chore(deps): bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: picomatch.

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

• e5474fc Publish 4.0.4
• 4516eb5 Merge commit from fork
• 5eceecd Merge commit from fork
• 0db7dd7 Run benchmark again against latest minimatch version (#161)
• 9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
• 2661f23 fix typo in globstars.js test name (#138)
• 1798b07 docs: fix makeRe example (#143)
• 9d76bc5 chore: undocument removed options (#146)
• e4d718b Remove unused time-require (#160)
• 38dffeb chore(deps): pin dependencies (#158)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Overall package size

Self size: 5.04 MB
Deduped: 5.89 MB
No deduping: 5.89 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.0 | 81.15 kB | 815.98 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.45%. Comparing base (a498993) to head (ef9657e).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7863      +/-   ##
==========================================
- Coverage   80.46%   80.45%   -0.01%     
==========================================
  Files         749      749              
  Lines       32487    32487              
==========================================
- Hits        26140    26138       -2     
- Misses       6347     6349       +2     

Flag	Coverage Δ
aiguard-macos	39.23% <ø> (-0.10%)	⬇️
aiguard-ubuntu	39.34% <ø> (-0.10%)	⬇️
aiguard-windows	39.01% <ø> (-0.10%)	⬇️
apm-capabilities-tracing-macos	49.10% <ø> (ø)
apm-capabilities-tracing-ubuntu	49.02% <ø> (ø)
apm-capabilities-tracing-windows	48.87% <ø> (-0.02%)	⬇️
apm-integrations-child-process	38.56% <ø> (-0.10%)	⬇️
apm-integrations-couchbase-18	37.35% <ø> (-0.10%)	⬇️
apm-integrations-couchbase-eol	37.84% <ø> (-0.10%)	⬇️
apm-integrations-oracledb	37.68% <ø> (-0.10%)	⬇️
appsec-express	55.17% <ø> (-0.08%)	⬇️
appsec-fastify	51.52% <ø> (-0.07%)	⬇️
appsec-graphql	51.69% <ø> (-0.06%)	⬇️
appsec-kafka	44.31% <ø> (-0.09%)	⬇️
appsec-ldapjs	43.93% <ø> (-0.08%)	⬇️
appsec-lodash	43.54% <ø> (-0.08%)	⬇️
appsec-macos	58.19% <ø> (-0.07%)	⬇️
appsec-mongodb-core	48.70% <ø> (-0.08%)	⬇️
appsec-mongoose	49.36% <ø> (-0.08%)	⬇️
appsec-mysql	50.79% <ø> (-0.07%)	⬇️
appsec-node-serialize	43.12% <ø> (-0.08%)	⬇️
appsec-passport	47.55% <ø> (-0.09%)	⬇️
appsec-postgres	50.51% <ø> (-0.07%)	⬇️
appsec-sourcing	42.37% <ø> (-0.08%)	⬇️
appsec-stripe	44.55% <ø> (-0.08%)	⬇️
appsec-template	43.28% <ø> (-0.08%)	⬇️
appsec-ubuntu	58.26% <ø> (-0.07%)	⬇️
appsec-windows	58.01% <ø> (-0.07%)	⬇️
instrumentations-instrumentation-bluebird	32.20% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-body-parser	40.46% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-child_process	37.90% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-cookie-parser	34.23% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-express	34.54% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-express-mongo-sanitize	34.36% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-express-session	40.09% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-fs	31.88% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-generic-pool	29.44% <ø> (ø)
instrumentations-instrumentation-http	39.80% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-knex	32.27% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-mongoose	33.39% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-multer	40.21% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-mysql2	38.23% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-passport	43.98% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-passport-http	43.65% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-passport-local	44.18% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-pg	37.67% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-promise	32.13% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-promise-js	32.13% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-q	32.18% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-url	32.10% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-when	32.15% <ø> (-0.10%)	⬇️
