fix(deps): bump the prod-minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the prod-minor-patch group with 5 updates in the / directory:

Package	From	To
@oclif/core	4.10.5	4.10.6
@oclif/plugin-autocomplete	3.2.45	3.2.46
@oclif/plugin-warn-if-update-available	3.1.60	3.1.61
ora	9.3.0	9.4.0
lucide-react	1.8.0	1.11.0

Updates @oclif/core from 4.10.5 to 4.10.6

Release notes

Sourced from @​oclif/core's releases.

4.10.6

Bug Fixes

• deps: bump postcss from 8.4.31 to 8.5.10 (9b29ad4)

Changelog

Sourced from @​oclif/core's changelog.

4.10.6 (2026-04-25)

Bug Fixes

• deps: bump postcss from 8.4.31 to 8.5.10 (9b29ad4)

Commits

• 1316e3a chore(release): 4.10.6 [skip ci]
• 4d2464f Merge pull request #1586 from oclif/dependabot-npm_and_yarn-postcss-8.5.10
• 9b29ad4 fix(deps): bump postcss from 8.4.31 to 8.5.10
• 507445a Merge pull request #1581 from oclif/dependabot-npm_and_yarn-oclif-plugin-help...
• 3821db3 Merge pull request #1582 from oclif/dependabot-npm_and_yarn-eslint-config-ocl...
• 4075594 Merge pull request #1583 from oclif/dependabot-npm_and_yarn-oclif-plugin-plug...
• e8dcb6e Merge pull request #1584 from oclif/dependabot-npm_and_yarn-prettier-3.8.3
• c8bc52b chore(dev-deps): bump prettier from 3.8.2 to 3.8.3
• 105e404 chore(dev-deps): bump @​oclif/plugin-plugins from 5.4.60 to 5.4.61
• 0eafd76 chore(dev-deps): bump eslint-config-oclif from 6.0.156 to 6.0.157
• Additional commits viewable in compare view

Updates @oclif/plugin-autocomplete from 3.2.45 to 3.2.46

Release notes

Sourced from @​oclif/plugin-autocomplete's releases.

3.2.46

Bug Fixes

• deps: bump @​oclif/core from 4.10.5 to 4.10.6 (#1138) (f42b7a9)

Changelog

Sourced from @​oclif/plugin-autocomplete's changelog.

3.2.46 (2026-04-26)

Bug Fixes

• deps: bump @​oclif/core from 4.10.5 to 4.10.6 (#1138) (f42b7a9)

Commits

• a20b960 chore(release): 3.2.46 [skip ci]
• f42b7a9 fix(deps): bump @​oclif/core from 4.10.5 to 4.10.6 (#1138)
• 38d480b chore(dev-deps): bump eslint-config-oclif from 6.0.157 to 6.0.159 (#1139)
• 056f769 chore(dev-deps): bump eslint-config-oclif from 6.0.156 to 6.0.157 (#1136)
• 8fb01a3 chore(dev-deps): bump prettier from 3.8.2 to 3.8.3 (#1137)
• 84ac366 chore(dev-deps): bump eslint-config-oclif from 6.0.154 to 6.0.156 (#1131)
• a95d0c5 chore(dev-deps): bump @​oclif/plugin-help from 6.2.42 to 6.2.44 (#1132)
• de36e41 chore(dev-deps): bump oclif from 4.22.96 to 4.23.0 (#1133)
• 7613dd2 chore(dev-deps): bump prettier from 3.8.1 to 3.8.2 (#1134)
• 06c5a00 chore(dev-deps): bump @​oclif/test from 4.1.17 to 4.1.18 (#1135)
• Additional commits viewable in compare view

Updates @oclif/plugin-warn-if-update-available from 3.1.60 to 3.1.61

Release notes

Sourced from @​oclif/plugin-warn-if-update-available's releases.

3.1.61

Bug Fixes

• deps: bump @​oclif/core from 4.10.5 to 4.10.6 (#1011) (0b3c20d)

Changelog

Sourced from @​oclif/plugin-warn-if-update-available's changelog.

3.1.61 (2026-04-26)

Bug Fixes

• deps: bump @​oclif/core from 4.10.5 to 4.10.6 (#1011) (0b3c20d)

Commits

• 446fb9a chore(release): 3.1.61 [skip ci]
• 0b3c20d fix(deps): bump @​oclif/core from 4.10.5 to 4.10.6 (#1011)
• 238d491 chore(dev-deps): bump eslint-config-oclif from 6.0.157 to 6.0.159 (#1012)
• 19b743c chore(dev-deps): bump prettier from 3.8.2 to 3.8.3 (#1010)
• b5e9ffa chore(dev-deps): bump prettier from 3.8.1 to 3.8.2 (#1007)
• 9ba91a8 chore(dev-deps): bump eslint-config-oclif from 6.0.155 to 6.0.156 (#1008)
• aba5e3c chore(dev-deps): bump oclif from 4.22.96 to 4.23.0 (#1009)
• See full diff in compare view

Updates ora from 9.3.0 to 9.4.0

Release notes

Sourced from ora's releases.

v9.4.0

• Add successSymbol and failSymbol options to oraPromise 3d2e0a9

---

sindresorhus/ora@v9.3.0...v9.4.0

Commits

• 46a6703 9.4.0
• 3d2e0a9 Add successSymbol and failSymbol options to oraPromise
• f70f613 Test tweaks
• 7cf29a7 Validate some options better
• See full diff in compare view

Updates lucide-react from 1.8.0 to 1.11.0

Release notes

Sourced from lucide-react's releases.

