• Auto mode uses server-side model routing for improved real-time model selection
• Resume prompt shows correct session name when multiple sessions are active
• Protect against RCE from malicious bare repositories nested inside a project
• MCP server child processes (e.g. started via npx or uvx) are now fully terminated when a session ends
• Show download progress when running the update command

1.0.42 - 2026-05-06

• MCP server failure warning now suggests a directly runnable /mcp show command when the server name contains whitespace
• MCP server failure warnings include stderr output to help diagnose connection errors
• Add -C flag to change working directory before starting, similar to git -C
• Exit message resume command shows session ID instead of auto-generated name when session has not been renamed
• Remote session export now supports non-GitHub repositories and repo-less directories
• Resuming a session no longer shows a false "session in use" warning after choosing "Go back"
• Enter key no longer gets permanently stuck after cancelling a request
• Suppress the exit summary when the session has no user messages and no saved session to resume
• CLI updates on Windows no longer fail with ENOENT when a transient EPERM occurs during package extraction
• Add rubber-duck agent for GPT sessions, powered by Claude (available in /experimental)

1.0.41 - 2026-05-05

• CLI starts faster by rendering the UI immediately while authentication resolves in the background
• Shell completions (bash, zsh, fish) are automatically installed on first run and updated after copilot update
• Tab-completing slash commands that accept arguments now adds a trailing space automatically
• Package extraction no longer crashes on Windows when antivirus or filesystem locks cause transient EPERM errors
• Remote session connection errors show your logged-in account and tailored remediation steps
• Markdown formatting renders in ask user prompt questions
• Add experimental MCP Tasks support: MCP tools with taskSupport: "required" run as non-blocking background agents trackable via list_agents and read_agent (available when experimental mode is enabled, e.g. via /experimental on or the --experimental flag)
• Extensions now load in prompt mode (-p). User extensions load by default; project extensions alnd management tools require GITHUB_COPILOT_PROMPT_MODE_EXTENSIONS=true.
• Assistant responses no longer contain spurious system notification XML tags

... (truncated)

Commits

• bee20d0 Update changelog.md for version 1.0.43
• 5ab6de6 Update changelog.md for version 1.0.42
• ac346d1 Update changelog.md for version 1.0.41
• cc85e32 Update changelog.md for version 1.0.40
• cb0ddf8 Update changelog.md for version 1.0.39
• 4e5cb95 Update changelog.md for version 1.0.37
• 6d1c577 Update changelog.md for version 1.0.36
• d7a0581 Update changelog.md for version 1.0.35
• 6594437 Update changelog.md for version 1.0.34
• 75fbe0c Update changelog.md for version 1.0.33
• Additional commits viewable in compare view

Updates @vitest/coverage-v8 from 4.1.4 to 4.1.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• e399846 chore: release v4.1.5
• See full diff in compare view

Updates eslint from 10.2.0 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
• 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
• 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
• 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
• 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
• f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
• a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
• 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
• b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
• 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)

v10.2.1

Bug Fixes

• 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
• 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
• af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
• e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
• 1418d52 docs: Update README (GitHub Actions Bot)
• 39771e6 docs: Update README (GitHub Actions Bot)
• 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
• 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
• 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])

... (truncated)

Commits

• 7889204 10.3.0
• 5b69b4f Build: changelog update for 10.3.0
• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
• b6ae5cf fix: handle unavailable require cache (#20812)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
• 379571a feat: add suggestions for no-unused-private-class-members (#20773)
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
• Additional commits viewable in compare view

Updates lefthook from 2.1.5 to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

• bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
• 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
• de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
• eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
• f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)

Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

• fix: normalize lefthook path for sh script (#1383) by @​AndrewKahr
• fix: normalize root to always include trailing slash before path replacement (#1381) by @​Copilot
• fix: skip pty allocation when stdout is not a terminal (#1393) by @​technicalpickles
• docs: upgrade docmd (#1391) by @​mrexox
• fix: log full scoped name for skipped jobs (#1291) by @​scop
• fix: do not pipe stdout and stderr (#1382) by @​mrexox

Commits

• 679ce27 2.1.6: fixes for Windows and AI tools execution
• 04da006 fix(windows): normalize lefthook path for sh script (#1383)
• eb3e70d fix: normalize root to always include trailing slash before path replacemen...
• f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
• 1481e9d docs: upgrade docmd (#1391)
• de9597a fix: log full scoped name for skipped jobs (#1291)
• bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
• See full diff in compare view

Updates prettier from 3.8.2 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• See full diff in compare view

Updates vitest from 4.1.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
• 663b99f fix: alias agent reporter to minimal (#10157)
• 122c25b fix: fix vi.defineHelper called as object method (#10163)
• 6abd557 feat(api): make test-specification options writable (#10154)
• 596f739 fix: project color label on html reporter (#10142)
• 9423dc0 fix: --project negation excludes browser instances (#10131)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud