chore(deps): bump minimatch and npm in /plugins/kibo-commerce

[dependabot]

Bumps minimatch and npm. These dependencies needed to be updated together.
Updates minimatch from 3.1.2 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates npm from 9.6.5 to 9.9.4

Changelog

Sourced from npm's changelog.

9.9.4 (2024-11-21)

Dependencies

• 080e201 #7930 hosted-git-info@6.1.3 (#7930)
• 401bb86 #7928 tar@6.2.1
• cfb3b77 #7928 cross-spawn@7.0.6
• 6a5f8a8 #7928 debug@4.3.7
• 72df313 #7928 hosted-git-info@6.1.2

9.9.3 (2024-02-26)

Bug Fixes

• 88ea8c7 #7010 set objectMode for search filter stream (@​lukekarrys)
• 8d9d735 #7010 unpublish: bubble up all errors parsing local package.json (#7049) (@​wraithgar)
• e0e75e5 #7010 unpublish bugfixes (#7039) (@​wraithgar)
• 4d59ce1 #7047 reverse direction of SPDX SBOM dep rels (#7047) (@​bdehamer, @​antonbauhofer)
• 878f22b #7008 properly catch missing url opener error (@​wraithgar)
• 91a8eca #7008 properly catch missing url opener error on interactive prompt (@​wraithgar)

Dependencies

• 1968e0e #7010 spdx-license-ids@3.0.17
• d130576 #7010 spdx-exceptions@2.5.0
• 00f28b8 #7010 signal-exit@4.1.0
• 57096c3 #7010 postcss-selector-parser@6.0.15
• 3ce677e #7010 minipass-fetch@3.0.4
• 89757ed #7010 is-core-module@2.13.1
• bc1e841 #7010 socks@2.8.1
• 01f4049 #7010 ignore-walk@6.0.4
• 15f8982 #7010 function-bind@1.1.2
• 88ff949 #7010 cmd-shim@6.0.2
• 3e298f6 #7010 bin-links@4.0.3
• 35a6286 #7010 are-we-there-yet@4.0.2
• aeb28c4 #7010 agentkeepalive@4.5.0
• edc7e23 #7010 @npmcli/query@3.1.0
• 00a3a08 #7010 tar@6.2.0
• 7f424c3 #7010 ssri@10.0.5
• 79b8538 #7010 semver@7.6.0
• b5faf10 #7010 npm-install-checks@6.3.0
• 2c62266 #7010 node-gyp@9.4.1
• cc0516b #7010 minipass@7.0.4
• 651d362 #7010 json-parse-even-better-errors@3.0.1
• 4b239c6 #7010 glob@10.3.10
• 2f65b46 #7010 fs-minipass@3.0.3
• 6c73ddf #7010 diff@5.2.0
• 73ee6cc #7010 ci-info@4.0.0
• 64715a4 #7010 cacache@17.1.4
• workspace: @npmcli/arborist@6.5.1

... (truncated)

Commits

• 64763a3 chore: release 9.9.4
• 080e201 deps: hosted-git-info@6.1.3 (#7930)
• 401bb86 deps: tar@6.2.1
• cfb3b77 deps: cross-spawn@7.0.6
• 6a5f8a8 deps: debug@4.3.7
• 72df313 deps: hosted-git-info@6.1.2
• 4998adf chore: release 9.9.3
• 77fa150 chore(release): do not exclude docs directory from CLI release commits (#7162)
• 1d4c464 chore: @​npmcli/template-oss@​4.21.3
• 88ea8c7 fix: set objectMode for search filter stream
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Low risk lockfile-only dependency update, but it changes the bundled npm toolchain and a large set of transitive packages, which could affect install/build behavior in CI.

Overview
Updates plugins/kibo-commerce/package-lock.json to bump minimatch from 3.1.2 to 3.1.5 and npm from 9.6.5 to 9.9.4.

The lockfile refresh pulls in a broad set of updated transitive dependencies (notably glob, minipass, sigstore, tar, chalk, and related @npmcli/* packages) reflecting the newer npm bundle contents.

^{Written by Cursor Bugbot for commit 2bd0daa. This will update automatically on new commits. Configure here.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2bd0daa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

_{To disable these notifications, a workspace admin can disable them in workspace settings.}

---

View your CI Pipeline Execution ↗ for commit 2bd0daa

Command	Status	Duration	Result
nx test @builder.io/sdks	❌ Failed	9s	View ↗
nx test @e2e/qwik-city	✅ Succeeded	7m 43s	View ↗
nx test @e2e/nextjs-sdk-next-app	✅ Succeeded	6m 55s	View ↗
nx test @e2e/angular-17	✅ Succeeded	6m 43s	View ↗
nx test @e2e/angular-17-ssr	✅ Succeeded	5m 33s	View ↗
nx test @e2e/nuxt	✅ Succeeded	5m 27s	View ↗
nx test @e2e/react-sdk-next-15-app	✅ Succeeded	5m 13s	View ↗
nx test @e2e/hydrogen	✅ Succeeded	5m 5s	View ↗
Additional runs (37)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-28 04:22:23 UTC