Skip to content

Bump picomatch#381

Merged
jbampton merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-bf05dc1ecf
Mar 26, 2026
Merged

Bump picomatch#381
jbampton merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-bf05dc1ecf

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps picomatch to 2.3.2 and updates ancestor dependency . These dependencies need to be updated together.

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Mar 26, 2026
@dependabot dependabot bot requested a review from jbampton as a code owner March 26, 2026 00:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Mar 26, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 26, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpicomatch@​4.0.3 ⏵ 4.0.4100100 +1810094100

View full report

@deepsource-io
Copy link
Copy Markdown

deepsource-io bot commented Mar 26, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in b609797...e1a1b1c on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
JavaScript Mar 26, 2026 11:03a.m. Review ↗
Secrets Mar 26, 2026 11:03a.m. Review ↗

@jbampton
Copy link
Copy Markdown
Member

jbampton commented Mar 26, 2026

@dependabot rebase

@jbampton jbampton self-assigned this Mar 26, 2026
@jbampton jbampton added this to Next Mar 26, 2026
@jbampton jbampton added this to the Hackfest milestone Mar 26, 2026
@github-project-automation github-project-automation bot moved this to In progress in Next Mar 26, 2026
@dependabot
Bump picomatch
e1a1b1c 
Bumps [picomatch](https://github.com/micromatch/picomatch) to 2.3.2 and updates ancestor dependency . These dependencies need to be updated together.


Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-bf05dc1ecf branch from 62d4ec6 to e1a1b1c Compare March 26, 2026 11:02
@github-project-automation github-project-automation bot moved this from In progress to Reviewer approved in Next Mar 26, 2026
@jbampton jbampton merged commit 5bd42df into main Mar 26, 2026
6 of 7 checks passed
@jbampton jbampton deleted the dependabot/npm_and_yarn/multi-bf05dc1ecf branch March 26, 2026 11:05
@github-project-automation github-project-automation bot moved this from Reviewer approved to Done in Next Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbampton jbampton jbampton approved these changes

@BaseMax BaseMax BaseMax approved these changes

Assignees

@jbampton jbampton

Labels

dependencies Pull requests that update a dependency file javascript

Projects

Next
Status: Done

Milestone

Hackfest

Development

Successfully merging this pull request may close these issues.

2 participants

@jbampton @BaseMax