Skip to content

build: bump minimatch, nodemon and shx in /extensions/teams#2094

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/extensions/teams/multi-3797e8c6f7
Open

build: bump minimatch, nodemon and shx in /extensions/teams#2094
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/extensions/teams/multi-3797e8c6f7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 20, 2026
edited
Loading

Bumps minimatch to 10.2.2 and updates ancestor dependencies minimatch, nodemon and shx. These dependencies need to be updated together.

Updates minimatch from 3.1.2 to 10.2.2

Changelog

Sourced from minimatch's changelog.

change log

10.2

  • Add braceExpandMax option

10.1

  • Add magicalBraces option for escape
  • Fix makeRe when partial: true is set.
  • Fix makeRe when pattern ends in a final ** path part.

10.0

  • Require node 20 or 22 and higher

9.0

  • No default export, only named exports.

8.0

  • Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
  • Bump required Node.js version

7.4

  • Add escape() method
  • Add unescape() method
  • Add Minimatch.hasMagic() method

7.3

  • Add support for posix character classes in a unicode-aware way.

7.2

  • Add windowsNoMagicRoot option

7.1

  • Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates nodemon from 3.1.10 to 3.1.13

Release notes

Sourced from nodemon's releases.

v3.1.13

3.1.13 (2026-02-19)

Bug Fixes

  • TypeScript definition for 'restart' args (5c03715), closes #2265

v3.1.12

3.1.12 (2026-02-19)

Bug Fixes

v3.1.11

3.1.11 (2025-11-11)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemon since your current version.


Updates shx from 0.3.4 to 0.4.0

Release notes

Sourced from shx's releases.

v0.4.0

✨ Highlighted changes

  • This is based on ShellJS v0.9! This means we bumped the minimum node version to >= v18.
  • Small bash compatibility change to shx sed. Now if you invoke shx sed -i, this will not print any output to stdout (this is for consistency with unix sed). Using shx sed without the -i flag will still print to stdout as before.

What's Changed

New Contributors

Full Changelog: shelljs/shx@v0.3.4...v0.4.0

Commits
  • 8886c3e 0.4.0
  • e8db3bc refactor: code cleanup for the --negate flag
  • 6184003 Adding a global --negate flag (#189)
  • b3d5b80 fix: add back ShellJS version in --version
  • 5106c6b chore: update dependencies
  • e8bb9f8 chore: drop some dependencies and simplify
  • 3bb21d9 chore: drop non-LTS node versions
  • b70e666 chore: update shelljs and drop old node support
  • f8b0b37 doc: Fix typo in README
  • 03c2964 chore(dependencies): update js-yaml
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build: bump minimatch, nodemon and shx in /extensions/teams
9d7252a 
Bumps [minimatch](https://github.com/isaacs/minimatch) to 10.2.2 and updates ancestor dependencies [minimatch](https://github.com/isaacs/minimatch), [nodemon](https://github.com/remy/nodemon) and [shx](https://github.com/shelljs/shx). These dependencies need to be updated together.


Updates `minimatch` from 3.1.2 to 10.2.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v10.2.2)

Updates `nodemon` from 3.1.10 to 3.1.13
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v3.1.10...v3.1.13)

Updates `shx` from 0.3.4 to 0.4.0
- [Release notes](https://github.com/shelljs/shx/releases)
- [Changelog](https://github.com/shelljs/shx/blob/main/CHANGELOG.md)
- [Commits](shelljs/shx@v0.3.4...v0.4.0)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 10.2.2
  dependency-type: indirect
- dependency-name: nodemon
  dependency-version: 3.1.13
  dependency-type: direct:development
- dependency-name: shx
  dependency-version: 0.4.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 20, 2026
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 20, 2026
@dependabot dependabot Bot requested a review from nchandhi as a code owner February 20, 2026 04:08
@dependabot dependabot Bot added the javascript Pull requests that update Javascript code label Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Fr4nc3 Fr4nc3 Awaiting requested review from Fr4nc3 Fr4nc3 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants