Skip to content

🤖 Dep Updates: Bump picomatch from 2.3.1 to 4.0.3#64

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/picomatch-4.0.3
Closed

🤖 Dep Updates: Bump picomatch from 2.3.1 to 4.0.3#64
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/picomatch-4.0.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Dec 29, 2025

Bumps picomatch from 2.3.1 to 4.0.3.

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
🤖 Dep Updates: Bump picomatch from 2.3.1 to 4.0.3
bc1f87f 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 4.0.3.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.3)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 29, 2025
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Dec 29, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/picomatch-4.0.3 branch December 29, 2025 15:27
John-David Dalton (jdalton) added a commit that referenced this pull request May 11, 2026
@jdalton
quality: autofix sort-source-methods across 60+ files
f237a1e 
The sort-source-methods rule now ships with a fixer (resolves task #65).
Function declarations are hoisted, so reordering them is safe for
runtime semantics; the leading JSDoc / line-comment block and any
trailing contiguous comment (notably `/* c8 ignore stop */` paired
with a start above) travel with each function.

Bail-out conditions:
* anonymous default exports — they have no name to sort by
* interleaved top-level non-function statements between functions —
  reshuffling would skip over their declaration-order semantics

The autofix attaches to the first violation per file; ESLint dedupes
overlapping fixes, but when multiple violations exist they may need
several passes to fully converge (oxlint --fix is idempotent — a few
re-runs settle).

Net: 333 → 167 sort-source-methods violations after iterating
oxlint --fix to convergence. The remaining 167 are files with
interleaved statements where the autofix bails for safety.

Also propagates the _inject-import.js identifier-based detection
fix to socket-lib's local copy (matches wheelhouse canonical, where
the same fix landed for task #64).
John-David Dalton (jdalton) added a commit that referenced this pull request May 11, 2026
@jdalton
quality: autofix sort-source-methods + cascade canonical script fixes
0856e65 
Picks up the new autofixable sort-source-methods rule from
socket-wheelhouse and the identifier-based _inject-import.js fix
(resolves task #65 / #64). Iterated `oxlint --fix` to convergence;
function declarations re-ordered into private→export alphanumeric
order across the repo. Function declarations are hoisted so the
rewrite is safe at runtime; leading JSDoc / line-comments and
trailing c8-ignore-stop markers travel with each function.

Also re-syncs the canonical scripts/check-paths.mts and
scripts/ai-lint-fix.mts from socket-wheelhouse. The wheelhouse copy
already accounts for state-machine null sentinels (blockKey,
blockKind, inString) and the SKIP_AI_FIX bracket-env access.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdalton