Skip to content

Update picomatch dependency to latest 4.0.4#53

Open
jdufresne wants to merge 1 commit into
micromatch:masterfrom
jdufresne:update-picomatch
Open

Update picomatch dependency to latest 4.0.4#53
jdufresne wants to merge 1 commit into
micromatch:masterfrom
jdufresne:update-picomatch

Conversation

@jdufresne
Copy link
Copy Markdown

@jdufresne jdufresne commented Mar 29, 2026
edited
Loading

This updates picomatch dependency to latest version 4.0.4. This helps projects that pull in anymatch, either directly or as a transient dependency, to have less duplication in node_modules as there are many other packages that also depend on picomatch.

@jdufresne
Update picomatch dependency to latest 4.0.4
98c4e60 
This updates picomatch dependency to latest version 4.0.4. This helps
projects that pull in anymatch, either directly or as a transient
dependency, to have less duplication in node_modules as they are many
other packages that also depend on picomatch.
@mike-mike-mike-mike-mike
Copy link
Copy Markdown

mike-mike-mike-mike-mike commented Mar 30, 2026
edited
Loading

This will also help consumers address this transitive vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2026-33672 (v2.3.2 would also address it)

@paulmillr
Copy link
Copy Markdown
Contributor

paulmillr commented Mar 30, 2026

^2 version selector in package.json will already use 2.3.2 when it’s available.

upgrading to v4 will break backwards compat with some platforms because reqs change.

If this is about chokidar, upgrade to latest chokidar across your deps instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jdufresne @mike-mike-mike-mike-mike @paulmillr