llmobs-ai	42.37% <ø> (-0.10%)	⬇️
llmobs-anthropic	40.38% <ø> (-0.09%)	⬇️
llmobs-bedrock	39.17% <ø> (-0.08%)	⬇️
llmobs-google-genai	39.71% <ø> (-0.09%)	⬇️
llmobs-langchain	40.07% <ø> (-0.08%)	⬇️
llmobs-openai	43.89% <ø> (-0.09%)	⬇️
llmobs-vertex-ai	39.96% <ø> (-0.09%)	⬇️
platform-core	31.47% <ø> (ø)
platform-esbuild	34.42% <ø> (ø)
platform-instrumentations-misc	48.41% <ø> (ø)
platform-shimmer	37.56% <ø> (ø)
platform-unit-guardrails	32.89% <ø> (ø)
plugins-azure-durable-functions	25.74% <ø> (ø)
plugins-azure-event-hubs	25.90% <ø> (ø)
plugins-azure-service-bus	25.26% <ø> (ø)
plugins-bullmq	44.39% <ø> (+0.02%)	⬆️
plugins-cassandra	37.72% <ø> (-0.10%)	⬇️
plugins-cookie	26.96% <ø> (ø)
plugins-cookie-parser	26.75% <ø> (ø)
plugins-crypto	26.73% <ø> (ø)
plugins-dd-trace-api	38.25% <ø> (-0.10%)	⬇️
plugins-express-mongo-sanitize	26.89% <ø> (ø)
plugins-express-session	26.70% <ø> (ø)
plugins-fastify	42.17% <ø> (-0.09%)	⬇️
plugins-fetch	38.34% <ø> (-0.10%)	⬇️
plugins-fs	38.58% <ø> (-0.10%)	⬇️
plugins-generic-pool	25.94% <ø> (ø)
plugins-google-cloud-pubsub	45.49% <ø> (-0.09%)	⬇️
plugins-grpc	40.84% <ø> (-0.09%)	⬇️
plugins-handlebars	26.94% <ø> (ø)
plugins-hapi	40.09% <ø> (-0.10%)	⬇️
plugins-hono	40.42% <ø> (-0.10%)	⬇️
plugins-ioredis	38.39% <ø> (-0.10%)	⬇️
plugins-knex	26.57% <ø> (ø)
plugins-langgraph	38.44% <ø> (-0.10%)	⬇️
plugins-ldapjs	24.43% <ø> (ø)
plugins-light-my-request	26.30% <ø> (ø)
plugins-limitd-client	32.33% <ø> (-0.25%)	⬇️
plugins-lodash	26.03% <ø> (ø)
plugins-mariadb	39.43% <ø> (-0.10%)	⬇️
plugins-memcached	38.13% <ø> (-0.10%)	⬇️
plugins-microgateway-core	39.16% <ø> (-0.10%)	⬇️
plugins-moleculer	40.45% <ø> (-0.09%)	⬇️
plugins-mongodb	39.10% <ø> (-0.09%)	⬇️
plugins-mongodb-core	38.94% <ø> (-0.10%)	⬇️
plugins-mongoose	38.82% <ø> (-0.09%)	⬇️
plugins-multer	26.70% <ø> (ø)
plugins-mysql	39.13% <ø> (-0.10%)	⬇️
plugins-mysql2	39.22% <ø> (-0.10%)	⬇️
plugins-node-serialize	27.00% <ø> (ø)
plugins-opensearch	37.58% <ø> (-0.10%)	⬇️
plugins-passport-http	26.76% <ø> (ø)
plugins-postgres	35.52% <ø> (-0.19%)	⬇️
plugins-process	26.73% <ø> (ø)
plugins-pug	26.96% <ø> (ø)
plugins-redis	38.85% <ø> (-0.10%)	⬇️
plugins-router	43.16% <ø> (-0.10%)	⬇️
plugins-sequelize	25.55% <ø> (ø)
plugins-test-and-upstream-amqp10	38.44% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-amqplib	44.15% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-apollo	39.08% <ø> (-0.09%)	⬇️
plugins-test-and-upstream-avsc	38.51% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-bunyan	33.79% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-connect	40.74% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-graphql	40.09% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-koa	40.34% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-protobufjs	38.74% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-rhea	44.18% <ø> (-0.10%)	⬇️
plugins-undici	39.07% <ø> (-0.09%)	⬇️
plugins-url	26.73% <ø> (ø)
plugins-valkey	38.10% <ø> (-0.10%)	⬇️
plugins-vm	26.73% <ø> (ø)
plugins-winston	33.98% <ø> (-0.10%)	⬇️
plugins-ws	41.92% <ø> (-0.10%)	⬇️
profiling-macos	40.44% <ø> (-0.10%)	⬇️
profiling-ubuntu	40.56% <ø> (-0.53%)	⬇️
profiling-windows	41.71% <ø> (-0.51%)	⬇️
serverless-azure-functions-client	25.62% <ø> (ø)
serverless-azure-functions-eventhubs	25.62% <ø> (ø)
serverless-azure-functions-servicebus	25.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-03-26 07:18:02

Comparing candidate commit ef9657e in PR branch dependabot/npm_and_yarn/npm_and_yarn-3f9ee708be with baseline commit a498993 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 230 metrics, 30 unstable metrics.