fix: sets picomatch version at 2.3.2

[LinKCoding]

Overview

Picomatch version 2.3.1 has a security vulnerability (see: https://app.snyk.io/org/codecademy/project/c51d48f7-252a-44c3-96bb-67f3b77d50a6#issue-SNYK-JS-PICOMATCH-15765511)

This sets the version resolution for picomatch in yarn.lock to be 2.3.2.

PR Checklist

• Related to designs:
• Related to JIRA ticket: [ABC-123]
• Version plan added/updated (or not needed)
• I have run this code to verify it works
• This PR includes unit tests for the code change
• This PR includes testing instructions tests for the code change
• The alpha package of this PR is passing end-to-end tests in all relevant Codecademy repositories

Testing Instructions

Don't make me tap the sign.

1. Check out this related PR, go through the testing instructions and see that the pre-commit linting works
2. Finish and do a celebratory dance

PR Links and Envs

N/A

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 398a628

---

☁️ Nx Cloud last updated this comment at 2026-04-06 16:07:16 UTC

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.88%. Comparing base (3b3e304) to head (398a628).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3301   +/-   ##
=======================================
  Coverage   89.88%   89.88%           
=======================================
  Files         377      377           
  Lines        5593     5593           
  Branches     1779     1780    +1     
=======================================
  Hits         5027     5027           
  Misses        558      558           
  Partials        8        8           

Flag	Coverage Δ
main	?
pull-request	89.88% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[LinKCoding]

This was really what we were after

[codecademydev]

📬 Published Alpha Packages:

Package	Version	npm	Diff
@codecademy/gamut	68.2.3-alpha.e63333.0	npm	diff
@codecademy/gamut-icons	9.57.3-alpha.e63333.0	npm	diff
@codecademy/gamut-illustrations	0.58.10-alpha.e63333.0	npm	diff
@codecademy/gamut-kit	0.6.593-alpha.e63333.0	npm	diff
@codecademy/gamut-patterns	0.10.29-alpha.e63333.0	npm	diff
@codecademy/gamut-styles	17.13.2-alpha.e63333.0	npm	diff
@codecademy/gamut-tests	5.3.4-alpha.e63333.0	npm	diff
@codecademy/variance	0.26.2-alpha.e63333.0	npm	diff
eslint-plugin-gamut	2.4.4-alpha.e63333.0	npm	diff

[github-actions]

🚀 Styleguide deploy preview ready!

Preview URL: https://69d3dae0a7724a3bed3e9e1b--gamut-preview.netlify.app
Deploy Logs: https://app.netlify.com/projects/gamut-preview/deploys/69d3dae0a7724a3bed3e9e1b