Skip to content

Fix(deps): Upgrade picomatch to patch vulnerability#26806

Open
harsh-vador wants to merge 6 commits intomainfrom
fix-picomatch-vulnerability
Open

Fix(deps): Upgrade picomatch to patch vulnerability#26806
harsh-vador wants to merge 6 commits intomainfrom
fix-picomatch-vulnerability

Conversation

@harsh-vador
Copy link
Copy Markdown
Contributor

@harsh-vador harsh-vador commented Mar 26, 2026
edited
Loading

Describe your changes:

I worked on fixing the vulnerability

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@harsh-vador harsh-vador self-assigned this Mar 26, 2026
@harsh-vador harsh-vador added safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch labels Mar 26, 2026
siddhant1
siddhant1 previously approved these changes Mar 26, 2026
View reviewed changes
@harsh-vador harsh-vador requested a review from a team as a code owner March 26, 2026 19:17
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 27, 2026
edited
Loading

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 64%
 64.83% (58205/89777) 44.66% (30745/68837) 47.65% (9211/19330)

@harsh-vador harsh-vador enabled auto-merge (squash) March 27, 2026 10:21
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 27, 2026
edited
Loading

🟡 Playwright Results — all passed (14 flaky)

✅ 3402 passed · ❌ 0 failed · 🟡 14 flaky · ⏭️ 216 skipped

Shard Passed Failed Flaky Skipped
🟡 Shard 1 454 0 1 2
🟡 Shard 2 602 0 2 32
🟡 Shard 3 606 0 3 27
🟡 Shard 4 599 0 4 47
✅ Shard 5 587 0 0 67
🟡 Shard 6 554 0 4 41
🟡 14 flaky test(s) (passed on retry)
  • Pages/UserCreationWithPersona.spec.ts › Create user with persona and verify on profile (shard 1, 1 retry)
  • Features/BulkEditEntity.spec.ts › Glossary (shard 2, 1 retry)
  • Features/DataProductPersonaCustomization.spec.ts › Data Product - customize tab label should only render if it's customized by user (shard 2, 1 retry)
  • Features/Permissions/GlossaryPermissions.spec.ts › Team-based permissions work correctly (shard 3, 1 retry)
  • Features/Table.spec.ts › Tags term should be consistent for search (shard 3, 1 retry)
  • Flow/ExploreDiscovery.spec.ts › Should display deleted assets when showDeleted is checked and deleted is not present in queryFilter (shard 3, 1 retry)
  • Pages/Customproperties-part2.spec.ts › entityReferenceList shows item count, scrollable list, no expand toggle (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Rename domain with tags and glossary terms preserves associations (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Rename domain with owners and experts preserves assignments (shard 4, 1 retry)
  • Pages/Domains.spec.ts › Verify Domain entity API calls do not include invalid domains field in glossary term assets (shard 4, 1 retry)
  • Pages/Glossary.spec.ts › Glossary Term Update in Glossary Page should persist tree (shard 6, 1 retry)
  • Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)
  • Pages/Users.spec.ts › Check permissions for Data Steward (shard 6, 1 retry)
  • VersionPages/EntityVersionPages.spec.ts › Directory (shard 6, 1 retry)

📦 Download artifacts

How to debug locally 
# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

@gitar-bot
Copy link
Copy Markdown

gitar-bot bot commented Mar 27, 2026
edited
Loading

Code Review ✅ Approved

Upgrades picomatch to patch a security vulnerability. No issues found.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact 
gitar auto-apply:on         

gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 27, 2026

Quality Gate Passed Quality Gate passed for 'open-metadata-ui'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@siddhant1 siddhant1 siddhant1 approved these changes

Assignees

@harsh-vador harsh-vador

Labels

safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harsh-vador @siddhant1