Skip to content

chore(deps): bump yargs from 14.2.3 to 18.0.0#553

Closed
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/npm_and_yarn/yargs-18.0.0
Closed

chore(deps): bump yargs from 14.2.3 to 18.0.0#553
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/npm_and_yarn/yargs-18.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps yargs from 14.2.3 to 18.0.0.

Release notes

Sourced from yargs's releases.

yargs yargs-v16.2.1

Bug Fixes

Changelog

Sourced from yargs's changelog.

18.0.0 (2025-05-26)

⚠ BREAKING CHANGES

  • command names are not derived from modules passed to command.
  • singleton usage of yargs yargs.foo, yargs().argv, has been removed.
  • minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
  • yargs is now ESM first

Features

Bug Fixes

  • addDirectory do not support absolute command dir (#2465) (3a40a78)
  • allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
  • browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
  • build: address problems with typescript compilation (#2445) (8d72fb3)
  • coerce should play well with parser configuration (#2308) (8343c66)
  • deps: update dependency yargs-parser to v22 (#2470) (639130d)
  • exit after async handler done (#2313) (e326cde)
  • handle spaces in bash completion (#2452) (83b7788)
  • parser-configuration should work well with generated completion script (#2332) (888db19)
  • propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
  • zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

Code Refactoring

  • command names are not derived from modules passed to command. (d90af45)
  • singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

Build System

  • minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)

17.7.2 (2023-04-27)

Bug Fixes

  • do not crash completion when having negated options (#2322) (7f42848)

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 18, 2026 05:09
@dependabot dependabot bot added the javascript Pull requests that update javascript code label Mar 18, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 18, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedyargs@​14.2.3 ⏵ 18.0.099 +210010087100

View full report

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/yargs-18.0.0 branch 6 times, most recently from 25dd7fb to 8777ee1 Compare March 24, 2026 12:35
@dependabot
chore(deps): bump yargs from 14.2.3 to 18.0.0
7a31cf0 
Bumps [yargs](https://github.com/yargs/yargs) from 14.2.3 to 18.0.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/commits/v18.0.0)

---
updated-dependencies:
- dependency-name: yargs
  dependency-version: 18.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/yargs-18.0.0 branch from 8777ee1 to 7a31cf0 Compare March 26, 2026 07:35
@axis-d0op axis-d0op closed this Mar 26, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 26, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/yargs-18.0.0 branch March 26, 2026 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@axis-d0op