chore(deps): bump the npm_and_yarn group with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates: @google/gemini-cli and @openai/codex.

Updates @google/gemini-cli from 0.34.0 to 0.36.0

Release notes

Sourced from @​google/gemini-cli's releases.

Release v0.36.0

What's Changed

• Changelog for v0.33.2 by @​gemini-cli-robot in google-gemini/gemini-cli#22730
• feat(core): multi-registry architecture and tool filtering for subagents by @​akh64bit in google-gemini/gemini-cli#22712
• Changelog for v0.34.0-preview.4 by @​gemini-cli-robot in google-gemini/gemini-cli#22752
• fix(devtools): use theme-aware text colors for console warnings and errors by @​SandyTao520 in google-gemini/gemini-cli#22181
• Add support for dynamic model Resolution to ModelConfigService by @​kevinjwang1 in google-gemini/gemini-cli#22578
• chore(release): bump version to 0.36.0-nightly.20260317.2f90b4653 by @​gemini-cli-robot in google-gemini/gemini-cli#22858
• fix(cli): use active sessionId in useLogger and improve resume robustness by @​mattKorwel in google-gemini/gemini-cli#22606
• fix(cli): expand tilde in policy paths from settings.json by @​abhipatel12 in google-gemini/gemini-cli#22772
• fix(core): add actionable warnings for terminal fallbacks (#14426) by @​spencer426 in google-gemini/gemini-cli#22211
• feat(tracker): integrate task tracker protocol into core system prompt by @​anj-s in google-gemini/gemini-cli#22442
• chore: add posttest build hooks and fix missing dependencies by @​NTaylorMullen in google-gemini/gemini-cli#22865
• feat(a2a): add agent acknowledgment command and enhance registry discovery by @​alisa-alisa in google-gemini/gemini-cli#22389
• fix(cli): automatically add all VSCode workspace folders to Gemini context by @​sakshisemalti in google-gemini/gemini-cli#21380
• feat: add 'blocked' status to tasks and todos by @​anj-s in google-gemini/gemini-cli#22735
• refactor(cli): remove extra newlines in ShellToolMessage.tsx by @​NTaylorMullen in google-gemini/gemini-cli#22868
• fix(cli): lazily load settings in onModelChange to prevent stale closure data loss by @​KumarADITHYA123 in google-gemini/gemini-cli#20403
• feat(core): subagent local execution and tool isolation by @​akh64bit in google-gemini/gemini-cli#22718
• fix(cli): resolve subagent grouping and UI state persistence by @​abhipatel12 in google-gemini/gemini-cli#22252
• refactor(ui): extract SessionBrowser search and navigation components by @​abhipatel12 in google-gemini/gemini-cli#22377
• fix: updates Docker image reference for GitHub MCP server by @​jhhornn in google-gemini/gemini-cli#22938
• refactor(cli): group subagent trajectory deletion and use native filesystem testing by @​abhipatel12 in google-gemini/gemini-cli#22890
• refactor(cli): simplify keypress and mouse providers and update tests by @​scidomino in google-gemini/gemini-cli#22853
• Changelog for v0.34.0 by @​gemini-cli-robot in google-gemini/gemini-cli#22860
• test(cli): simplify createMockSettings calls by @​scidomino in google-gemini/gemini-cli#22952
• feat(ui): format multi-line banner warnings with a bold title by @​keithguerin in google-gemini/gemini-cli#22955
• Docs: Remove references to stale Gemini CLI file structure info by @​g-samroberts in google-gemini/gemini-cli#22976
• feat(ui): remove write todo list tool from UI tips by @​aniruddhaadak80 in google-gemini/gemini-cli#22281
• Fix issue where subagent thoughts are appended. by @​gundermanc in google-gemini/gemini-cli#22975
• Feat/browser privacy consent by @​kunal-10-cloud in google-gemini/gemini-cli#21119
• fix(core): explicitly map execution context in LocalAgentExecutor by @​akh64bit in google-gemini/gemini-cli#22949
• feat(plan): support plan mode in non-interactive mode by @​ruomengz in google-gemini/gemini-cli#22670
• feat(core): implement strict macOS sandboxing using Seatbelt allowlist by @​ehedlund in google-gemini/gemini-cli#22832
• docs: add additional notes by @​abhipatel12 in google-gemini/gemini-cli#23008
• fix(cli): resolve duplicate footer on tool cancel via ESC (#21743) by @​ruomengz in google-gemini/gemini-cli#21781
• Changelog for v0.35.0-preview.1 by @​gemini-cli-robot in google-gemini/gemini-cli#23012
• fix(ui): fix flickering on small terminal heights by @​devr0306 in google-gemini/gemini-cli#21416
• fix(acp): provide more meta in tool_call_update by @​Mervap in google-gemini/gemini-cli#22663
• docs: add FAQ entry for checking Gemini CLI version by @​surajsahani in google-gemini/gemini-cli#21271
• feat(core): resilient subagent tool rejection with contextual feedback by @​abhipatel12 in google-gemini/gemini-cli#22951
• fix(cli): correctly handle auto-update for standalone binaries by @​bdmorgan in google-gemini/gemini-cli#23038
• feat(core): add content-utils by @​adamfweidman in google-gemini/gemini-cli#22984
• fix: circumvent genai sdk requirement for api key when using gateway auth via ACP by @​sripasg in google-gemini/gemini-cli#23042
• fix(core): don't persist browser consent sentinel in non-interactive mode by @​jasonmatthewsuhari in google-gemini/gemini-cli#23073
• fix(core): narrow browser agent description to prevent stealing URL tasks from web_fetch by @​gsquared94 in google-gemini/gemini-cli#23086
• feat(cli): Partial threading of AgentLoopContext. by @​joshualitt in google-gemini/gemini-cli#22978
• fix(browser-agent): enable "Allow all server tools" session policy by @​cynthialong0-0 in google-gemini/gemini-cli#22343
• refactor(cli): integrate real config loading into async test utils by @​scidomino in google-gemini/gemini-cli#23040
• feat(core): inject memory and JIT context into subagents by @​abhipatel12 in google-gemini/gemini-cli#23032

... (truncated)

Commits

• 8b1e649 chore(release): v0.36.0
• b6d9970 chore(release): v0.36.0-preview.8
• 201c74c fix(config): disable JIT context loading by default (#24364)
• b7d2aea ink 6.6.3 (#24372)
• 071076a chore(release): v0.36.0-preview.7
• 425d64a fix(chore): resolve typescript errors resulting from cherry-picks
• c63350c fix broken tests (#24279)
• 55a5ed6 fix(cli): resolve missing F12 logs via global console store (#24235)
• 7e0ac00 feat(cli): show Flash Lite Preview model regardless of user tier (#23904)
• bbd8483 feat(core,ui): Add experiment-gated support for gemini flash 3.1 lite (#23794)
• Additional commits viewable in compare view

Updates @openai/codex from 0.116.0 to 0.118.0

Release notes

Sourced from @​openai/codex's releases.

0.118.0

New Features

• Windows sandbox runs can now enforce proxy-only networking with OS-level egress rules, instead of relying on environment variables alone. (#12220)
• App-server clients can now start ChatGPT sign-in with a device code flow, which helps when browser callback login is unreliable or unavailable. (#15525)
• codex exec now supports the prompt-plus-stdin workflow, so you can pipe input and still pass a separate prompt on the command line. (#15917)
• Custom model providers can now fetch and refresh short-lived bearer tokens dynamically, instead of being limited to static credentials from config or environment variables. (#16286, #16287, #16288)

Bug Fixes

• Project-local .codex files are now protected even on first creation, closing a gap where the initial write could bypass normal approval checks. (#15067)
• Linux sandbox launches are more reliable because Codex once again finds a trusted system bwrap on normal multi-entry PATHs. (#15791, #15973)
• The app-server-backed TUI regained several missing workflows: hook notifications replay correctly, /copy and /resume <name> work again, /agent no longer shows stale threads, and the skills picker scrolls past the first page. (#16013, #16021, #16050, #16014, #16109, #16110)
• MCP startup is more robust: local servers get a longer startup window, and failed handshakes surface warnings in the TUI again instead of looking like clean startups. (#16080, #16041)
• On Windows, apply_patch is less likely to fail because it no longer adds redundant writable roots that could trigger unnecessary ACL churn. (#16030)

Changelog

Full Changelog: openai/codex@rust-v0.117.0...rust-v0.118.0

• #15891 [plugins] Polish tool suggest prompts. @​mzeng-openai
• #15791 fix: resolve bwrap from trusted PATH entry @​viyatb-oai
• #15900 skills: remove unused skill permission metadata @​bolinfest
• #15811 app-server: Split transport module @​euroelessar
• #15067 Protect first-time project .codex creation across Linux and macOS sandboxes @​rreichel3-oai
• #15903 [codex] import token_data from codex-login directly @​bolinfest
• #15897 sandboxing: use OsString for SandboxCommand.program @​bolinfest
• #15910 docs: update AGENTS.md to discourage adding code to codex-core @​bolinfest
• #15898 chore: move bwrap config helpers into dedicated module @​viyatb-oai
• #15906 chore: remove skill metadata from command approval payloads @​bolinfest
• #15909 fix(network-proxy): fail closed on network-proxy DNS lookup errors @​viyatb-oai
• #14495 Preserve bazel repository cache in github actions @​siggisim
• #15522 bazel: re-organize bazelrc @​sluongng
• #15923 codex-tools: extract shared tool schema parsing @​bolinfest
• #15918 permissions: remove macOS seatbelt extension profiles @​bolinfest
• #12220 feat(windows-sandbox): add network proxy support @​viyatb-oai
• #15931 fix: make MACOS_DEFAULT_PREFERENCES_POLICY part of MACOS_SEATBELT_BASE_POLICY @​bolinfest
• #15933 fix: use matrix.target instead of matrix.os for actions/cache build action @​bolinfest
• #15928 codex-tools: extract MCP schema adapters @​bolinfest
• #15948 fix: increase timeout for rust-ci to 45 minutes for now @​bolinfest
• #15921 [app-server-protocol] introduce generic ClientResponse for app-server-protocol @​rhan-oai
• #15120 chore: refactor network permissions to use explicit domain and unix socket rule maps @​celia-oai
• #15525 Add ChatGPT device-code login to app server @​daniel-oai
• #15876 chore: drop useless stuff @​jif-oai
• #15954 chore: move pty and windows sandbox to Rust 2024 @​bolinfest
• #15986 feat: spawn v2 make task name as mandatory @​jif-oai
• #16000 Use codex-utils-template for login error page @​jif-oai
• #16001 Use codex-utils-template for review prompts @​jif-oai
• #15998 Use codex-utils-template for sandbox mode prompts @​jif-oai
• #15995 Use codex-utils-template for collaboration mode presets @​jif-oai
• #15996 Use codex-utils-template for search tool descriptions @​jif-oai
• #15999 Use codex-utils-template for review exit XML @​jif-oai

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.