refactor: Bump picomatch from 2.3.1 to 2.3.2 by dependabot[bot] · Pull Request #10318 · parse-community/parse-server

dependabot · 2026-03-25T22:26:01Z

Bumps picomatch from 2.3.1 to 2.3.2.

Release notes

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

parse-github-assistant · 2026-03-25T22:26:04Z

I will reformat the title to use the proper commit message syntax.

parseplatformorg · 2026-03-25T22:26:15Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

parse-github-assistant · 2026-03-26T23:45:17Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-26T23:45:20Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T13:53:28Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T13:53:31Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T15:05:56Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T15:05:59Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T18:04:46Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T18:04:49Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T19:24:45Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T19:24:49Z

I will reformat the title to use the proper commit message syntax.

Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

parse-github-assistant · 2026-03-27T20:05:08Z

I will reformat the title to use the proper commit message syntax.

parse-github-assistant · 2026-03-27T20:05:11Z

I will reformat the title to use the proper commit message syntax.

mtrezza · 2026-03-27T20:05:19Z

@coderabbitai review

coderabbitai · 2026-03-27T20:05:25Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai · 2026-03-27T20:05:28Z

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 336df87d-ec86-4588-97c8-bea84def011e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch dependabot/npm_and_yarn/picomatch-2.3.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

parseplatformorg · 2026-03-28T18:48:38Z

🎉 This change has been released in version 9.7.0-alpha.11

dependabot bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Mar 25, 2026

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 25, 2026

dependabot bot mentioned this pull request Mar 25, 2026

refactor: Bump picomatch #10316

Closed

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch 3 times, most recently from 8613c1f to 4ef491e Compare March 26, 2026 20:42

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 26, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from 4ef491e to b2bab50 Compare March 26, 2026 23:45

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 26, 2026

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from b2bab50 to aaf737f Compare March 27, 2026 13:53

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from aaf737f to c47662f Compare March 27, 2026 15:05

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from c47662f to d3d165c Compare March 27, 2026 18:04

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from d3d165c to 9649208 Compare March 27, 2026 19:24

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot changed the title ~~refactor: Bump picomatch from 2.3.1 to 2.3.2~~ refactor: bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/picomatch-2.3.2 branch from 9649208 to 48b5be6 Compare March 27, 2026 20:05

parse-github-assistant bot changed the title ~~refactor: bump picomatch from 2.3.1 to 2.3.2~~ refactor: Bump picomatch from 2.3.1 to 2.3.2 Mar 27, 2026

coderabbitai bot approved these changes Mar 27, 2026

View reviewed changes

mtrezza merged commit faec923 into alpha Mar 27, 2026
21 checks passed

mtrezza deleted the dependabot/npm_and_yarn/picomatch-2.3.2 branch March 27, 2026 20:59

github-actions bot mentioned this pull request Mar 28, 2026

[Vulnerability] parse-community/parse-server: Prototype Pollution 7azimo01/vulnerability-spoiler-alert#265

Open

parseplatformorg added the state:released-alpha Released as alpha version label Mar 28, 2026

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

Uh oh!

parse-github-assistant bot commented Mar 25, 2026

Uh oh!

parseplatformorg commented Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

parse-github-assistant bot commented Mar 26, 2026

Uh oh!

parse-github-assistant bot commented Mar 26, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

parse-github-assistant bot commented Mar 27, 2026

Uh oh!

mtrezza commented Mar 27, 2026

Uh oh!

coderabbitai bot commented Mar 27, 2026

Uh oh!

coderabbitai bot commented Mar 27, 2026

Review skipped

Uh oh!

Uh oh!

parseplatformorg commented Mar 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Mar 25, 2026 •

edited

Loading

parseplatformorg commented Mar 25, 2026 •

edited

Loading