Skip to content

Bump picomatch from 4.0.3 to 4.0.4#292

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/picomatch-4.0.4
Open

Bump picomatch from 4.0.3 to 4.0.4#292
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/picomatch-4.0.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 7, 2026
edited
Loading

Bumps picomatch from 4.0.3 to 4.0.4.

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 7, 2026
edited
Loading

Container Scanning Status: ❌ Failure

NAME                     INSTALLED        FIXED IN         TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
net-imap                 0.4.19           0.4.20           gem   GHSA-j3g3-5qv5-52mj  Medium    0.5% (67th)    0.3    
erb                      4.0.3            4.0.3.1          gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
erb                      6.0.1            6.0.1.1          gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
erb                      6.0.2            6.0.4            gem   GHSA-q339-8rmv-2mhv  High      0.1% (28th)    < 0.1  
resolv                   0.3.0            0.3.1            gem   GHSA-xh69-987w-hrp8  Medium    < 0.1% (25th)  < 0.1  
addressable              2.8.10           2.9.0            gem   GHSA-h27x-rffw-24p4  High      < 0.1% (18th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (12th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (12th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28387       High      < 0.1% (12th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (12th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (12th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (12th)  < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (12th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28389       High      < 0.1% (12th)  < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28390       High      < 0.1% (12th)  < 0.1  
json                     2.18.0           2.19.2           gem   GHSA-3m6g-2423-7cp3  High      < 0.1% (10th)  < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (7th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (7th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31789       Critical  < 0.1% (7th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (5th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (5th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-28388       High      < 0.1% (5th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-2673        High      < 0.1% (4th)   < 0.1  
libssl3t64               3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (3rd)   < 0.1  
openssl                  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (3rd)   < 0.1  
openssl-provider-legacy  3.5.5-1~deb13u1  3.5.5-1~deb13u2  deb   CVE-2026-31790       High      < 0.1% (3rd)   < 0.1  
zlib                     3.1.1            3.1.2            gem   GHSA-g857-hhfv-j68w  Medium    < 0.1% (2nd)   < 0.1  
rexml                    3.3.9            3.4.2            gem   GHSA-c2f4-jgmc-q2r5  Low       < 0.1% (6th)   < 0.1  
bcrypt                   3.1.21           3.1.22           gem   GHSA-f27w-vcwj-c954  Medium    < 0.1% (0th)   < 0.1  
uri                      0.13.2           0.13.3           gem   GHSA-j4pr-3wm6-xx2r  Low       < 0.1% (0th)   < 0.1

@dependabot
Bump picomatch from 4.0.3 to 4.0.4
1fb2851 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/picomatch-4.0.4 branch from 86b3c9b to 1fb2851 Compare May 4, 2026 05:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants