chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 in /website#61
chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 in /website#61dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 5.0.5 to 5.0.6. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — Dependabot patch bump for brace-expansion in website lockfile.
Extended reasoning...
Overview
This PR is a Dependabot-generated patch version bump of brace-expansion from 5.0.5 to 5.0.6 in website/package-lock.json. Only the version, resolved URL, and integrity hash for that single package entry change.
Security risks
None introduced. The upstream 5.0.6 release is itself a security/maintenance update (notably bumping picomatch from 4.0.3 to 4.0.4), so this moves the website dependency forward, not backward, on the security axis. The change is confined to the website workspace lockfile and does not affect runtime library code shipped to consumers of aeo.js.
Level of scrutiny
Minimal. This is a mechanical lockfile-only patch bump within the same major/minor range, generated by Dependabot, affecting documentation-site dependencies only. No source code, no public API, and no security-sensitive paths are touched.
Other factors
No bugs were flagged by the bug hunting system. The Vercel preview deployment will validate that the website still builds. Safe to shadow-approve.
Bumps brace-expansion from 5.0.5 to 5.0.6.
Commits
46317b55.0.6c0b095bMerge commit from forkec56020Bump picomatch from 4.0.3 to 4.0.4 (#93)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.