Skip to content

refactor: Bump picomatch from 2.3.1 to 2.3.2#821

Merged
mtrezza merged 1 commit intomasterfrom
dependabot/npm_and_yarn/picomatch-2.3.2
Mar 30, 2026
Merged

refactor: Bump picomatch from 2.3.1 to 2.3.2#821
mtrezza merged 1 commit intomasterfrom
dependabot/npm_and_yarn/picomatch-2.3.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited by coderabbitai bot
Loading

Bumps picomatch from 2.3.1 to 2.3.2.

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Summary by CodeRabbit

  • Chores
    • Updated package dependencies to latest compatible versions.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@dependabot dependabot bot mentioned this pull request Mar 30, 2026
Closed
@dependabot
refactor: Bump picomatch from 2.3.1 to 2.3.2
b7ceae1 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from b6f5adc to b7ceae1 Compare March 30, 2026 17:33
@mtrezza
Copy link
Copy Markdown
Member

mtrezza commented Mar 30, 2026

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 30, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 30, 2026
edited
Loading

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b909408c-2985-4692-9f1e-dddff91ea078

📥 Commits

Reviewing files that changed from the base of the PR and between 8758ca9 and b7ceae1.

📒 Files selected for processing (1)
  • package-lock.json
📝 Walkthrough

Walkthrough

Updated picomatch dependency from version 2.3.1 to 2.3.2, and its nested variant within tinyglobby/node_modules from 4.0.3 to 4.0.4, including corresponding resolved URLs and integrity hash values in the lockfile.

Changes

Cohort / File(s) Summary
Dependency Version Updates
package-lock.json		 Updated picomatch from 2.3.1 to 2.3.2 and nested tinyglobby/node_modules/picomatch from 4.0.3 to 4.0.4 with corresponding resolved tarball URLs and integrity hash updates.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: bumping picomatch from 2.3.1 to 2.3.2, which aligns with the package-lock.json updates.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/picomatch-2.3.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mtrezza mtrezza merged commit 5293918 into master Mar 30, 2026
3 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/picomatch-2.3.2 branch March 30, 2026 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtrezza