Skip to content

Bump picomatch from 2.3.1 to 2.3.2#98

Merged
guibranco merged 3 commits into
mainfrom
dependabot/npm_and_yarn/picomatch-2.3.2
May 7, 2026
Merged

Bump picomatch from 2.3.1 to 2.3.2#98
guibranco merged 3 commits into
mainfrom
dependabot/npm_and_yarn/picomatch-2.3.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Bumps picomatch from 2.3.1 to 2.3.2.

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 1, 2026

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions github-actions Bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 1, 2026
@deepsource-io
Copy link
Copy Markdown

deepsource-io Bot commented May 1, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in 5c3a4a6...fcbf2db on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
JavaScript May 6, 2026 2:57p.m. Review ↗
Secrets May 6, 2026 2:57p.m. Review ↗
Code coverage May 6, 2026 2:57p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@guibranco guibranco enabled auto-merge (squash) May 1, 2026 14:12
@gstraccini gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label May 1, 2026
guibranco
guibranco approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini Bot added the 🤖 bot Automated processes or integrations label May 1, 2026
@dependabot
Bump picomatch from 2.3.1 to 2.3.2
fcbf2db 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from 16f85f0 to fcbf2db Compare May 6, 2026 14:56
@github-actions github-actions Bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 6, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 7, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs 
2026-05-07T17:39:16Z INF scanning for exposed secrets...
5:39PM INF 94 commits scanned.
2026-05-07T17:39:16Z INF scan completed in 228ms
2026-05-07T17:39:16Z INF no leaks found

@guibranco guibranco merged commit 6349807 into main May 7, 2026
16 checks passed
@guibranco guibranco deleted the dependabot/npm_and_yarn/picomatch-2.3.2 branch May 7, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guibranco