fix(deps): update all minor dependency bump

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fast-glob	3.2.7 -> 3.3.2
pnpm (source)	8.10.5 -> 8.15.8
replace-in-file	7.0.2 -> 7.1.0
yargs (source)	17.0.1 -> 17.7.2

---

Release Notes

mrmlnc/fast-glob (fast-glob)

v3.3.2

Compare Source

Full Changelog: mrmlnc/fast-glob@3.3.1...3.3.2

🐛 Bug fixes

• Handle square brackets as a special character on Windows in escape functions (#​425)
• Keep escaping after brace expansion (#​422)

v3.3.1

Compare Source

Full Changelog: mrmlnc/fast-glob@3.3.0...3.3.1

This release fixes a regression for cases where the ignore option is used with a string (#​403, #​404).

The public interface of this package does not support a string as the value for the ignore option since 2018 year (release).

So, in the next major release, we will reintroduce method implementations that do not involve strings in the ignore option.

v3.3.0

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.12...3.3.0

🚀 Improvements

Method aliases

New methods (glob, globSync, globStream) have been added in addition to the current methods (default import, sync, stream), which eliminate the need to rename the method when importing. In addition, an async alias has been added for the default import, which makes it possible to use this packet with ESM.

Method to convert paths to globs

A new method (convertPathToPattern) has been added in this release to convert a path to a pattern. The primary goal is to enable users to avoid processing Windows paths in each location where this package is used by utilities from third-party packages.

See more details in the pull request.

🐛 Bug fixes

• In the past, we mishandled patterns that contained slashes when the baseNameMatch option was enabled, which went against the documented behavior. (#​312)
• Several problems with matching patterns that contain brace expansion have been resolved. The primary issue solved is when the pattern has duplicate slashes after it is expanded (#​394), or the micromatch package does not correctly generate a regular expression (#​365).
• All negative patterns will now have the dot option enabled when matching paths. Previously, the !**/* patterns did not exclude hidden files (start with a dot). (#​343)
• The issue that led to duplicates in the results when overlapping or duplicate patterns were present among the patterns has been fixed. At the moment, we are only talking about leading dot. Other cases are not included. For example, running with the patterns ['./file.md', 'file.md', '*'] will now only include file.md once in the results. (#​190)

📖 Documentation

A clarifying note has been added for the concurrency option, which provides more detailed information about the Thread Pool utilization.

⚙️ Infrastructure

• The benchmark in CI is now running on Node.js 20.
• The benchmark now uses the public package bencho instead of an in-house implementation. You may want to try this solution for your packages and provide feedback.

🥇 New Contributors

• @​josh-hemphill made their first contribution in https://github.com/mrmlnc/fast-glob/pull/383
• @​mairaw made their first contribution in https://github.com/mrmlnc/fast-glob/pull/401

v3.2.12

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.11...3.2.12

🐛 Bug fixes

Fixed an issue introduced in 3.2.7 related to incorrect application of patterns to entries with a trailing slash when the entry is not a directory.

Before changes:

fg.sync('**/!(*.md)')
// ['file.md', 'a/file.md', 'a/file.txt']

After fix:

fg.sync('**/!(*.md)')
// ['a/file.txt']

Thanks @​AgentEnder for the issue (#​357).

🚀 Improvements

This release includes performance improvements for the asynchronous method. For this method we now use an asynchronous directory traversal interface instead of using a streaming interface. This gives up to 15% acceleration for medium and large directories. The result depends a lot on hardware.

You can find the benchmark results for this release in CI here.

Here are a few of measurements on my laptop:

===> Benchmark pattern "*" with 100 launches (regression, async)
===> Max stdev: 7 | Retries: 3 | Options: {}

Name                   Time, ms  Time stdev, %  Memory, MB  Memory stdev, %  Entries  Errors  Retries
---------------------  --------  -------------  ----------  ---------------  -------  ------  -------
fast-glob-current.js   4.390     0.252          6.253       0.015            4        0       1
fast-glob-previous.js  5.653     0.633          6.051       0.056            4        0       1

===> Benchmark pattern "**" with 100 launches (regression, async)
===> Max stdev: 7 | Retries: 3 | Options: {}

Name                   Time, ms  Time stdev, %  Memory, MB  Memory stdev, %  Entries  Errors  Retries
---------------------  --------  -------------  ----------  ---------------  -------  ------  -------
fast-glob-current.js   34.587    1.287          10.654      0.607            11835    0       1
fast-glob-previous.js  41.972    2.086          10.236      1.224            11835    0       1

v3.2.11

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.10...3.2.11

🐛 Bug fixes

Yeap, this is another release aimed at fixing problems with detecting brace expansions in patterns. This time, patterns like abc/{a.txt,b.js} was not marked as a dynamic pattern. So, now the regex has been rewritten to a generalized solution as a function to avoid future problems due to the complexity of the regular expression.

Thanks @​MurzNN for the report of this problem (#​351).

v3.2.10

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.9...3.2.10

🐛 Bug fixes

• Fixed a regression in 3.2.8 when the {a,b,c} pattern no longer considered a dynamic pattern (thanks @​amitdahan, #​347).

🥇 New Contributors

• @​amitdahan made their first contribution in https://github.com/mrmlnc/fast-glob/pull/348

v3.2.9

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.8...3.2.9

🐛 Bug fixes

• Fixed a regression in 3.2.8 with invalid regular expression on older node.js versions (#​345).

v3.2.8

Compare Source

Full Changelog: mrmlnc/fast-glob@3.2.7...3.2.8

🐛 Bug fixes

Fix directory matching with trailing slashes (#​290)

Thanks @​Trott for investigating the problem and the detailed description.

Previously the src/*/ pattern did not work as expected (like src/*).

Double-slash in the middle of the pattern is not collapsed (#​330)

Starting from this release, patterns like src//* will work like similar patterns without duplicate slashes. This was done for continuity with other solutions (glob, ls src//*, python, golang, …).

Adjust inefficient regular expressions (#​336, #​342, #​344)

Thanks @​Trott for fixing bugs and @​XhmikosR for adding the CodeQL action to CI pipeline.

📖 Documentation

• Some documentation improvements (#​327, thanks @​MarcelloTheArcane).

⚙️ Infrastructure

• The CodeQL action has been added to CI pipeline (#​338, thanks @​XhmikosR).

🥇 New Contributors

• @​MarcelloTheArcane made their first contribution in https://github.com/mrmlnc/fast-glob/pull/327
• @​Trott made their first contribution in https://github.com/mrmlnc/fast-glob/pull/336
• @​XhmikosR made their first contribution in https://github.com/mrmlnc/fast-glob/pull/338

pnpm/pnpm (pnpm)

v8.15.8

Compare Source

v8.15.7

Compare Source

v8.15.6

Compare Source

Patch Changes

• The exit code of the child process should be preserved on pnpm run #​7817.
• When sorting packages in a workspace, take into account workspace dependencies specified as peerDependencies #​7813.
• Add --ignore-scripts argument to prune command #​7836.

Platinum Sponsors

Gold Sponsors

Silver Sponsors

v8.15.5

Compare Source

v8.15.4

Compare Source

v8.15.3

Compare Source

Patch Changes

• Remove vulnerable "ip" package from the dependencies #​7652.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.2

Compare Source

Patch Changes

• When purging multiple node_modules directories, pnpm will no longer print multiple prompts simultaneously.
• Don't print an unnecessary warning when adding new dependencies to a project that uses hoisted node_modules.
• Linking globally the command of a package that has no name in package.json #​4761.
• Installation should work with lockfile created by pnpm v9.0.0-alpha.4

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.1

Compare Source

Patch Changes

• Use the object-hash library instead of node-object-hash for hashing keys of side-effects cache #​7591.
• bundledDependencies should never be added to the lockfile with false as the value #​7576.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.0

Compare Source

Minor Changes

• When the license field does not exist in package.json but a license file exists, try to match and extract the license name #​7530.

Patch Changes

• Running pnpm update -r --latest will no longer downgrade prerelease dependencies #​7436.
• --aggregate-output should work on scripts executed from the same project #​7556.
• Prefer hard links over reflinks on Windows as they perform better #​7564.
• Reduce the length of the side-effects cache key. Instead of saving a stringified object composed from the dependency versions of the package, use the hash calculated from the said object #​7563.
• Throw an error if pnpm update --latest runs with arguments containing versions specs. For instance, pnpm update --latest foo@next is not allowed #​7567.
• Don't fail in Windows CoW if the file already exists #​7554.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.14.3

Compare Source

Patch Changes

• pnpm pack should work as expected when "prepack" modifies the manifest #​7558.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.14.2

Compare Source

Patch Changes

• Registry configuration from previous installation should not override current settings #​7507.
• pnpm dlx should not fail, when executed from package.json "scripts" 7424.
• A git-hosted dependency should not be added to the store if it failed to be built #​7407.
• pnpm publish should pack "main" file or "bin" files defined in "publishConfig" [#​4195](https://togithub.com/pnpm/pnpm

---

Configuration

📅 Schedule: Branch creation - "before 5am on Monday" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.