@actions/glob: bump minimatch from v3.0.4 to v10.2.4#2355
@actions/glob: bump minimatch from v3.0.4 to v10.2.4#2355shogo82148 wants to merge 3 commits intoactions:mainfrom
Conversation
| pattern = new Pattern('C:/foo/b[\\!]r/b*') | ||
| expect(pattern.searchPath).toBe('C:\\foo\\b[\\!]r') | ||
| expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeTruthy() // Note, "undefined" substr to accommodate a bug in Minimatch when nocase=true | ||
| expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeFalsy() |
There was a problem hiding this comment.
It is a bug of minimatch v3. toBeFalsy is correct.
There was a problem hiding this comment.
Pull request overview
Updates @actions/glob to use minimatch@10 to address ESM compatibility problems reported in actions/toolkit issues.
Changes:
- Bump
minimatchdependency from^3.0.4to^10.2.4(and update lockfile transitive deps). - Update
internal-pattern.tsto useminimatch’s named exports/types (Minimatch,MinimatchOptions). - Adjust pattern unit tests to reflect the matching behavior observed with the newer
minimatchversion.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| packages/glob/src/internal-pattern.ts | Switches to minimatch v10 import/types for pattern matching. |
| packages/glob/package.json | Updates runtime dependency to minimatch@^10.2.4. |
| packages/glob/package-lock.json | Locks minimatch@10.2.4 and its updated transitive dependency graph. |
| packages/glob/tests/internal-pattern.test.ts | Updates expectations for bracket-pattern behavior under minimatch v10. |
Files not reviewed (1)
- packages/glob/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "dependencies": { | ||
| "@actions/core": "^3.0.0", | ||
| "minimatch": "^3.0.4" | ||
| "minimatch": "^10.2.4" | ||
| } |
There was a problem hiding this comment.
minimatch@10.2.4 declares engines: { node: "18 || 20 || >=22" } (see updated package-lock). @actions/glob currently doesn’t declare a compatible Node runtime in its own package.json, so consumers on older Node versions can install this package and then fail at runtime. Consider adding an explicit engines.node requirement (and/or documenting the minimum supported Node version) to make the breaking requirement visible during install.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Minimatch v3 has compatibility issues with ES Modules (See #2085 (comment)). Updating to the latest version, v10, will resolve the problem.
closes #2085 and closes #1955