fix(deps): patch minimatch to >= 10.2.3

[tobyhede]

Summary

• Updates pnpm override for minimatch from >=10.2.1 to >=10.2.3 (resolved to 10.2.4)
• Addresses CVE-2026-27903 and CVE-2026-27904 (both High severity)

CVEs

CVE	Severity	Fix Version
CVE-2026-27903	High	>= 10.2.3
CVE-2026-27904	High	>= 10.2.3

Test plan

• Verify lockfile shows minimatch >= 10.2.3
• CI passes
• Dependabot alerts auto-close after merge

Refs: CIP-2803

Summary by CodeRabbit

• Chores
  • Updated dependency versions for package optimization and compatibility.

Note: This release contains no user-facing changes. Updates are maintenance-focused.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9d471d3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 414be31 and 9d471d3.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

Updated the minimatch dependency constraint in pnpm overrides from version ">=10.2.1" to ">=10.2.3" in package.json. This is a patch-level version bump for dependency resolution.

Changes

Cohort / File(s)	Summary
Dependency Version Update package.json	Updated minimatch pnpm override constraint from ">=10.2.1" to ">=10.2.3".

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• yujiyokoo

Poem

🐰 A tiny hop through package land so dear,
Minimatch bumps from point-two-one to three,
No breaking bounds, just safety here,
A patch-level tweak for harmony! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: updating the minimatch dependency to patch version 10.2.3 to address security vulnerabilities.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/cip-2803-minimatch-patch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}