Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the npm-dependencies group in /npm_and_yarn/helpers with 3 updates: @npmcli/arborist, nock and semver.

Updates @npmcli/arborist from 8.0.0 to 9.1.10

Release notes

Sourced from @​npmcli/arborist's releases.

arborist: v9.1.10

9.1.10 (2026-01-21)

Dependencies

• f951820 #8919 common-ancestor-path@2.0.0

arborist: v9.1.9

9.1.9 (2025-12-09)

Bug Fixes

• 0765289 #8721 handle ENOTEMPTY errors in moveFile (@​keegancsmith)

arborist: v9.1.8

9.1.8 (2025-11-25)

Bug Fixes

• b118364 #8760 undefined override set conflicts shouldn't error (@​owlstronaut)

Dependencies

• f963223 #8770 proggy@4.0.0
• f51e4aa #8770 nopt@9.0.0
• 2d15040 #8770 @npmcli/query@5.0.0
• 58650dc #8770 @npmcli/fs@5.0.0

arborist: v9.1.7

9.1.7 (2025-11-19)

Bug Fixes

• 3225fa3 #8737 fix usage of path of custom registry (#8737) (@​flj2mu2)
• e9f0418 #8689 arborist: improve override conflict detection with semantic comparison (#8689) (@​Artur-)
• 05319f0 #8677 code cleanup (#8677) (@​wraithgar)
• 49a4eef #8676 use look behind regex for trailing slash stripping (#8676) (@​wraithgar)
• b1aee62 #8645 dep flag calculation (#8645) (@​liamcmitchell)

Dependencies

• 8cc9f70 #8723 ssri@13.0.0
• 59b3c6a #8723 @npmcli/redact@4.0.0
• 6cb77df #8723 @npmcli/installed-package-contents@4.0.0
• 05ac7a7 #8723 proc-log@6.0.0
• 0a74f6d #8723 bin-links@6.0.0
• 041b9b2 #8723 parse-conflict-json@5.0.1
• a1b0fea #8723 @npmcli/name-from-folder@4.0.0
• 3404dca #8723 npm-install-checks@8.0.0
• 542fcf3 #8723 @npmcli/node-gyp@5.0.0

arborist: v9.1.6

9.1.6 (2025-10-08)

Bug Fixes

• 0a8b8c2 #8621 typo bugs and other spelling fixes (#8621) (@​jsoref)
• 54fd27f #8602 refactor node.ideallyInert to node.inert (#8602) (@​liamcmitchell)
• 13d8df6 #8537 optional set calculation (#8537) (@​liamcmitchell)

Chores

• 180e9f7 #8610 fix spelling in workspaces/arborist (#8610) (@​jsoref)
• 91393de #8599 Update references for arborist to cli (#8599) (@​jsoref)

arborist: v9.1.5

... (truncated)

Changelog

Sourced from @​npmcli/arborist's changelog.

9.1.10 (2026-01-21)

Dependencies

• f951820 #8919 common-ancestor-path@2.0.0

9.1.9 (2025-12-09)

Bug Fixes

• 0765289 #8721 handle ENOTEMPTY errors in moveFile (@​keegancsmith)

9.1.8 (2025-11-25)

Bug Fixes

• b118364 #8760 undefined override set conflicts shouldn't error (@​owlstronaut)

Dependencies

• f963223 #8770 proggy@4.0.0
• f51e4aa #8770 nopt@9.0.0
• 2d15040 #8770 @npmcli/query@5.0.0
• 58650dc #8770 @npmcli/fs@5.0.0

9.1.7 (2025-11-19)

Bug Fixes

• 3225fa3 #8737 fix usage of path of custom registry (#8737) (@​flj2mu2)
• e9f0418 #8689 arborist: improve override conflict detection with semantic comparison (#8689) (@​Artur-)
• 05319f0 #8677 code cleanup (#8677) (@​wraithgar)
• 49a4eef #8676 use look behind regex for trailing slash stripping (#8676) (@​wraithgar)
• b1aee62 #8645 dep flag calculation (#8645) (@​liamcmitchell)

Dependencies

• 8cc9f70 #8723 ssri@13.0.0
• 59b3c6a #8723 @npmcli/redact@4.0.0
• 6cb77df #8723 @npmcli/installed-package-contents@4.0.0
• 05ac7a7 #8723 proc-log@6.0.0
• 0a74f6d #8723 bin-links@6.0.0
• 041b9b2 #8723 parse-conflict-json@5.0.1
• a1b0fea #8723 @npmcli/name-from-folder@4.0.0
• 3404dca #8723 npm-install-checks@8.0.0
• 542fcf3 #8723 @npmcli/node-gyp@5.0.0

9.1.6 (2025-10-08)

Bug Fixes

• 0a8b8c2 #8621 typo bugs and other spelling fixes (#8621) (@​jsoref)
• 54fd27f #8602 refactor node.ideallyInert to node.inert (#8602) (@​liamcmitchell)
• 13d8df6 #8537 optional set calculation (#8537) (@​liamcmitchell)

