Conversation
Bumps and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together. Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 9.0.3 to 9.0.7 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) Updates `minimatch` from 5.1.6 to 5.1.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect - dependency-name: minimatch dependency-version: 9.0.7 dependency-type: indirect - dependency-name: minimatch dependency-version: 5.1.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on March 21
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "balanced-match": "^4.0.2" | ||
| }, | ||
| "engines": { | ||
| "node": "18 || 20 || >=22" |
There was a problem hiding this comment.
Node 16 install fails due to transitive engine requirements
High Severity
The minimatch bump pulls in balanced-match 4.0.4 and brace-expansion 5.0.3 as transitive deps of Storybook and js-beautify. Both require Node 18 || 20 || >=22, which excludes Node 16. With engine-strict=true in .npmrc, npm install will fail on Node 16 even though package.json declares "node": ">=16".
Additional Locations (2)
screen-builder
|
||||||||||||||||||||||||||||
| Project |
screen-builder
|
| Branch Review |
dependabot/npm_and_yarn/multi-8d92d2c9b2
|
| Run status |
|
| Run duration | 09m 32s |
| Commit |
|
| Committer | dependabot[bot] |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
Failures
|
0
|
Flaky
|
0
|
Pending
|
19
|
Skipped
|
0
|
Passing
|
389
|
| View all changes introduced in this branch ↗︎ | |
|
|
Superseded by #1904. |
Bumps and minimatch. These dependencies needed to be updated together.
Updates
minimatchfrom 3.1.2 to 3.1.4Commits
1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actions9c31b2dupdate test expectations for coalesced consecutive stars46fe687coalesce consecutive non-globstar * characters5a9ccbd[meta] update publishConfig.tag to legacy-v3Updates
minimatchfrom 9.0.3 to 9.0.7Commits
1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actions9c31b2dupdate test expectations for coalesced consecutive stars46fe687coalesce consecutive non-globstar * characters5a9ccbd[meta] update publishConfig.tag to legacy-v3Updates
minimatchfrom 5.1.6 to 5.1.8Commits
1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actions9c31b2dupdate test expectations for coalesced consecutive stars46fe687coalesce consecutive non-globstar * characters5a9ccbd[meta] update publishConfig.tag to legacy-v3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Lockfile-only dependency bumps; main risk is minor CI/build/test behavior changes due to updated dev-tooling dependency resolution.
Overview
Updates the lockfile to bump
minimatchacross multiple dependency trees (including Storybook and other dev tooling), pulling in newerbrace-expansion/balanced-matchversions.Also refreshes several transitive tooling deps (notably
cross-spawn,js-beautifyand its dependency graph), adding new lock entries likejs-cookieandpackage-json-from-distand updating various package metadata (licenses/engines) accordingly.Written by Cursor Bugbot for commit 10fd2fc. This will update automatically on new commits. Configure here.