deps: bump the dependency-updates group with 4 updates

[dependabot]

Bumps the dependency-updates group with 4 updates: @primer/react, prettier, pacote and semver.

Updates @primer/react from 38.27.0 to 38.28.0

Release notes

Sourced from @​primer/react's releases.

@​primer/react@​38.28.0

Minor Changes

• #7888 45be31b Thanks @​TylerJDev! - AnchoredOverlay: Extend cssAnchorPositioningSettings with a fallbackStrategy ('default' | 'none' | 'opposite-side') to control CSS anchor positioning fallback behavior when native CSS anchor positioning is active.

• #7923 6a7e130 Thanks @​dylanatsmith! - Card: Add layout="compact" prop for a compact card layout with tighter spacing, no icon background, and smaller title

• #7922 55b7b04 Thanks @​dylanatsmith! - InlineMessage: Make variant prop optional, defaulting to the standard foreground color with an info icon

• #7889 3af5edc Thanks @​llastflowers! - Add data-component attributes and associated tests for PageHeader, PageLayout, Pagehead, Popover, Portal, and ProgressBar

• #7964 0f0f79f Thanks @​TylerJDev! - AnchoredOverlay: Add cssAnchorPositioningSettings prop to allow opting out of native CSS anchor positioning (via disable), and use it in SelectPanel so the modal variant stays manually centered instead of being repositioned by CSS anchor positioning.

Patch Changes

• #7918 95986ce Thanks @​jonrohan! - Autocomplete: Keep the typed text instead of restoring the full inline suggestion when the input loses focus, matching the behavior of pressing Escape

• #7971 2087e87 Thanks @​francinelucca! - ThemeProvider: Skip rendering the SSR handoff script when the primer_react_theme_provider_remove_ssr_handoff feature flag is enabled

• #7910 0c38cfa Thanks @​janmaarten-a11y! - Timeline: Add primer_react_timeline_list_semantics feature flag to opt into list semantics

  When the primer_react_timeline_list_semantics feature flag is enabled, Timeline renders as <ol role="list"> and Timeline.Item / Timeline.Break render as <li> so screen reader users get list navigation (total item count, position in sequence). The default behavior is unchanged — Timeline and its subcomponents still render as <div> until the flag is opted into.

  Enable the flag with the FeatureFlags provider:

  import {FeatureFlags} from '@primer/react/experimental'
  ;<FeatureFlags flags={{primer_react_timeline_list_semantics: true}}>
  <Timeline>…</Timeline>
  </FeatureFlags>

Commits

• f590c21 Release tracking (#7925)
• 45be31b AnchoredOverlay: Allow customization of CSS anchor positioning (#7888)
• 2087e87 ThemeProvider: Remove dangerouslySetInnerHTML under FF (#7971)
• 53ea013 MCP server: add readOnlyHint annotation to all tools (#7965)
• 0f0f79f AnchoredOverlay: Add settings for CSS anchor positioning (#7964)
• 6a7e130 Card: Add variant="condensed" for compact card layout (#7923)
• 3af5edc data-component adr part 6 (#7889)
• 35c20e4 Update Storybook dependencies (#7946)
• e82843d chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#7931)
• 0c3622b chore(deps): bump changesets/action from 1.8.0 to 1.9.0 (#7932)
• Additional commits viewable in compare view

Updates prettier from 3.8.3 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

Commits

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• See full diff in compare view

Updates pacote from 21.5.0 to 21.5.1

Release notes

Sourced from pacote's releases.

v21.5.1

21.5.1 (2026-06-09)

Bug Fixes

• 627a7dc #499 avoid ReDoS in addGitSha committish stripping (@​owlstronaut)

Chores

• 790a24b #500 template-oss-apply (#500) (@​owlstronaut, test)
• 09cb304 #499 template-oss-apply (@​owlstronaut)
• bea9f84 #499 @npmcli/template-oss@5.1.0 (@​owlstronaut)

Changelog

Sourced from pacote's changelog.

21.5.1 (2026-06-09)

Bug Fixes

• 627a7dc #499 avoid ReDoS in addGitSha committish stripping (@​owlstronaut)

Chores

• 790a24b #500 template-oss-apply (#500) (@​owlstronaut, test)
• 09cb304 #499 template-oss-apply (@​owlstronaut)
• bea9f84 #499 @npmcli/template-oss@5.1.0 (@​owlstronaut)

Commits

• d36266f chore: release 21.5.1 (#499)
• 790a24b chore: template-oss-apply (#500)
• 09cb304 chore: template-oss-apply
• bea9f84 chore: @​npmcli/template-oss@​5.1.0
• 627a7dc fix: avoid ReDoS in addGitSha committish stripping
• See full diff in compare view

Updates semver from 7.8.2 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

Commits

• 8640bd6 chore: release 7.8.4 (#875)
• e583226 fix: reject numeric segments after x-ranges
• 6b77aa8 chore: release 7.8.3 (#873)
• 3485dda chore: bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866)
• 046da7f fix: align caret includePrerelease lower bounds (#872)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.