Skip to content

chore(deps): Bump the production-dependencies group with 2 updates#392

Merged
sjnims merged 2 commits intomainfrom
dependabot/npm_and_yarn/production-dependencies-beea5711a7
Feb 18, 2026
Merged

chore(deps): Bump the production-dependencies group with 2 updates#392
sjnims merged 2 commits intomainfrom
dependabot/npm_and_yarn/production-dependencies-beea5711a7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026

Bumps the production-dependencies group with 2 updates: dotenv and glob.

Updates dotenv from 17.2.4 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.
Commits

Updates glob from 13.0.1 to 13.0.3

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the production-dependencies group with 2 updates
964f851 
Bumps the production-dependencies group with 2 updates: [dotenv](https://github.com/motdotla/dotenv) and [glob](https://github.com/isaacs/node-glob).


Updates `dotenv` from 17.2.4 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.4...v17.3.1)

Updates `glob` from 13.0.1 to 13.0.3
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v13.0.1...v13.0.3)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: glob
  dependency-version: 13.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from sjnims as a code owner February 16, 2026 15:17
@dependabot dependabot bot added dependencies Pull requests that update a dependency file npm Pull requests that update npm dependencies labels Feb 16, 2026
@claude claude bot added chore Maintenance tasks (dependencies, CI, tooling) effort:small < 1 hour labels Feb 18, 2026
@claude
Copy link
Contributor

claude bot commented Feb 18, 2026
edited
Loading

Claude finished @sjnims's task in 45s —— View job

Review Summary

  • Run quality checks (typecheck, lint, format, knip)
  • Review the diff
  • Post summary

Verdict: ✅ Looks good

Quality Checks:

Check Result
npm run typecheck ✅ Pass
npm run lint ✅ Pass
npm run format:check ✅ Pass
npm run knip ✅ Pass

What's Good:

  • Both bumps are minor/patch versions with no breaking changes
  • dotenv 17.2.4 → 17.3.1: README-only changes, no functional code changes
  • glob 13.0.1 → 13.0.3: Internal dependency updates (minimatch 10.1.2 → 10.2.0, ships minified by default) — no API changes
  • All quality checks pass cleanly
  • Lock file is consistent with package.json specifiers

Suggestions: None — this is a clean dependency bump with no concerns.

@sjnims sjnims merged commit 54d6015 into main Feb 18, 2026
13 checks passed
@sjnims sjnims deleted the dependabot/npm_and_yarn/production-dependencies-beea5711a7 branch February 18, 2026 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sjnims sjnims sjnims approved these changes

Assignees

@sjnims sjnims

Labels

chore Maintenance tasks (dependencies, CI, tooling) dependencies Pull requests that update a dependency file effort:small < 1 hour npm Pull requests that update npm dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sjnims

Comments