Bump minimatch, browserify and mocha

[dependabot]

Bumps minimatch to 3.1.5 and updates ancestor dependencies minimatch, browserify and mocha. These dependencies need to be updated together.

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates browserify from 11.2.0 to 17.0.1

Release notes

Sourced from browserify's releases.

v17.0.1

• Use hasown instead of has. (4b1a5dc)
• Use String.prototype.slice instead of String.prototype.substr. (#2036)
• Support relative paths in the noParse option. (#2080)

v17.0.0

• Upgrade events to v3.x. EventEmitter instances now have an off() method. require('events').once can be used to react to an event being emitted with async/await syntax. (#1839)
• Upgrade path-browserify to v1.x. (#1838)
• Upgrade stream-browserify to v3.x. require('stream') now matches the Node.js 10+ API. (#1970)
• Upgrade util to v0.12. Most notably, util.promisify and util.callbackify are finally available by default in browserify. (#1844)
• Add JSON syntax checking. Syntax errors in .json files will now fail to bundle. (#1700)

v16.5.1

Remove deprecated mkdirp version in favour of mkdirp-classic.

browserify/browserify@00c913f

Pin dependencies for Node.js 0.8 support.

browserify/browserify#1939

v16.5.0

Support custom name for "browser" field resolution in package.json using the browserField option.

browserify/browserify#1918

v16.4.0

Upgrade stream-http to v3. This version drops support for IE10 and below.

browserify/browserify#1916

v16.3.0

add empty stub for the http2 builtin module.

browserify/browserify#1913

update license text to remove references to code that is no longer included.

browserify/browserify#1906

add more tests for folder resolution.

browserify/browserify#1139

v16.2.3

... (truncated)

Changelog

Sourced from browserify's changelog.

17.0.1

• Use hasown instead of has. (4b1a5dc)
• Use String.prototype.slice instead of String.prototype.substr. (#2036)
• Support relative paths in the noParse option. (#2080)

17.0.0

• Upgrade events to v3.x. EventEmitter instances now have an off() method. require('events').once can be used to react to an event being emitted with async/await syntax. (#1839)
• Upgrade path-browserify to v1.x. (#1838)
• Upgrade stream-browserify to v3.x. require('stream') now matches the Node.js 10+ API. (#1970)
• Upgrade util to v0.12. Most notably, util.promisify and util.callbackify are finally available by default in browserify. (#1844)
• Add JSON syntax checking. Syntax errors in .json files will now fail to bundle. (#1700)

16.5.2

Upgrade browser-resolve to v2.

browserify/browserify#1973

16.5.1

Remove deprecated mkdirp version in favour of mkdirp-classic.

browserify/browserify@00c913f

Pin dependencies for Node.js 0.8 support.

browserify/browserify#1939

16.5.0

Support custom name for "browser" field resolution in package.json using the browserField option.

browserify/browserify#1918

16.4.0

Upgrade stream-http to v3. This version drops support for IE10 and below.

browserify/browserify#1916

16.3.0

add empty stub for the http2 builtin module.

browserify/browserify#1913

update license text to remove references to code that is no longer included.

browserify/browserify#1906

... (truncated)

Commits

• d1d3fed 17.0.1
• c8f43c7 Merge pull request #2080 from goldim/pass-noparse-files-to-mdeps
• 0bea7b7 Update test/noparse.js
• 2557674 Update test/noparse.js
• 7791742 Update test/noparse.js
• 27d7564 Added regression test for noParse option with relative paths
• dac674a Pass modified no parse full paths into module-deps
• 4b1a5dc [Refactor] use hasown instead of has
• 80d8c1e Merge pull request #2036 from CommanderRoot/refactor/rm-deprecated-substr
• a084959 refactor: replace deprecated String.prototype.substr()
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for browserify since your current version.

Updates mocha from 6.2.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

• deps: bump actions/setup-node in the github-actions group (#5459) (48c6f40)

... (truncated)

Commits

• 9a6a5db chore(v11.x): release 11.7.5 (#5523)
• 8b21b38 chore: run tests on PRs for and pushes to v11.x (#5525)
• 663fff4 chore: setup release-please for v11 (#5522)
• 8d97220 Update release-please to include v11.x and use Node ^22
• d89dbaf fix: swallow more require errors from *ts files (#5498)
• 8649f39 chore(main): release 11.7.4 (#5473)
• c2667c3 fix: watch mode using chokidar v4 (#5379)
• 7f68e5c chore: remove trailing spaces (#5475)
• bff9166 Docs: migrate remaining legacy wiki pages to main documentation (#5465)
• c805327 chore(main): release 11.7.3 (#5455)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.