Skip to content

chore(deps): update dependency minimatch to v10#5377

Merged
thomhurst merged 1 commit intomainfrom
renovate/minimatch-10.x
Apr 4, 2026
Merged

chore(deps): update dependency minimatch to v10#5377
thomhurst merged 1 commit intomainfrom
renovate/minimatch-10.x

Conversation

@thomhurst
Copy link
Copy Markdown
Owner

@thomhurst thomhurst commented Apr 4, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
minimatch resolutions major 9.0.910.2.5

Release Notes

isaacs/minimatch (minimatch)

v10.2.5

Compare Source

v10.2.4

Compare Source

v10.2.3

Compare Source

v10.2.2

Compare Source

v10.2.1

Compare Source

v10.2.0

Compare Source

v10.1.3

Compare Source

v10.1.2

Compare Source

v10.1.1

Compare Source

v10.1.0

Compare Source

v10.0.3

Compare Source

v10.0.2

Compare Source

v10.0.1

Compare Source

v10.0.0

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file MAJOR renovate-bot labels Apr 4, 2026
@thomhurst thomhurst enabled auto-merge (squash) April 4, 2026 17:16
@thomhurst thomhurst added dependencies Pull requests that update a dependency file renovate-bot MAJOR labels Apr 4, 2026
claude[bot]
claude bot reviewed Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: chore(deps): update dependency minimatch to v10

This is a Renovate-generated dependency update bumping from → in the docs/ directory.

Summary

The change is confined to two files:

  • docs/package.json — updates the resolutions override
  • docs/yarn.lock — updates the resolved version and tightens the brace-expansion peer range from ^5.0.2 to ^5.0.5

Observations

Major version bump via resolutions
This is a yarn resolutions entry, meaning it forces all transitive consumers of minimatch (including packages that declared ^9.0.3) to receive 10.2.5. Since minimatch v10 is a major bump from v9, there are potentially breaking API changes (e.g., minimatch.minimatch() function signature changes, removed unsafe option, etc.). However, because this is only applied to the docs/ build tooling and not to the core TUnit library, the blast radius is minimal. The docs site CI checks should validate this.

No concerns with the brace-expansion peer range tightening
The lock file update from brace-expansion@^5.0.2 to ^5.0.5 is consistent — 5.0.5 is already present and locked, so this is purely a semver floor bump with no version change.

No TUnit core impact
This PR touches only the docs/ subdirectory and has no effect on the C# source, tests, or the Microsoft.Testing.Platform-based engine.

Verdict

✅ Looks good. This is a routine dependency bump scoped entirely to docs build tooling. The resolution override pattern is appropriate for managing transitive vulnerability fixes. Automerge once CI passes.

@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Apr 4, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

TIP This summary will be updated as you push new changes. Give us feedback

claude[bot]
claude bot reviewed Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: chore(deps): update dependency minimatch to v10

This is a Renovate-generated dependency update bumping minimatch from 9.0.7 to 10.2.5 in the docs/ directory.

Summary

The change is confined to two files:

  • docs/package.json: updates the resolutions override
  • docs/yarn.lock: updates the resolved version and tightens the brace-expansion peer range from ^5.0.2 to ^5.0.5

Observations

Major version bump via resolutions

This is a yarn resolutions entry, meaning it forces all transitive consumers of minimatch (including packages that declared ^9.0.3) to receive 10.2.5. Since minimatch v10 is a major bump from v9, there are potentially breaking API changes. However, because this is only applied to the docs/ build tooling and not to the core TUnit library, the blast radius is minimal. The docs site CI checks should validate this.

No concerns with the brace-expansion peer range tightening

The lock file update from brace-expansion@^5.0.2 to ^5.0.5 is consistent — 5.0.5 is already present and locked, so this is purely a semver floor bump with no version change.

No TUnit core impact

This PR touches only the docs/ subdirectory and has no effect on the C# source, tests, or the Microsoft.Testing.Platform-based engine.

Verdict

Looks good. This is a routine dependency bump scoped entirely to docs build tooling. The resolution override pattern is appropriate for managing transitive vulnerability fixes. Automerge once CI passes.

@thomhurst thomhurst force-pushed the renovate/minimatch-10.x branch from effc3bc to 7d16c26 Compare April 4, 2026 17:48
claude[bot]
claude bot approved these changes Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a routine automated dependency update from Renovate Bot, upgrading the minimatch npm package in the docs/ directory from v9.0.9 to v10.2.5.

Scope: The changes are limited entirely to the docs/ directory (package.json and yarn.lock). This is documentation tooling only and has no impact on:

  • The .NET test framework core
  • Source generator or reflection engine modes
  • AOT compatibility
  • Any C# code, tests, or build artifacts

Change correctness: The diff looks correct:

  • package.json resolution pinned from 9.0.9 to 10.2.5
  • yarn.lock updated with the new resolved hash/integrity for minimatch@10.2.5
  • The transitive dependency brace-expansion resolution constraint was correctly updated from ^2.0.2 to ^5.0.5 to match what minimatch v10 requires

Breaking change note: minimatch v10 is a major version bump (hence the MAJOR label). The brace-expansion dependency moved from v2 to v5, which is also a major bump. However, since this is purely a resolutions override in the docs package (used to avoid security advisories in transitive deps), the actual consuming packages haven't changed — this just ensures a safe resolved version is used. No docs functionality should be affected.

Approved — the change is correct, well-scoped, and safe to merge.

@thomhurst thomhurst force-pushed the renovate/minimatch-10.x branch from 7d16c26 to 4b5579c Compare April 4, 2026 18:51
claude[bot]
claude bot approved these changes Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: chore(deps): update dependency minimatch to v10

Changes Reviewed

  • docs/package.json: minimatch resolution bumped from 9.0.910.2.5
  • docs/yarn.lock: resolved version + integrity hash updated; brace-expansion dependency tightened from ^2.0.2^5.0.5

Analysis

Scope is well-contained. Both files are under docs/ — this is purely documentation build tooling. No C# source, no TUnit engine, no source generator, no AOT-sensitive code is touched.

Major version bump is safe here. The resolutions override pattern is the correct mechanism for forcing a transitive dep to a safe version. Although minimatch v10 is a breaking change from v9, the resolutions block just ensures the resolved version is v10 — the actual consuming packages in docs/ haven't changed their declared dependency ranges. The docs CI pipeline is the right gate for catching any runtime incompatibility.

brace-expansion floor bump is consistent. Moving from ^2.0.2 to ^5.0.5 reflects that minimatch v10 dropped its brace-expansion v2 dependency in favor of v5. The already-pinned 5.0.5 in the lock file satisfies this constraint — no net version change.

Previous reviews covered the key points thoroughly. Nothing new to flag.

Verdict

✅ Approved. Routine Renovate-generated bump, correct and well-scoped. Safe to merge once CI passes.

@thomhurst thomhurst merged commit beccae2 into main Apr 4, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/minimatch-10.x branch April 4, 2026 19:30
This was referenced Apr 5, 2026
Merged
Open
Merged
Closed
This was referenced Apr 7, 2026
Closed
Closed
Closed
Closed
Open
Closed
Closed
Closed
Open
Open
Merged
Open
Open
Merged
Closed
Closed
Closed
Closed
Closed
Open
Closed
Open
Closed
Open
Open
Open
Open
Merged
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file MAJOR renovate-bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomhurst @renovate-bot