Version 1.11.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.10.0

Version 1.9.0

What's Changed

• fix(packages/angular): allow string inputs for size by @​swastik7805 in lucide-icons/lucide#4253
• fix(gh-icon): update colors for ColoredPath component by @​jguddas in lucide-icons/lucide#4233
• feat(packages): use .mjs for ESM bundles by @​karsa-mistmere in lucide-icons/lucide#4285
• fix(build-font): add collision detection to font codepoints by @​karsa-mistmere in lucide-icons/lucide#4300
• feat(icons): added timeline icon by @​jguddas in lucide-icons/lucide#4270

New Contributors

• @​swastik7805 made their first contribution in lucide-icons/lucide#4253

... (truncated)

Commits

• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cli-web-cli	Ready	Preview, Comment	May 1, 2026 0:22am

[ci-lockfile-regen]

Dependabot Fix Assessment

Packages: 5 updates (prod-minor-patch group)

• @oclif/core 4.10.5 → 4.10.6 (patch)
• @oclif/plugin-autocomplete 3.2.45 → 3.2.46 (patch)
• @oclif/plugin-warn-if-update-available 3.1.60 → 3.1.61 (patch)
• ora 9.3.0 → 9.4.0 (minor)
• lucide-react 1.8.0 → 1.11.0 (minor)

Scope: runtime dependencies
Workspace: root (lucide-react also in packages/react-web-cli and examples/web-cli)

What changed upstream

• @oclif/core 4.10.6: Only bumps postcss from 8.4.31 to 8.5.10 (internal build dependency, no runtime impact)
• @oclif/plugin-autocomplete / plugin-warn-if-update-available: Both only bump @oclif/core to 4.10.6
• ora 9.4.0: Adds successSymbol/failSymbol options to oraPromise; validates interval and color options more strictly
• lucide-react 1.11.0: Adds new icons; switches to .mjs for ESM bundles (1.9.0+)

Migration concerns checked

• Peer dependencies: OK — no conflicts
• Type changes: OK — no breaking type changes in any updated package
• Config files: OK — no config changes needed
• Module format: OK — lucide-react .mjs change is only in packages/react-web-cli/examples/web-cli, both already ESM
• React compatibility: OK — no duplicate React issues
• Monorepo impact: OK — lucide-react update reflected in both workspace packages' package.json
• ora option validation: OK — our 3 usages of ora all pass a plain string (ora("message...").start()), no options object with interval or color

What broke (E2E tests)

The 3 failing E2E test suites and 9 failing individual tests are not caused by the dependency bump:

1. test/e2e/stats/stats.test.ts (6 failures) — Failed to look up app "s57drg" — resolveAppIdFromNameOrId calls listApps() via the Control API; the app extracted from E2E_API_KEY is not found in the account associated with the CI run's ABLY_ACCESS_TOKEN. This is a test environment credential mismatch, not a code bug.

2. test/e2e/channels/channel-annotations-e2e.test.ts / channel-message-ops-e2e.test.ts (suite-level failures) — setupMutableMessagesRule fails with exitCode=1, stderr= — because apps rules create --json sends errors to stdout (not stderr), so the actual error reason is hidden in the test helper's error message. Root cause is again a Control API access failure with the CI access token.

3. test/e2e/push/push-config-e2e.test.ts — createTestApp fails with empty stderr — same pattern, error in stdout due to --json mode.

4. test/e2e/control/control-api-workflows.test.ts — rule deletion timeout — downstream effect of the preceding failures in the same test run.

All 4 failure categories involve Control API operations requiring ABLY_ACCESS_TOKEN. None of the dependency changes (oclif/core postcss bump, ora minor options, lucide-react icons) have any mechanism to affect Control API HTTP calls or credential resolution.

What was fixed

No code changes were needed — the dependency bump is safe and our code is compatible with all updated packages.

Verification

• Build: ✅ (pnpm prepare succeeds)
• Lint: ✅ (pnpm exec eslint . — 0 errors)
• Unit tests: ✅ (178 test files, 2417 tests — all passing after pnpm prepare)
• Web CLI tests: N/A (E2E failures are infrastructure-related, not dependency-related)

Notes for reviewer

The E2E test failures appear to be a pre-existing issue with the CI environment for this Dependabot branch — the ABLY_ACCESS_TOKEN in the test environment does not have access to the app referenced by E2E_API_KEY (app ID s57drg). This is unrelated to the dependency update. The PR is safe to merge once the CI environment issue is resolved or confirmed as pre-existing.