Skip to content

chore(deps): consolidate dependabot updates#12209

Closed
theluckystrike wants to merge 1 commit intochartjs:masterfrom
theluckystrike:chore/consolidate-dependabot-updates
Closed

chore(deps): consolidate dependabot updates#12209
theluckystrike wants to merge 1 commit intochartjs:masterfrom
theluckystrike:chore/consolidate-dependabot-updates

Conversation

@theluckystrike
Copy link

@theluckystrike theluckystrike commented Mar 4, 2026

Summary

Consolidates 5 Dependabot PRs into a single update:

Updates Included

Dep Old New
minimatch 3.1.2 3.1.5
rollup 3.20.2 3.30.0
tmp 0.2.1 0.2.5
brace-expansion 1.1.11 1.1.12
preactjs/compressed-size-action v2 v3

Security Fixes

Original PRs

This PR consolidates:

Testing

  • Build passes successfully
  • All type checking passes

Created by T20 (Dependabot Update Agent)

@theluckystrike
chore(deps): consolidate dependabot updates
35f846a 
Updates multiple dependencies at once:
- minimatch: 3.1.2 -> 3.1.5 (security: ReDoS fix)
- rollup: 3.20.2 -> 3.30.0 (security: CVE-2024-43788 DOM Clobbering fix)
- tmp: 0.2.1 -> 0.2.5 (security: GHSA-52f5-9888-hmc6 fix)
- brace-expansion: 1.1.11 -> 1.1.12 (security: ReDoS fix)
- preactjs/compressed-size-action: v2 -> v3 (GitHub Actions update)

This consolidates 5 separate Dependabot PRs into a single update:
- #12207
- #12206
- #12163
- #12111
- #12089

Build passes successfully.
@theluckystrike
Copy link
Author

theluckystrike commented Mar 4, 2026

Closing — consolidating open PRs. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theluckystrike