chore(deps-dev): bump minimatch from 9.0.5 to 9.0.9#253
chore(deps-dev): bump minimatch from 9.0.5 to 9.0.9#253dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [minimatch](https://github.com/isaacs/minimatch) from 9.0.5 to 9.0.9. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) --- updated-dependencies: - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "version": "2.3.2", | ||
| "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", | ||
| "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", | ||
| "dev": true, |
There was a problem hiding this comment.
Unintended removal of dev flag from fsevents
Low Severity
The "dev": true flag was removed from the node_modules/fsevents entry, even though this PR only intends to bump minimatch. fsevents is only reachable through playwright, which is a devDependency. Without "dev": true, npm install --omit=dev (production installs) may attempt to install fsevents on macOS, adding an unnecessary native module to production. This appears to be an unintended side effect of lockfile regeneration.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps minimatch from 9.0.5 to 9.0.9.
Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update depsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Lockfile-only dev dependency bump; low blast radius aside from potential minor behavior changes in glob matching during tooling/build steps.
Overview
Updates the dev dependency
minimatchto9.0.9(from9.0.5) inpackage-lock.json, including the updated resolved tarball/integrity metadata.Also refreshes lockfile metadata for transitive deps (notably
brace-expansionconstraint to^2.0.2) and drops thedevflag onfseventsin the lock entry.Written by Cursor Bugbot for commit 7423ca0. This will update automatically on new commits. Configure here.