Skip to content

chore(deps): bump picomatch and ava#70

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-50853a2d32
Open

chore(deps): bump picomatch and ava#70
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-50853a2d32

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps picomatch and ava. These dependencies needed to be updated together.
Updates picomatch from 2.2.2 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

2.3.1

Fixed

  • Fixes bug when a pattern containing an expression after the closing parenthesis (/!(*.d).{ts,tsx}) was incorrectly converted to regexp (9f241ef).

Changed

2.2.3

... (truncated)

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by danez, a new releaser for picomatch since your current version.


Updates ava from 3.3.0 to 8.0.1

Release notes

Sourced from ava's releases.

v8.0.1

What's Changed

This release officially adds Node.js 26 support, with thanks to @​novemberborn in avajs/ava#3450.

Per our policy, support for Node.js 25 has been removed.

Full Changelog: avajs/ava@v8.0.0...v8.0.1

v8.0.0

Breaking Changes

AVA now expects Node.js 22.20, 24.12 or newer.

Internally AVA is now fully ESM. This is possible now that Node.js supports loading ES modules using require() calls and simplifies AVA's types and internals.

If you use AVA from a CommonJS project you'll have to update your imports:

-const test = require('ava');
+const {default: test} = require('ava');

We expect an increasing number of projects to be ESM only. As per the above, CommonJS is still supported, but we don't expect cjs extensions to be used. The default file extensions are now js and mjs. Specify extensions: ['cjs', 'js', 'mjs'] for AVA to run test files with the cjs extension.

All test files (and those loaded through AVA's require config) are now loaded via import(). Use customization hooks for transpilation. The object form of the extensions configuration is no longer supported.

If you use AVA with @​ava/typescript you must upgrade that package to v7.

New Features

There's two new test modifiers courtesy of @​sindresorhus: test.skipIf() to skip a test based on a runtime condition. test.runIf() is the inverse: the test only runs when the condition is true.

test.skipIf(process.platform === 'win32')('not on Windows', t => {
	t.pass();
});
test.runIf(process.platform === 'linux')('Linux only', t => {
t.pass();
});

These work with other modifiers like .serial and .failing:

test.serial.skipIf(process.platform === 'win32')('serial, not on Windows', t => {
	t.pass();
});
</tr></table>

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ava since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump picomatch and ava
de858d6 
Bumps [picomatch](https://github.com/micromatch/picomatch) and [ava](https://github.com/avajs/ava). These dependencies needed to be updated together.

Updates `picomatch` from 2.2.2 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.2.2...4.0.4)

Updates `ava` from 3.3.0 to 8.0.1
- [Release notes](https://github.com/avajs/ava/releases)
- [Commits](avajs/ava@v3.3.0...v8.0.1)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: direct:production
- dependency-name: ava
  dependency-version: 8.0.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@henrinie-nc henrinie-nc Awaiting requested review from henrinie-nc henrinie-nc is a code owner

@biphobe biphobe Awaiting requested review from biphobe biphobe is a code owner

@NC-jsAhonen NC-jsAhonen Awaiting requested review from NC-jsAhonen NC-jsAhonen is a code owner

@utsabk utsabk Awaiting requested review from utsabk utsabk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants