Skip to content

Bump minimatch and nuxt#26

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-017df2402f
Closed

Bump minimatch and nuxt#26
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-017df2402f

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 28, 2026
edited
Loading

Bumps minimatch to 10.2.4 and updates ancestor dependency nuxt. These dependencies need to be updated together.

Updates minimatch from 3.1.2 to 10.2.4

Changelog

Sourced from minimatch's changelog.

change log

10.2

  • Add braceExpandMax option

10.1

  • Add magicalBraces option for escape
  • Fix makeRe when partial: true is set.
  • Fix makeRe when pattern ends in a final ** path part.

10.0

  • Require node 20 or 22 and higher

9.0

  • No default export, only named exports.

8.0

  • Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
  • Bump required Node.js version

7.4

  • Add escape() method
  • Add unescape() method
  • Add Minimatch.hasMagic() method

7.3

  • Add support for posix character classes in a unicode-aware way.

7.2

  • Add windowsNoMagicRoot option

7.1

  • Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits
  • c36addb 10.2.4
  • 26b9002 docs: add warning about ReDoS
  • 3a0d83b fix partial matching of globstar patterns
  • ea94840 10.2.3
  • 0873fba update deps
  • cecaad1 more extglob coalescing for performance
  • 11d0df6 limit nested extglob recursion, flatten extglobs
  • c3448c4 update assertValidPattern param type to unknown from any
  • 0bf499a limit recursion for **, improve perf considerably
  • 9f15c58 update deps
  • Additional commits viewable in compare view
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates nuxt from 3.7.4 to 3.21.1

Release notes

Sourced from nuxt's releases.

v3.21.1

3.21.1 is a regularly schedule patch release.

👉 Changelog

compare changes

🩹 Fixes

  • nuxt: Correct reference format of server builder (#34177)
  • nuxt: Add status/statusText getters to NuxtError (#34188)
  • schema: Add direnv and vendor to default ignore (#34190)
  • nuxt: Focus hash links after navigation (#34193)
  • nuxt: Exclude head runtime from unhead imports transform (#34195)
  • kit: Include prereleases in semver satisfy check (#34210)
  • nuxt: Watch server/ for builder:watch hook (#34208)
  • nitro: Encode unicode paths in x-nitro-prerender header (#34202)
  • nitro: Preserve error.message for fatal errors (#34226)
  • Only enable dynamic imports when ts plugin (#34205)
  • webpack: Use H3Error for 403 in dev server (#34233)
  • nuxt: Ensure NuxtError extends Error type (#34242)
  • vite: Use H3Error for 404 in dev server (#34225)
  • nuxt: Add backwards compat for #app barrel export in keyed functions (#34199)
  • nuxt: Track + re-add custom routes on hmr (#32044)
  • nuxt: Keep vnode when leaving deeper nested route (#33778)
  • vite: Prevent CSS flickering in dev mode after config changes (#33856)
  • nuxt: Do not start view transition if there is no route (#33723)
  • nuxt: Call deferHydration done on NuxtPage unmount (#34152)
  • nuxt: Handle invalid datetime in ` (#33992)
  • nuxt: Preserve middleware error status in 404 fallback (#34148)
  • nitro: Do not augment nuxt/schema (#34255)
  • nuxt: Cache manifest files to preserve buildId (#34002)
  • nuxt: Don't decode query string in SSR context URL (#34252)
  • nuxt: Allow specifying moduleDependencies by meta.name (#34263)
  • nuxt: Resolve #components import mapping conflict for packages outside rootDir (#34139)
  • vite,webpack: Use node.res to send 403/404 (#34266)
  • nitro,nuxt: Align path encoding with vue-router (#34265)
  • nitro: Augment nuxt/schema once more (9f5bb611d)

💅 Refactors

  • nuxt: Prefer genObjectKey to omit unnecessary quotes (#34245)
  • nuxt: Use ComponentProps helper to extract layout props (#34248)

📖 Documentation

  • Remove link to ai guide entirely (084b5d7f2)
  • Update roadmap dates (#34166)
  • Clarify shared type context limitations for custom imports (#34194)
  • Fix broken links (#34223)
  • Document payload extraction for ISR/SWR routes (#34222)
  • Update example of email validation (#34247)
  • Add documentation for keyedComposables (#34201)

🏡 Chore

... (truncated)

Commits
  • 5d57cf3 v3.21.1
  • 33e80d1 chore(deps): update dependency @​nuxt/telemetry to ^2.7.0 (3.x) (#34276)
  • 5ce4d6d chore(deps): upgrade to nuxt/test-utils v4 (#34273)
  • e97cfad chore(deps): update all non-major dependencies (3.x) (#34172)
  • 42b2848 fix(nitro,nuxt): align path encoding with vue-router (#34265)
  • 07198ba fix(nuxt): resolve #components import mapping conflict for packages outside...
  • 7fb93fd fix(nuxt): cache manifest files to preserve buildId (#34002)
  • 4ba1fca fix(nuxt): preserve middleware error status in 404 fallback (#34148)
  • 19ba0cb fix(nuxt): handle invalid datetime in <NuxtTime>` (#33992)
  • e76cf56 fix(nuxt): call deferHydration done on NuxtPage unmount (#34152)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nuxt since your current version.


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 28, 2026
@tomswinkels
Copy link
Copy Markdown
Member

tomswinkels commented Apr 16, 2026

@dependabot recreate

@dependabot
Bump minimatch and nuxt
81085d0 
Bumps [minimatch](https://github.com/isaacs/minimatch) to 10.2.4 and updates ancestor dependency [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt). These dependencies need to be updated together.


Updates `minimatch` from 3.1.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v10.2.4)

Updates `nuxt` from 3.7.4 to 3.21.1
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v3.21.1/packages/nuxt)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
- dependency-name: nuxt
  dependency-version: 3.21.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-017df2402f branch from 7e0c4c9 to 81085d0 Compare April 16, 2026 14:43
@Kevintjuhz
Copy link
Copy Markdown
Member

Kevintjuhz commented Apr 24, 2026

Superseded by a consolidated bump-to-latest-minor and npm audit fix merged in c1ff31d. The package version targeted by this PR is already satisfied in main. Closing as obsolete.

@Kevintjuhz Kevintjuhz closed this Apr 24, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 24, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-017df2402f branch April 24, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomswinkels @Kevintjuhz