Conversation
Bumps and [picomatch](https://github.com/micromatch/picomatch). These dependencies needed to be updated together. Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) --- updated-dependencies: - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
JiwaniZakir
left a comment
JiwaniZakir
left a comment
There was a problem hiding this comment.
The package-lock.json updates are straightforward — picomatch 2.3.1→2.3.2 and 4.0.3→4.0.4 across all five affected entries (@rollup/pluginutils, root node_modules/picomatch, rollup-plugin-visualizer, tinyglobby, and vite). Worth noting that yarn.lock was also modified, which suggests the project may be using both package managers simultaneously — having both package-lock.json and yarn.lock committed can lead to divergence between the two lockfiles over time if contributors use different package managers. The yarn.lock changes also include several unrelated reorderings (e.g., @babel/core alias consolidation, @esbuild/android-arm and @esbuild/linux-arm block reordering, @tensorflow/tfjs-core alias trimming) that appear to be incidental churn from running yarn rather than being directly related to the picomatch bump — it would be cleaner to separate those or at least confirm they are intentional and don't mask any meaningful dependency changes.
1 participant
Bumps and picomatch. These dependencies needed to be updated together.
Updates
picomatchfrom 4.0.3 to 4.0.4Release notes
Sourced from picomatch's releases.
Commits
e5474fcPublish 4.0.44516eb5Merge commit from fork5eceecdMerge commit from fork0db7dd7Run benchmark again against latest minimatch version (#161)9500377docs: clarify what brace expansion syntax is and isn't supported (#134)2661f23fix typo in globstars.js test name (#138)1798b07docs: fixmakeReexample (#143)9d76bc5chore: undocument removed options (#146)e4d718bRemove unused time-require (#160)38dffebchore(deps): pin dependencies (#158)Updates
picomatchfrom 2.3.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Commits
e5474fcPublish 4.0.44516eb5Merge commit from fork5eceecdMerge commit from fork0db7dd7Run benchmark again against latest minimatch version (#161)9500377docs: clarify what brace expansion syntax is and isn't supported (#134)2661f23fix typo in globstars.js test name (#138)1798b07docs: fixmakeReexample (#143)9d76bc5chore: undocument removed options (#146)e4d718bRemove unused time-require (#160)38dffebchore(deps): pin dependencies (#158)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.