Skip to content

Bump minimatch and syncpack#8109

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-993a0c7465
Open

Bump minimatch and syncpack#8109
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-993a0c7465

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2026

Bumps minimatch to 9.0.9 and updates ancestor dependency syncpack. These dependencies need to be updated together.

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates syncpack from 13.0.4 to 14.0.1

Release notes

Sourced from syncpack's releases.

14.0.1

14.0.1 (2026-03-05)

Bug Fixes

  • cargo: update dependencies (c85144b)
  • core: handle negated source globs (aaf5032), closes #319

14.0.0

14.0.0 (2026-02-16)

[!IMPORTANT]

🚀 v14 is a Rust rewrite with a new API and has been in public alpha for 7 months.

Throughout this time I've developed and tested this version on public monorepos and asked for feedback from the community wherever I can, but there will be situations I haven't seen before.

Please follow the Migrate to 14 guide and if afterwards you encounter a problem, raise an issue using the bug report template.

The Getting Started guide has also been updated and is worth revisiting to get to know the changes.

Syncpack is a one person project used by some of the biggest companies in the world. If you or your business finds it useful then please consider a donation or becoming a Sponsor.

Syncpack is free and always will be. At the very least, please show it to people that you think might be interested ❤️

14.0.0-canary.1

14.0.0-canary.1 (2026-01-10)

⚠️ This is a release on the canary channel and is not intended for general use.This release is testing a different approach to packaging the Rust binaries for different platforms on npm.

Features

  • npm: trial removing node entry file (a2600ba)

Bug Fixes

  • config: use pnpm dlx in pnpm projects (350fbb1), closes #310

14.0.0-alpha.41

14.0.0-alpha.41 (2026-02-08)

Bug Fixes

  • cargo: update dependencies (1700ed9)
  • core: apply semver groups to highest semver calculation (48a80ee), closes #314

14.0.0-alpha.40

14.0.0-alpha.40 (2026-01-30)

Features

... (truncated)

Changelog

Sourced from syncpack's changelog.

14.0.1 (2026-03-05)

Bug Fixes

  • cargo: update dependencies (c85144b)
  • core: handle negated source globs (aaf5032), closes #319

14.0.0 (2026-02-16)

Features

  • syncpack: remove alpha status (b3ec0ba)

Bug Fixes

  • cargo: update dependencies (8edfa81)

14.0.0-alpha.41 (2026-02-08)

Bug Fixes

  • cargo: update dependencies (1700ed9)
  • core: apply semver groups to highest semver calculation (48a80ee), closes #314

14.0.0-alpha.40 (2026-01-30)

Features

  • cli: print migration guides for deprecated commands (1e1b904)

Bug Fixes

  • cargo: update dependencies (1bf8f04)

14.0.0-alpha.39 (2026-01-28)

Features

  • config: replace tsx with node@>=22.6 type stripping (8b1eaa0)

14.0.0-alpha.38 (2026-01-27)

Bug Fixes

  • core: resolve semverGroup / highestSemver conflict (593e1c8), closes #314

14.0.0-alpha.37 (2026-01-11)

Features

... (truncated)

Commits
  • 4ee5af0 chore(release): 14.0.1
  • 44480de chore(release): regenerate changelog
  • 7153e42 chore(release): update release-it config
  • aaf5032 fix(core): handle negated source globs
  • bf40c89 chore(site): amend schema
  • 5028ead chore(site): avoid duplicate SiteNavigationElement
  • c3d252a chore(pnpm): fix lockfile
  • 862302f style(core): run just format
  • 58a61de chore(git): rename v14-alpha branch to dev
  • a6773be chore(npm): update dev dependencies
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for syncpack since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump minimatch and syncpack
1edef6e 
Bumps [minimatch](https://github.com/isaacs/minimatch) to 9.0.9 and updates ancestor dependency [syncpack](https://github.com/JamieMason/syncpack). These dependencies need to be updated together.


Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v9.0.5...v9.0.9)

Updates `syncpack` from 13.0.4 to 14.0.1
- [Release notes](https://github.com/JamieMason/syncpack/releases)
- [Changelog](https://github.com/JamieMason/syncpack/blob/main/CHANGELOG.md)
- [Commits](JamieMason/syncpack@13.0.4...14.0.1)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
- dependency-name: syncpack
  dependency-version: 14.0.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants