Skip to content

build(deps): bump the production-dependencies group with 4 updates#150

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-3197583773
Open

build(deps): bump the production-dependencies group with 4 updates#150
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-3197583773

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026

Bumps the production-dependencies group with 4 updates: @github/copilot-sdk, @inquirer/prompts, ink and react.

Updates @github/copilot-sdk from 0.2.2 to 0.3.0

Release notes

Sourced from @​github/copilot-sdk's releases.

v0.3.0

This release adds new capabilities — per-session authentication, scoped permissions, agent-level tool and skill control, MCP interop utilities, and more — alongside a broad naming cleanup across all four SDK languages. As we close in on a GA release, we've done a deep clean on our naming to bring it closer to the final state, reducing the amount of churn you should expect in subsequent releases. The result is a more consistent, more readable API surface across the board.

New features

Per-session GitHub authentication

Sessions can now carry their own GitHub identity. Different sessions on the same CLI server can have different GitHub users, Copilot plans, and quota limits.

const session = await client.createSession({
    onPermissionRequest: approveAll,
    gitHubToken: userAToken, // Session-level identity
});

This is independent of the client-level gitHubToken (which authenticates the CLI process itself, and is not required if all sessions bring their own auth). The session-level token determines the identity used for content exclusion, model routing, and quota checks.

Per-agent tool visibility

A new defaultAgent.excludedTools option lets you hide tools from the default agent while keeping them available to custom sub-agents, enabling the orchestrator pattern where the default agent delegates to specialized sub-agents. (#1098)

Per-agent skills

Custom agents can now declare skills: string[] to eagerly inject specific skills into their context at startup. Skills are opt-in — agents receive no skills by default, and sub-agents do not inherit skills from the parent. (#995)

Sub-agent streaming content

When streaming is enabled, assistant.message_delta and assistant.reasoning_delta events are now also delivered for sub-agents. Each event carries an agentId field identifying which sub-agent produced it (absent for the root agent). If your application renders all streaming deltas to the UI, you'll want to filter by agentId (or for pure back-compat, set includeSubAgentStreamingEvents: false on SessionConfig to get the old behavior of only streaming main-agent content updates). (#1108)

Session idle timeout

A new sessionIdleTimeoutSeconds client option configures automatic session cleanup after inactivity. When set, sessions without activity for the specified duration are cleaned up. Disabled by default (sessions live indefinitely). Previously, sessions would always time out after 30 minutes of idleness - this change fixes that. (#1093)

Custom HTTP headers for BYOK model providers

Provider headers and per-message requestHeaders can now be passed through createSession, resumeSession, and send, enabling custom header forwarding to bring-your-own-key model providers. (#1094)

MCP CallToolResult conversion

A new convertMcpCallToolResult() utility function converts MCP CallToolResult objects (with content arrays of text, image, and resource blocks) into the SDK's ToolResultObject format. This makes it easy to use MCP tool servers as backends for SDK tool handlers. (#1049)

ProviderConfig exported

ProviderConfig is now re-exported from the Node.js and Python SDK entry points, so consumers no longer need to duplicate the type locally when configuring Responses API providers. (#1048)

New RPC methods

... (truncated)

Changelog

Sourced from @​github/copilot-sdk's changelog.

Changelog

All notable changes to the Copilot SDK are documented in this file.

This changelog is automatically generated by an AI agent when stable releases are published. See GitHub Releases for the full list.

Commits
  • dd2dcbc Per-session GitHub authentication for all SDK languages, plus update runtime ...
  • b4ef955 Add configurable session idle timeout option (#1093)
  • a3e273c SessionFs structured error contract and codegen changes
  • b1b0df5 feat: add per-agent tool visibility via defaultAgent.excludedTools (#1098)
  • 922959f Expose IncludeSubAgentStreamingEvents in all four SDKs (#1108)
  • fd0495c Update @​github/copilot to 1.0.32 (#1107)
  • cf5694c Update @​github/copilot to 1.0.32-1 (#1105)
  • 48e244d Clean up redundant Python codegen lambdas (#1104)
  • dbcea81 Add deprecated schema support to all four code generators (#1099)
  • 883cc02 Update @​github/copilot to 1.0.30 (#1096)
  • Additional commits viewable in compare view

Updates @inquirer/prompts from 8.4.1 to 8.4.3

Release notes

Sourced from @​inquirer/prompts's releases.

@​inquirer/prompts@​8.4.3

  • Fix: Windows rendering bug
  • Fix: Preserve exact literal types in choices array (Typescript only)
  • Fix: Allow input default value to be of type undefined (Typescript only)
  • Bump dependencies

@​inquirer/prompts@​8.4.2

  • Fix: some Windows terminals would freeze and not react to keypresses.
Commits
  • 113558c chore: Publish new release
  • f0ca377 chore: format everything with nano-staged
  • 5341ca1 chore: Bump yarn
  • cb7ffda ci: add Node.js 26 to test matrix (#2112)
  • 0401a5c fix(@​inquirer/input): allow explicit undefined for default option (#2111)
  • 40f87a8 fix: reset cursor to column 0 after prompt completes
  • b88c9a2 fix: satisfy eslint-plugin-n v18 rules
  • 697684a chore(deps-dev): Bump the linting group across 1 directory with 6 updates
  • 105c439 chore(deps-dev): Bump the build group with 3 updates (#2107)
  • a020d8a chore(deps-dev): Bump oxfmt in the formatting group (#2106)
  • Additional commits viewable in compare view

Updates ink from 7.0.0 to 7.0.2

Release notes

Sourced from ink's releases.

v7.0.2

  • Fix: Defer raw mode disable to prevent process hang on component swap dd052ea

vadimdemedes/ink@v7.0.1...v7.0.2

v7.0.1

  • Fix: Restore useApp exit typing 42ddd40
  • Fix: Respect disableFocus() when handling Escape (#937) cb66873

vadimdemedes/ink@v7.0.0...v7.0.1

Commits

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the production-dependencies group with 4 updates
69bb356 
Bumps the production-dependencies group with 4 updates: [@github/copilot-sdk](https://github.com/github/copilot-sdk), [@inquirer/prompts](https://github.com/SBoudrias/Inquirer.js), [ink](https://github.com/vadimdemedes/ink) and [react](https://github.com/facebook/react/tree/HEAD/packages/react).


Updates `@github/copilot-sdk` from 0.2.2 to 0.3.0
- [Release notes](https://github.com/github/copilot-sdk/releases)
- [Changelog](https://github.com/github/copilot-sdk/blob/main/CHANGELOG.md)
- [Commits](github/copilot-sdk@v0.2.2...v0.3.0)

Updates `@inquirer/prompts` from 8.4.1 to 8.4.3
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.1...@inquirer/prompts@8.4.3)

Updates `ink` from 7.0.0 to 7.0.2
- [Release notes](https://github.com/vadimdemedes/ink/releases)
- [Commits](vadimdemedes/ink@v7.0.0...v7.0.2)

Updates `react` from 19.2.5 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

---
updated-dependencies:
- dependency-name: "@github/copilot-sdk"
  dependency-version: 0.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@inquirer/prompts"
  dependency-version: 8.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: ink
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 13, 2026
Copilot AI review requested due to automatic review settings May 13, 2026 05:56
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pierceboggan pierceboggan Awaiting requested review from pierceboggan pierceboggan is a code owner

@digitarald digitarald Awaiting requested review from digitarald digitarald is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant