Skip to content

chore: bump picomatch from 2.3.1 to 2.3.2 in /example#76

Merged
jamesnrokt merged 1 commit into
mainfrom
dependabot/npm_and_yarn/example/picomatch-2.3.2
Jun 5, 2026
Merged

chore: bump picomatch from 2.3.1 to 2.3.2 in /example#76
jamesnrokt merged 1 commit into
mainfrom
dependabot/npm_and_yarn/example/picomatch-2.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 25, 2026

Copy link
Copy Markdown
Contributor

Bumps picomatch from 2.3.1 to 2.3.2.

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

@dependabot
dependabot Bot requested a review from a team as a code owner March 25, 2026 22:41
@cursor

cursor Bot commented Mar 25, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Lockfile-only dev dependency security patch in the example project; no runtime or SDK code changes.

Overview
Updates example/package-lock.json to resolve picomatch from 2.3.1 to 2.3.2, a patch release that addresses security advisories (including glob-pattern handling issues). The resolved tarball and integrity hash change accordingly; picomatch remains a dev transitive dependency (e.g. via micromatch).

The same lockfile refresh also updates recorded versions for local file: dependencies (@mparticle/cordova-rokt-kit and @mparticle/cordova-sdk) from 3.0.0 to 3.0.1 in the lock metadata—no application source changes in this diff.

Reviewed by Cursor Bugbot for commit cac5db8. Bugbot is set up for automated code reviews on this repo. Configure here.

@jamesnrokt

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/example/picomatch-2.3.2 branch from 8f67d46 to cac5db8 Compare June 5, 2026 18:25
@jamesnrokt
jamesnrokt merged commit a031dcb into main Jun 5, 2026
10 of 11 checks passed
@jamesnrokt
jamesnrokt deleted the dependabot/npm_and_yarn/example/picomatch-2.3.2 branch June 5, 2026 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant