Skip to content

Bump picomatch and @angular-devkit/core#5414

Merged
tdonohue merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-e3ebc58273
Apr 7, 2026
Merged

Bump picomatch and @angular-devkit/core#5414
tdonohue merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-e3ebc58273

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 7, 2026

Bumps picomatch and @angular-devkit/core. These dependencies needed to be updated together.
Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

Updates @angular-devkit/core from 20.3.7 to 20.3.22

Release notes

Sourced from @​angular-devkit/core's releases.

20.3.22

@​angular-devkit/build-angular

Commit Description
fix - 5978eeeff update picomatch to 4.0.4

@​angular-devkit/core

Commit Description
fix - 6e9b92612 update picomatch to 4.0.4

@​angular/build

Commit Description
fix - 6f209c26d update picomatch to 4.0.4

20.3.21

@​angular/ssr

Commit Description
fix - 1dc6992a5 disallow x-forwarded-prefix starting with a backslash
fix - 0a2ff0b2b ensure unique values in redirect response Vary header
fix - cdbac82a8 support custom headers in redirect responses

20.3.20

@​angular/build

Commit Description
fix - 0fd6823af pass process environment variables to prerender workers

20.3.19

@​angular-devkit/build-angular

Commit Description
fix - 0299b4d1a update copy-webpack-plugin to v14.0.0

20.3.18

@​angular-devkit/core

Commit Description
fix - 39596d529 update ajv to 8.18.0

@​angular/build

Commit Description
fix - f668e2778 update rollup to 4.59.0

20.3.17

@​angular/ssr

Commit Description
fix - 8700e18d7 prevent open redirect via X-Forwarded-Prefix header
fix - 67582a946 validate host headers to prevent header-based SSRF

... (truncated)

Changelog

Sourced from @​angular-devkit/core's changelog.

20.3.22 (2026-03-27)

@​angular-devkit/build-angular

Commit Type Description
5978eeeff fix update picomatch to 4.0.4

@​angular-devkit/core

Commit Type Description
6e9b92612 fix update picomatch to 4.0.4

@​angular/build

Commit Type Description
6f209c26d fix update picomatch to 4.0.4

19.2.23 (2026-03-27)

@​angular/cli

Commit Type Description
67cfbe32f fix update picomatch to 4.0.4

@​angular-devkit/build-angular

Commit Type Description
771b979e7 fix update picomatch to 4.0.4

@​angular-devkit/core

Commit Type Description
de2da4874 fix update picomatch to 4.0.4

@​angular/build

Commit Type Description
27a9ce4a7 fix update picomatch to 4.0.4

... (truncated)

Commits
  • e18c125 release: cut the v20.3.22 release
  • 6e9b926 fix(@​angular-devkit/core): update picomatch to 4.0.4
  • 5978eee fix(@​angular-devkit/build-angular): update picomatch to 4.0.4
  • 6f209c2 fix(@​angular/build): update picomatch to 4.0.4
  • 34d5245 release: cut the v20.3.21 release
  • 0a2ff0b fix(@​angular/ssr): ensure unique values in redirect response Vary header
  • cdbac82 fix(@​angular/ssr): support custom headers in redirect responses
  • 1dc6992 fix(@​angular/ssr): disallow x-forwarded-prefix starting with a backslash
  • 1e7d877 release: cut the v20.3.20 release
  • 0fd6823 fix(@​angular/build): pass process environment variables to prerender workers
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump picomatch and @angular-devkit/core
0e77e60 
Bumps [picomatch](https://github.com/micromatch/picomatch) and [@angular-devkit/core](https://github.com/angular/angular-cli). These dependencies needed to be updated together.

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

Updates `@angular-devkit/core` from 20.3.7 to 20.3.22
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@20.3.7...v20.3.22)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
- dependency-name: "@angular-devkit/core"
  dependency-version: 20.3.22
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 7, 2026
@tdonohue tdonohue added this to the 10.0 milestone Apr 7, 2026
tdonohue
tdonohue approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Deployed locally & no issues found

@github-project-automation github-project-automation Bot moved this to 👍 Reviewer Approved in DSpace 10.0 Release Apr 7, 2026
@tdonohue tdonohue merged commit 2487b3d into main Apr 7, 2026
21 of 22 checks passed
@tdonohue tdonohue deleted the dependabot/npm_and_yarn/multi-e3ebc58273 branch April 7, 2026 19:02
@github-project-automation github-project-automation Bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace 10.0 Release Apr 7, 2026
@tdonohue tdonohue mentioned this pull request Apr 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

DSpace 10.0 Release
Status: ✅ Done

Milestone

10.0

Development

Successfully merging this pull request may close these issues.

1 participant

@tdonohue