Skip to content

build(deps-dev): bump concurrently from 9.2.1 to 10.0.3#87

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/concurrently-10.0.3
Closed

build(deps-dev): bump concurrently from 9.2.1 to 10.0.3#87
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/concurrently-10.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026

Copy link
Copy Markdown
Contributor

Bumps concurrently from 9.2.1 to 10.0.3.

Release notes

Sourced from concurrently's releases.

v10.0.3

Republish of https://github.com/open-cli-tools/concurrently/releases/tag/v10.0.1 with Trusted Publishing enabled (see #595)

Full Changelog: open-cli-tools/concurrently@v10.0.2...v10.0.3

v10.0.2

Test version to restore Trusted Publishing. Not published to npm.

v10.0.1

  • Ensure FlowController type is exported - #594

Full Changelog: open-cli-tools/concurrently@v10.0.0...v10.0.1

v10.0.0

💥 Breaking Changes

  • Dropped support for Node.js <22.0.0. Older Node.js version have reached end-of-life, and certain features require new-ish JS APIs.
  • concurrently is now ESM-only. It's now possible to require(esm). See here for interoperability.
  • Prefix colors now default to automatic - #581 The colors used to default to reset (which does nothing). Concurrently now automatically selects a color, out of the box. The list of colors used is not jarring nor carries semantic meaning, and reads well in both dark and light terminal backgrounds.
  • Removed deprecated flags and options
    • CLI flag --name-separator: use commas instead.
    • API option killOthers: use killOthersOn instead.

✨ New Features

  • Support applying modifiers to hex prefix colors (e.g. #ff0000.bold) - #450
  • Support chalk's color functions in prefixes (e.g. rgb(), hex(), bgRgb(), etc) - #578
  • Set prefix background color via bg#RRGGBB - #578
  • Allow shell override via --shell CLI flag/shell API option - #288, #589, #556 concurrently distinguishes between cmd.exe, powershell, and POSIX-based shells.
  • Manual prefix coloring in templates e.g. [{color}{name}{/color}] - #583, #587

🐛 Bug fixes

  • Scope quote normalization to CLI input - #582, #585 It should now also be possible to run commands like "/some/command" foo bar"
  • Don't throw when color doesn't exist - #580

🔐 Security

Other changes

  • Warn about running on Snap - #584

New Contributors

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for concurrently since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 14, 2026
@vercel

vercel Bot commented Jun 14, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
fin-track-web Ready Ready Preview, Comment Jun 17, 2026 8:56am

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/concurrently-10.0.3 branch from a7d4b32 to 93b8a51 Compare June 17, 2026 08:53
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/concurrently-10.0.3 branch from 93b8a51 to 6933c12 Compare June 25, 2026 21:20
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 9.2.1 to 10.0.3.
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](open-cli-tools/concurrently@v9.2.1...v10.0.3)

---
updated-dependencies:
- dependency-name: concurrently
  dependency-version: 10.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/concurrently-10.0.3 branch from 6933c12 to e4e10c5 Compare June 26, 2026 16:09
BODMAT added a commit that referenced this pull request Jul 1, 2026
…pm overrides (#110)

* build(deps): bump dependency groups, concurrently, and actions/checkout v7

Batch the open Dependabot PRs into one commit (#101, #105, #94, #87),
holding prettier at 3.8.4 — 3.9 is days old and its parser upgrades
reformat the repo.

- prod group: google-auth-library, ioredis, mongoose, openai, stripe,
  @tanstack/react-query(+devtools), axios, framer-motion, i18next
- dev group: doctoc, globals, lint-staged, turbo, typescript-eslint,
  nock, @vitejs/plugin-react, postcss, vite
- concurrently 9 -> 10 (dev-only; ESM-only, needs Node >= 22)
- actions/checkout v6 -> v7 across all workflows: blocks pwn-request by
  default; our workflows run on pull_request (not pull_request_target),
  so no behavior impact

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(docker): patch npm-bundled undici to 6.27.0 to clear CVEs

npm bundles undici 6.26.0 even at npm@latest, which Trivy flags in the
api/web/bot images. Our own dependency tree already resolves undici to
7.28.0 (safe), so this only affects npm's bundled copy inside the image.

Mirror the existing brace-expansion patch: install undici@^6.27.0 and
copy it over npm's bundled module. Stays on the v6 line to avoid
breaking npm.

Fixes CVE-2026-12151 (HIGH), CVE-2026-9679 (MEDIUM), CVE-2026-6733 (LOW),
CVE-2026-11525 (LOW).

Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>

* fix(deps): drop dead package.json pnpm.overrides, align postcss floor

The pnpm.overrides block in package.json was a stale subset already
superseded by pnpm-workspace.yaml, which pnpm v10 treats as the sole
source — package.json's copy was silently ignored (emitting a warning on
every install). Removing it changes no resolution: the workspace file
already enforces those pins plus esbuild/form-data/@types/express/etc.

Bump the workspace postcss override from ^8.5.10 to ^8.5.15 so dropping
the package.json postcss@<8.5.15 pin does not lower the security floor.

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like concurrently is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/concurrently-10.0.3 branch July 1, 2026 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants