Skip to content

ci: Fixes security issues by replacing testing packages with native node tests#44

Merged
websterchris merged 3 commits intomainfrom
dependabot/npm_and_yarn/multi-acd8535d99
Mar 4, 2026
Merged

ci: Fixes security issues by replacing testing packages with native node tests#44
websterchris merged 3 commits intomainfrom
dependabot/npm_and_yarn/multi-acd8535d99

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 28, 2026
edited by websterchris
Loading

Description
Fixes security issues in minimatch by replacing the testing packages (mocha was the main issue) with the native node test runner.

To Test
npm run test

Original PR description below

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump minimatch
cf874b8 
Bumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.

Updates `minimatch` from 5.1.6 to 5.1.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.6...v5.1.9)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.6...v5.1.9)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 5.1.9
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 28, 2026
@dependabot dependabot bot mentioned this pull request Feb 28, 2026
Closed
@snyk-io-eu
Copy link
Copy Markdown

snyk-io-eu bot commented Feb 28, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@websterchris websterchris self-assigned this Mar 4, 2026
@websterchris websterchris changed the title Bump minimatch ci: Fixes security issues by replacing testing packages with native node tests Mar 4, 2026
@websterchris websterchris requested review from a team, antonioglez, danirons and mdouglasbrett and removed request for a team March 4, 2026 09:11
Zsugi-itv
Zsugi-itv approved these changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown

@Zsugi-itv Zsugi-itv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me, tests pass. 👍🏻

juliomalves
juliomalves approved these changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@juliomalves juliomalves left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful 😍

@websterchris websterchris merged commit 63aa9fa into main Mar 4, 2026
5 checks passed
@websterchris websterchris deleted the dependabot/npm_and_yarn/multi-acd8535d99 branch March 4, 2026 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliomalves juliomalves juliomalves approved these changes

@Zsugi-itv Zsugi-itv Zsugi-itv approved these changes

@antonioglez antonioglez Awaiting requested review from antonioglez antonioglez was automatically assigned from ITV/fed-reviewers

@mdouglasbrett mdouglasbrett Awaiting requested review from mdouglasbrett mdouglasbrett was automatically assigned from ITV/fed-reviewers

@danirons danirons Awaiting requested review from danirons danirons was automatically assigned from ITV/fed-reviewers

Assignees

@websterchris websterchris

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@juliomalves @Zsugi-itv @websterchris