revert: remove global minimatch resolution that broke glob@10/11

[brendan-kellam]

Summary

• Reverts chore(deps): bump minimatch to ^3.1.3 #957 which added a global "minimatch": "^3.1.3" resolution
• That resolution forced all minimatch instances to v3.x, breaking glob@10/11 used by @sourcebot/backend, @sourcebot/schemas, and react-email — these packages require minimatch@9+ for the GLOBSTAR named export
• Without the global override, Yarn resolves each package to the minimatch version it actually needs (3.x, 8.x, 9.x, or 10.x)

Security verification

All resolved versions are above the patched thresholds for every known minimatch CVE:

Version	CVE-2022-3517 (patch: 3.0.5)	CVE-2026-26996 (patches: 3.1.3 / 8.0.5 / 9.0.6 / 10.2.1)	CVE-2026-27903 (patches: 3.1.3 / 8.0.6 / 9.0.7 / 10.2.3)
minimatch@3.1.5 (eslint, nodemon, glob@7)	✅	✅	✅
minimatch@8.0.7 (glob@9 / sentry)	✅	✅	✅
minimatch@9.0.9 (glob@10, @typescript-eslint)	✅	✅	✅
minimatch@10.2.4 (glob@11 / backend / schemas)	✅	✅	✅

Test plan

• yarn dev starts without SyntaxError: The requested module 'minimatch' does not provide an export named 'GLOBSTAR'
• yarn why minimatch shows all versions at or above their respective patched thresholds

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated dependency resolution configuration to streamline package management settings.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd5ac2b and 179f566.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• CHANGELOG.md
• package.json

---

Walkthrough

Removed a minimatch version resolution from package.json and its corresponding changelog entry. These changes revert an earlier version pin that specified minimatch at ^3.1.3 via yarn resolutions.

Changes

Cohort / File(s)	Summary
Dependency Resolution Cleanup CHANGELOG.md, package.json	Removed minimatch entry from packageManager resolutions and deleted the corresponding changelog note documenting the version bump.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore(deps): bump minimatch to ^3.1.3 #957: This PR directly reverts the minimatch resolution and changelog entry that was added in that PR.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch brendan/revert-minimatch-resolution

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}