Chores

• 180e9f7 #8610 fix spelling in workspaces/arborist (#8610) (@​jsoref)
• 91393de #8599 Update references for arborist to cli (#8599) (@​jsoref)

9.1.5 (2025-09-23)

Bug Fixes

• 60aa94b #8576 attach path to json parse error (@​wraithgar)
• 1eedf82 #8576 use @​npmcli/package-json to parse package.json (@​wraithgar)
• f6c868d #8566 calculate omit in diff (#8566) (@​liamcmitchell, Liam Mitchell)
• d389614 #8579 corrects peer dependency flag propagation (@​owlstronaut)

... (truncated)

Commits

• f8d25cd chore: release 11.8.0
• f951820 deps: common-ancestor-path@2.0.0
• 6d1db87 chore: release 11.7.0
• 0765289 fix: handle ENOTEMPTY errors in moveFile
• 5271485 chore: release 11.6.4
• b118364 fix: undefined override set conflicts shouldn't error
• f963223 deps: proggy@4.0.0
• f51e4aa deps: nopt@9.0.0
• 2d15040 deps: @​npmcli/query@​5.0.0
• 58650dc deps: @​npmcli/fs@​5.0.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by owlstronaut, a new releaser for @​npmcli/arborist since your current version.

Updates nock from 13.5.6 to 14.0.10

Release notes

Sourced from nock's releases.

v14.0.10

14.0.10 (2025-08-12)

Bug Fixes

• Use Error objects instead of plain objects with replyWithError() (#2900) (f2a3389)

v14.0.9

14.0.9 (2025-08-07)

Bug Fixes

• address timeout issue with mocked timers (Revert #2880) (#2902) (bc48f92)

v14.0.8

14.0.8 (2025-08-01)

Bug Fixes

• ClientRequest: support http.Agent instances as agents for https requests (#2896) (e4390b8)

v14.0.7

14.0.7 (2025-07-26)

Bug Fixes

• address timeout issue with mocked timers (#2880) (fb112f3)

v14.0.6

14.0.6 (2025-07-19)

Bug Fixes

• upgrade interceptors (2bcaf0f)

v14.0.5

14.0.5 (2025-05-30)

Bug Fixes

• use of a fetch() recording that uses gzip compression is missing the headers, Possible EventEmitter memory leak when used together with MongoDBContainer (#2869) (90b2a04)

v14.0.4

14.0.4 (2025-04-20)

... (truncated)

Commits

• f2a3389 fix: Use Error objects instead of plain objects with replyWithError() (#2900)
• 721ae1a chore(deps-dev): bump form-data from 4.0.2 to 4.0.4
• 316c990 chore(deps-dev): bump tmp from 0.2.1 to 0.2.4
• bc48f92 fix: address timeout issue with mocked timers (Revert #2880) (#2902)
• e4390b8 fix(ClientRequest): support http.Agent instances as agents for https requests...
• fb112f3 fix: address timeout issue with mocked timers (#2880)
• 0db794b fix
• eeb0924 fix
• b77f865 test
• b4514ca fix
• Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.3

Release notes

Sourced from semver's releases.

v7.7.3

7.7.3 (2025-10-06)

Bug Fixes

• e37e0ca #813 faster paths for compare (#813) (@​H4ad)
• 2471d75 #811 x-range build metadata support (i529015)

Chores

• 8f05c87 #807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807) (@​dependabot[bot], @​owlstronaut)

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.3 (2025-10-06)

Bug Fixes

• e37e0ca #813 faster paths for compare (#813) (@​H4ad)
• 2471d75 #811 x-range build metadata support (i529015)

Chores

• 8f05c87 #807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807) (@​dependabot[bot], @​owlstronaut)

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Commits

• a25789b chore: release 7.7.3 (#812)
• e37e0ca fix: faster paths for compare (#813)
• 2471d75 fix: x-range build metadata support
• 8f05c87 chore: bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807)
• d17aebf chore: bump @​npmcli/template-oss from 4.24.4 to 4.25.0 (#797)
• 3b03e3b chore: bump @​npmcli/template-oss from 4.24.3 to 4.24.4 (#790)
• 281055e chore: release 7.7.2 (#783)
• fcafb61 fix: add missing 'use strict' directives (#780)
• c760403 chore: template-oss-apply for workflow permissions (#784)
• c99f336 fix: prerelease identifier starting with digits (#781)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semver since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Bumped @npmcli/arborist, nock, and semver in npm_and_yarn/helpers to keep tooling current and reduce bugs. Major updates to arborist and nock may require small test or helper adjustments.

• Dependencies

  • @npmcli/arborist: 8.0.0 → 9.1.10
  • nock: 13.5.6 → 14.0.10
  • semver: 7.6.3 → 7.7.3

• Migration

  • Run the full test suite.
  • If tests use nock.replyWithError(), pass Error instances.
  • Verify arborist API usage remains compatible and adjust if needed.

^{Written for commit 969a15b. Summary will update on new commits.}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[JaclynCodes]

🚀