Skip to content

refactor: Bump minimatch and npm#832

Merged
mtrezza merged 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-4d16cdc824
Mar 30, 2026
Merged

refactor: Bump minimatch and npm#832
mtrezza merged 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-4d16cdc824

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026

Bumps minimatch and npm. These dependencies needed to be updated together.
Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates npm from 11.6.2 to 11.12.1

Release notes

Sourced from npm's releases.

v11.12.1

11.12.1 (2026-03-24)

Bug Fixes

Documentation

Dependencies

v11.12.0

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

Documentation

... (truncated)

Changelog

Sourced from npm's changelog.

11.12.1 (2026-03-24)

Bug Fixes

Documentation

Dependencies

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
refactor: Bump minimatch and npm
21dbefe 
Bumps [minimatch](https://github.com/isaacs/minimatch) and [npm](https://github.com/npm/cli). These dependencies needed to be updated together.

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `npm` from 11.6.2 to 11.12.1
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.6.2...v11.12.1)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
- dependency-name: npm
  dependency-version: 11.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@mtrezza
Copy link
Copy Markdown
Member

mtrezza commented Mar 30, 2026

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 30, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 30, 2026

Important

Review skipped

Review was skipped as selected files did not have any reviewable changes.

💤 Files selected but had no reviewable changes (1)
  • package-lock.json
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0019dadb-5cb4-4ae2-be9d-b3a71ba83faa

📥 Commits

Reviewing files that changed from the base of the PR and between 15401a6 and 21dbefe.

📒 Files selected for processing (1)
  • package-lock.json

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/multi-4d16cdc824

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

mtrezza
mtrezza approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved: Lock-file-only transitive dependency update. All CI checks pass. minimatch security patches (ReDoS fixes) for dev-only dependencies. Low risk.

@mtrezza mtrezza merged commit 09f9c32 into master Mar 30, 2026
3 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/multi-4d16cdc824 branch March 30, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrezza mtrezza mtrezza approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtrezza