Bump minimatch#13
Conversation
Bumps and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together. Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) --- updated-dependencies: - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
ArshVermaGit
left a comment
ArshVermaGit
left a comment
There was a problem hiding this comment.
This is a good coordinated dependency update that keeps glob matching behavior both secure and consistent across the tree. Updating minimatch in tandem across major and legacy branches helps avoid version skew issues, especially since glob parsing logic can subtly affect file resolution, build tooling, and ignore patterns. The included fixes around globstar matching and limits on nested extglob recursion also help reduce the risk of performance issues or potential ReDoS scenarios, which is particularly relevant for tooling that processes user-controlled paths or patterns. Overall, this is a low-risk but valuable maintenance improvement that strengthens reliability of pattern matching while keeping the dependency graph aligned.
1 participant
Bumps and minimatch. These dependencies needed to be updated together.
Updates
minimatchfrom 9.0.5 to 9.0.9Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update depsUpdates
minimatchfrom 3.1.2 to 3.1.5Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update depsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.