Skip to content

Upgrade brace-expansion #6570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gonzaloriestra merged 1 commit into from
Nov 4, 2025
Merged

Upgrade brace-expansion #6570

gonzaloriestra merged 1 commit into from
Nov 4, 2025
+4 −4

Conversation

@gonzaloriestra
Copy link
Contributor

@gonzaloriestra gonzaloriestra commented Nov 4, 2025

WHY are these changes introduced?

Fixes https://github.com/Shopify/cli/security/dependabot/170
Fixes https://github.com/Shopify/cli/security/dependabot/171

WHAT is this pull request doing?

Upgrades brace-expansion

How to test your changes?

CI

Measuring impact

How do we know this change was effective? Please choose one:

  • n/a - this doesn't need measurement, e.g. a linting rule or a bug-fix
  • Existing analytics will cater for this addition
  • PR includes analytics changes to measure impact

Checklist

  • I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • I've considered possible documentation changes

@gonzaloriestra gonzaloriestra marked this pull request as ready for review November 4, 2025 09:41
@gonzaloriestra gonzaloriestra requested a review from a team as a code owner November 4, 2025 09:41
@github-actions
Copy link
Contributor

github-actions bot commented Nov 4, 2025

Coverage report

St.
 Category Percentage Covered / Total
🟡 Statements
79.23% (+0.01% 🔼)
 13565/17120
🟡 Branches
73.08% (+0.01% 🔼)
 6620/9059
🟡 Functions 79.36% 3498/4408
🟡 Lines
79.59% (+0.01% 🔼)
 12811/16096

Test suite run success

3351 tests passing in 1372 suites.

Report generated by 🧪jest coverage report action from 32a4b19

@isaacroldan
Copy link
Contributor

isaacroldan commented Nov 4, 2025

There is no change in the package.json, is this a direct dependency? 🤔

@gonzaloriestra
Copy link
Contributor Author

gonzaloriestra commented Nov 4, 2025

It's not a direct dependency. The problematic version (brace-expansion@1.1.11) is a dependency of minimatch@3.1.2, which is used by a few packages.

And minimatch doesn't require that specific version, but ^1.1.7, so I just forced to update it in the lock file.

@gonzaloriestra gonzaloriestra added this pull request to the merge queue Nov 4, 2025
Merged via the queue into main with commit e3f65e1 Nov 4, 2025
29 checks passed
@gonzaloriestra gonzaloriestra deleted the upgrade-brace-expansion branch November 4, 2025 10:14
@gonzaloriestra gonzaloriestra mentioned this pull request Nov 4, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isaacroldan isaacroldan isaacroldan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gonzaloriestra @isaacroldan