Skip to content

Bumped dependencies.#1301

Open
przemyslaw-zan wants to merge 1 commit intomasterfrom
ci/4288
Open

Bumped dependencies.#1301
przemyslaw-zan wants to merge 1 commit intomasterfrom
ci/4288

Conversation

@przemyslaw-zan
Copy link
Member

@przemyslaw-zan przemyslaw-zan commented Feb 26, 2026
edited by cursor bot
Loading

🚀 Summary

A brief summary of what this PR changes.

📌 Related issues

  • Closes #000

💡 Additional information

Optional: Notes on decisions, edge cases, or anything helpful for reviewers.

Note

Medium Risk
Lockfile-only dependency bumps (notably rollup/webpack and their plugin ecosystems) can change build/test output across packages despite no code changes. Added version overrides may also affect downstream resolution behavior across the workspace.

Overview
Updates workspace dependency resolution and lockfile to newer versions across the toolchain, including rollup 4.52.4 → 4.59.0 and webpack 5.101.1 → 5.105.2, plus associated loaders/plugins.

Adjusts pnpm overrides in pnpm-workspace.yaml/pnpm-lock.yaml to pin ranges for diff@^7, minimatch@^9, and qs@^6, and refreshes numerous transitive packages accordingly.

Written by Cursor Bugbot for commit 489ce0f. This will update automatically on new commits. Configure here.

cursor[bot]
cursor bot reviewed Feb 26, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is kicking off a free Cloud Agent to fix this issue. This run is complimentary, but you can enable autofix for all future PRs in the Cursor dashboard.

pnpm-lock.yaml
minimatch@9.0.5:
dependencies:
brace-expansion: 2.0.2
brace-expansion: 5.0.3
Copy link

@cursor cursor bot Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minimatch brace-expansion upgrade may alter glob behavior

Medium Severity

minimatch@9.0.6 now depends on brace-expansion@5.0.3 instead of brace-expansion@2.0.2 used by prior minimatch 9.x. That spans three major versions of brace-expansion, which can change how brace patterns like *.{js,ts} or src/{a,b}/file are expanded. This may affect glob matching used by editorconfig, mocha, glob@10, @typescript-eslint/typescript-estree, and @tufjs/models—e.g. in .editorconfig sections, test discovery, or config path patterns.

Additional Locations (1)

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bugbot Autofix determined this is a false positive.

Comparing minimatch 9.0.5 and 9.0.6 across brace-heavy glob patterns used by this repository showed no matching differences, so no code change is required.

This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@przemyslaw-zan