chore(deps): bump the prod-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the prod-dependencies group with 4 updates in the / directory: @github/copilot-sdk, commander, express-rate-limit and helmet.

Updates @github/copilot-sdk from 0.3.0 to 1.0.0

Release notes

Sourced from @​github/copilot-sdk's releases.

GitHub Copilot SDK for Java 1.0.0

Installation

⚠️ Artifact versioning plan: Releases of this implementation track releases of the reference implementation. For each release of the reference implementation, there may follow a corresponding release of this implementation with the same number as the reference implementation. Release identifiers of the reference implementation are in the form vMaj.Min.Micro. For example v0.1.32. The corresponding maven version for the release will be Maj.Min.Micro-java.N, where Maj, Min and Micro are the corresponding numbers for the reference implementation release, and N is a monotonically increasing sequence number starting with 0 for each release. See the corresponding architectural decision record for more information in the docs/adr directory of the source code.

📦 View on Maven Central

📖 Documentation · Javadoc

Maven

<dependency>
    <groupId>com.github</groupId>
    <artifactId>copilot-sdk-java</artifactId>
    <version>1.0.0</version>
</dependency>

Gradle (Kotlin DSL)

implementation("com.github:copilot-sdk-java:1.0.0")

Gradle (Groovy DSL)

implementation 'com.github:copilot-sdk-java:1.0.0'

What's Changed

• Refine Go SDK pre-GA API surfaces by @​qmuntal in github/copilot-sdk#1549

Full Changelog: github/copilot-sdk@java/v1.0.0-beta-12-java.1...java/v1.0.0

rust/v1.0.0

What's Changed

• De-flake builtin_tools E2E tests with a longer send timeout by @​stephentoub in github/copilot-sdk#1538
• Update java README with accurate validation steps by @​edburns in github/copilot-sdk#1541
• Java SDK: Update @github/copilot dependency to ^1.0.57 by @​edburns in github/copilot-sdk#1546
• Edburns/remove pr 1524 test java publish update notes to point to docs by @​edburns in github/copilot-sdk#1543
• java: disable ModeHandlersTest pending snapshot re-recording (#1547) by @​edburns in github/copilot-sdk#1548
• Refine Go SDK pre-GA API surfaces by @​qmuntal in github/copilot-sdk#1549

Full Changelog: github/copilot-sdk@rust/v1.0.0-beta.12...rust/v1.0.0

v1.0.0

What's Changed

... (truncated)

Commits

• c8f1b33 Revert "Temporarily use beta versions for "latest" dist-tag (#1283)"
• 3eaccba Refine Go SDK pre-GA API surfaces (#1549)
• 4f88e9c [maven-release-plugin] prepare for next development iteration
• 91e3518 [maven-release-plugin] prepare release java/v1.0.0-beta-12-java.1
• fe7077b docs: update version references to 1.0.0-beta-12-java.1
• c46ac07 Java: increment POM after failed publish run
• 9be12b9 java: disable ModeHandlersTest pending snapshot re-recording (#1547) (#1548)
• e1ecaab docs: update version references to 1.0.0-beta-12-java.0
• 1c5e4af Edburns/remove pr 1524 test java publish update notes to point to docs (#1543)
• 171b8e0 Increment POM
• Additional commits viewable in compare view

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

• ba6d13d Fix release dates in changelog (#2523)
• a752ed9 Pin GitHub actions with hash (#2521)
• 74d5dfe Drop EOL node 20 from test matrix, and add node 26 (#2520)
• 6df9b68 Update details for 15.0.0 release (#2519)
• 01ce5d0 Remove jest esm examples (#2517)
• d785d8b Update dependencies (#2518)
• 9098b48 Update dependencies (#2506)
• 373f660 Use node:util stripVTControlCharacters instead of own code (#2486)
• 987f289 Use simple match in test (to avoid warning about expensive regex) (#2485)
• 0ea3bb3 Update dependecies and lint (#2489)
• Additional commits viewable in compare view

Updates express-rate-limit from 8.5.0 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

Commits

• 9774693 8.5.2
• 0e94cc0 v8.5.2 changelog
• 9a583c5 feat: simplify IPv6 key generation (#633)
• 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
• 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
• 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
• dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
• 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• See full diff in compare view

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

• Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
• Improve error message when passing duplicate options

Commits

• 638e43b 8.2.0
• fdf25a8 Update changelog for 8.2.0 release
• bd293b7 Update devDependencies to latest versions
• 81ce5cc Test supported Node versions on CI
• 807a888 Update to new URL
• d4e0128 Add direct link to FAQ
• 437d2eb Bump actions/setup-node from 6.3.0 to 6.4.0 (#537)
• a6bd779 Upgrade actions/setup-node to 6.3.0
• 1e09f5f Fix changelog typo
• d526f5c Bump Picomatch dev sub-dependency
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.