feat(deps): bump minimatch from 9.0.5 to 10.2.1

[dependabot]

Bumps minimatch from 9.0.5 to 10.2.1.

Changelog

Sourced from minimatch's changelog.

change log

10.2

• Add braceExpandMax option

10.1

• Add magicalBraces option for escape
• Fix makeRe when partial: true is set.
• Fix makeRe when pattern ends in a final ** path part.

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

• 6d7ac34 10.2.1
• 2e111f3 coalesce consecutive non-globstar * characters
• 1a62a2a 10.2.0
• 758b5a3 changelog 10.2
• 903e50b add braceExpandMax option, format
• a50a110 10.1.3
• a08c046 move back to og brace-expansion
• fde70d1 10.1.2
• 05210d8 update deps
• ba4093c update workflows and package stuff
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sentry]

Bug: The minimatch dependency upgrade requires Node.js 20+, but the package still declares support for Node.js 18, causing a breaking incompatibility and runtime failures.
_{Severity: HIGH}

Suggested Fix

Either update the engines field in packages/node/package.json to require Node.js 20+ to reflect the new minimum requirement, or revert the minimatch dependency to a version compatible with Node.js 18 (e.g., version 9.x).

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: packages/node/package.json#L102

Potential issue: The `@sentry/node` package declares support for Node.js 18 and above
via its `engines` field. This change introduces a dependency on `minimatch` version
10.2.1, which requires Node.js 20 or higher. This creates a version incompatibility that
will cause runtime failures for users running the package on Node.js 18 or 19. This is a
breaking change that is not reflected in the package's declared engine requirements and
will likely cause CI jobs running on Node.js 18 to fail.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Major dependency bump narrows Node.js version support

High Severity

Bumping minimatch from ^9.0.0 to ^10.2.1 introduces a Node.js version compatibility gap. minimatch v10 declares "engines": { "node": "20 || >=22" }, but @sentry/node officially supports Node 18.0.0+, as confirmed by Sentry docs and the "@types/node": "^18.19.1" devDependency. Users on Node 18 would receive a dependency that doesn't support their runtime, potentially causing failures. This is a breaking change for the package's supported platform matrix.

 

^{Triggered by project rule: PR Review Guidelines for Cursor Bot}

[andreiborza]

No can do, minimatch v10 requires node > 18 and we still support node 18.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.