Skip to content

Upgrade vulnerable dependencies#20

Merged
joshuanapoli merged 2 commits into
mainfrom
minimatch/9.0.9
May 7, 2026
Merged

Upgrade vulnerable dependencies#20
joshuanapoli merged 2 commits into
mainfrom
minimatch/9.0.9

Conversation

@joshuanapoli

@joshuanapoli joshuanapoli commented May 7, 2026

Copy link
Copy Markdown
Member

User description


Generated description

Below is a concise technical summary of the changes proposed in this PR:
Align dependency metadata with patched releases by upgrading minimatch to 9.0.9 and brace-expansion to 2.1.0, which resolves CVE-2026-27903. Refresh Plug’n’Play and lockfile entries so the package manager installs the new bundles and checksums consistently.

Latest Contributors(2)
UserCommitDate
jnapoli@cvector.energyUpgrade to minimatch@9...May 07, 2026
jnapoli@alum.mit.eduMerge pull request #11...March 27, 2026
This pull request is reviewed by Baz. Review like a pro on (Baz).

@joshuanapoli joshuanapoli requested a review from alok27a May 7, 2026 20:22
@joshuanapoli joshuanapoli changed the title Upgrade to minimatch@9.0.9 Upgrade vulnerable dependencies May 7, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the brace-expansion and minimatch dependencies. The review feedback correctly identifies that manual modifications were made to the yarn.lock file, specifically changing dependency ranges and descriptor keys from ^2.0.1 to ^2.0.2. These manual overrides are discouraged as they create inconsistencies with the actual package manifests and can lead to resolution issues; it is recommended to use standard package manager commands like yarn up to handle these updates automatically.

Comment thread yarn.lock
Comment thread yarn.lock
@joshuanapoli joshuanapoli merged commit c266113 into main May 7, 2026
2 checks passed
@joshuanapoli joshuanapoli deleted the minimatch/9.0.9 branch May 7, 2026 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant