Skip to content

Bump minimatch and webpack#4

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-952a3b3f38
Open

Bump minimatch and webpack#4
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-952a3b3f38

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps minimatch to 3.1.5 and updates ancestor dependency webpack. These dependencies need to be updated together.

Updates minimatch from 3.0.4 to 3.1.5

Commits

Updates webpack from 4.7.0 to 4.47.0

Release notes

Sourced from webpack's releases.

v4.47.0

New Features

New Contributors

Full Changelog: webpack/webpack@v4.46.0...v4.47.0

Commits
  • dfffd6a 4.47.0
  • 7395af8 Merge pull request #17628 from iclanton/webpack4-md4-hash
  • 9b50972 Update SplitChunksPlugin to use the updated createHash function.
  • 6f6ae98 Add support for md4 in Node >=18.
  • 3956274 Merge pull request #13778 from StyleT/feature/custom_externals_for_systemjs_t...
  • 1f11600 fix: fixed work of the non-system type externals for "system" library target
  • 444e59f 4.46.0
  • 758bb25 Merge pull request #12387 from webpack/bugfix/12386
  • 79de1a2 enable backward-compatibility for resolve.roots
  • ef75c04 Fix filename in azure pipeline
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 17, 2026
@joostfaassen

Copy link
Copy Markdown
Member

🤖 Dependabot PR processing skill — risk assessment

Acting on behalf of Joost Faassen.

Decision

Do not merge automatically — assessed risk: medium

What changed

Title Bump minimatch and webpack
Semver minor (3.0.43.1.5)
Files (1) package-lock.json
Diff size +4030 / −2620

Why this was not merged automatically

  1. The diff is large (+4030 / −2620) without a clear patch-only semver signal.
  2. Large lockfile churn can still hide behaviour changes across many transitive packages.
  3. Left open for human review.

Checks considered

  • Pull request is mergeable with a clean merge state
  • No failing / timed-out / cancelled required checks observed
  • Diff inspected for manifests/lockfiles only vs unexpected paths
  • Package/path screened against sensitive dependency patterns

Automated assessment by the Dependabot PR processing skill. Detail stays in this comment; the merge commit message is kept short on purpose.

Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.5 and updates ancestor dependency [webpack](https://github.com/webpack/webpack). These dependencies need to be updated together.


Updates `minimatch` from 3.0.4 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.5)

Updates `webpack` from 4.7.0 to 4.47.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v4.7.0...v4.47.0)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: webpack
  dependency-version: 4.47.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-952a3b3f38 branch from 42b3b1e to 3e338b0 Compare July 17, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant