Conversation
WalkthroughThis pull request updates development and tooling metadata. In packages/pages/package.json the devDependency 🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/pages/package.json`:
- Line 103: Remove the redundant `@types/minimatch` entry from lockfiles and
package manifests (it conflicts with minimatch v10's built-in types) and run a
fresh install to update lockfile; then audit imports (e.g., the test file
packages/pages/src/common/src/function/internal/getFunctionFilepaths.test.ts and
any other modules) to ensure minimatch is only imported using ESM-style imports
(import { minimatch }) and not required via CommonJS, and if any CommonJS
consumers remain or you're constrained to CJS, either pin brace-expansion to a
compatible non-ESM version or add a dependency resolution/override to force a
compatible brace-expansion version so minimatch@10 works in your environment.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (1)
packages/pages/package.json
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@package.json`:
- Line 55: Replace the undocumented negation prefix used in package.json
("!**/THIRD-PARTY-NOTICES") with the documented micromatch extglob form
"!(**/THIRD-PARTY-NOTICES)" in the lint-staged config; update the pattern string
in the package.json entry so lint-staged sees the extglob negation, and verify
that the change in path structure (presence of a slash) does not inadvertently
disable matchBase behavior—if you need basename matching instead of full-path
matching, adjust the pattern accordingly (e.g., remove the slash or use an
alternate glob) to preserve original matching semantics.
In `@THIRD-PARTY-NOTICES`:
- Around line 8722-8725: THIRD-PARTY-NOTICES currently lists minimatch@9.0.5 but
package.json and the lockfile resolve to minimatch@10.2.2; regenerate the
THIRD-PARTY-NOTICES file from the project's lockfile (e.g., package-lock.json /
yarn.lock / pnpm-lock.yaml) or rerun the license-notice generation script used
in this repo so the entry for minimatch (and any other packages) matches the
resolved versions in the lockfile and the package.json specification.
|
minimatch v9.0.5 is bundled because glob is a dependency. The latest version of glob still uses minimatch v9.0.5 so I think glob (and some other packages) will need to update minimatch before the NOTICES file updates. Our direct installation is a devDependency, so it's license info doesn't get written to NOTICES |
3 participants
https://yext.atlassian.net/browse/VULN-42320