Open dependabot[bot] opened 1 year ago
I don't know why we're using such an old minimatch here (behind 6 major versions? 🤨 https://github.com/isaacs/minimatch/tags)
That should probably be addressed instead of this PR.
Minimatch is used in the backend-less/cached file mode to filter PV lists with globs as well as regular expressions. It all runs locally in the browser, so security implications-wise this seems low to me. (https://github.com/pcdshub/whatrecord/security/dependabot/2 - worst case scenario you crash your browser tab)
Bumps minimatch from 3.0.4 to 3.1.2.
Commits
699c459
3.1.22f2b5ff
fix: trim pattern25d7c0d
3.1.155dda29
fix: treat nocase:true as always having magic5e1fb8d
3.1.0f8145c5
Add 'allowWindowsEscape' option570e8b1
add publishConfig for v3 publishes5b7cd33
3.0.620b4b56
[fix] revert all breaking syntax changes2ff0388
document, expose, and test 'partial:true' optionYou can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show