Skip to content

chore(deps): bump commander from 13.1.0 to 14.0.3#538

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/commander-14.0.3
Open

chore(deps): bump commander from 13.1.0 to 14.0.3#538
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/commander-14.0.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 10, 2026
edited by cursor bot
Loading

Bumps commander from 13.1.0 to 14.0.3.

Release notes

Sourced from commander's releases.

v14.0.3

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)
  • simple readability improvements to README (#2465)

v14.0.2

Changed

  • improve negative number auto-detection test (#2428)
  • update (dev) dependencies

v14.0.1

Fixed

  • broken markdown link in README (#2369)

Changed

  • improve code readability by using optional chaining (#2394)
  • use more idiomatic code with object spread instead of Object.assign() (#2395)
  • improve code readability using string.endsWith() instead of string.slice() (#2396)
  • refactor .parseOptions() to process args array in-place (#2409)
  • change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
  • update (dev) dependencies

v14.0.0

Added

  • support for groups of options and commands in the help using low-level .helpGroup() on Option and Command, and higher -level .optionsGroup() and .commandsGroup() which can be used in chaining way to specify group title for following option s/commands (#2328)
  • support for unescaped negative numbers as option-arguments and command-arguments (#2339)
  • TypeScript: add parseArg property to Argument class (#2359)

Fixed

  • remove bogus leading space in help when option has default value but not a description (#2348)
  • .configureOutput() now makes copy of settings instead of modifying in-place, fixing side-effects (#2350)

Changed

  • Breaking: Commander 14 requires Node.js v20 or higher
  • internal refactor of Help class adding .formatItemList() and .groupItems() methods (#2328)
Changelog

Sourced from commander's changelog.

[14.0.3] (2026-01-31)

Added

  • Release Policy document (#2462)

Changes

  • old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)
  • clarify typing for deprecated callback parameter to .outputHelp() (#2427)
  • simple readability improvements to README (#2465)

[14.0.2] (2025-10-25)

Changed

  • improve negative number auto-detection test (#2428)
  • update (dev) dependencies

[14.0.1] (2025-09-12)

Fixed

  • broken markdown link in README (#2369)

Changed

  • improve code readability by using optional chaining (#2394)
  • use more idiomatic code with object spread instead of Object.assign() (#2395)
  • improve code readability using string.endsWith() instead of string.slice() (#2396)
  • refactor .parseOptions() to process args array in-place (#2409)
  • change private variadic support routines from ._concatValue() to ._collectValue() (change code from array.concat() to array.push()) (#2410)
  • update (dev) dependencies

[14.0.0] (2025-05-18)

Added

  • support for groups of options and commands in the help using low-level .helpGroup() on Option and Command, and higher-level .optionsGroup() and .commandsGroup() which can be used in chaining way to specify group title for following options/commands (#2328)
  • support for unescaped negative numbers as option-arguments and command-arguments (#2339)
  • TypeScript: add parseArg property to Argument class (#2359)

Fixed

  • remove bogus leading space in help when option has default value but not a description (#2348)
  • .configureOutput() now makes copy of settings instead of modifying in-place, fixing side-effects (#2350)

Changed

  • Breaking: Commander 14 requires Node.js v20 or higher

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Medium Risk
Dependency major-version bump for a core CLI parsing library; could introduce breaking behavior or runtime incompatibility if any environments still run Node <20.

Overview
Updates the CLI dependency commander from 13.1.0 to 14.0.3 in package.json and package-lock.json.

This also updates the lockfile metadata for commander, including its engine requirement change to Node >=20.

Written by Cursor Bugbot for commit 4b8b59f. This will update automatically on new commits. Configure here.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 10, 2026
@socket-security
Copy link

socket-security bot commented Feb 10, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcommander@​13.1.0 ⏵ 14.0.398 -1100100 +188100

View full report

@github-actions
Copy link

github-actions bot commented Feb 10, 2026
edited
Loading

🐳 Hadolint Dockerfile Lint Results

Click to expand detailed results 
Dockerfile:17 DL3016 warning: Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`

@dependabot
chore(deps): bump commander from 13.1.0 to 14.0.3
4b8b59f 
Bumps [commander](https://github.com/tj/commander.js) from 13.1.0 to 14.0.3.
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](tj/commander.js@v13.1.0...v14.0.3)

---
updated-dependencies:
- dependency-name: commander
  dependency-version: 14.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/commander-14.0.3 branch from f68cf75 to 4b8b59f Compare February 17, 2026 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments