fix: use minimatch.escape() for path prefix escaping

[rlorenzo]

Bump minimatch from 10.0.1 to 10.2.3. Replace manual backslash escaping of path prefixes with minimatch.escape() using bracket-style escaping (windowsPathsNoEscape: true), which avoids a brace-expansion bug that stripped backslash escape sequences.

[rlorenzo]

This should fix the failing update in #151

[Copilot]

Pull request overview

Updates glob-pattern handling to avoid minimatch brace-expansion edge cases by switching path-prefix escaping to minimatch.escape() and bumping the minimatch dependency.

Changes:

• Bump minimatch from 10.0.1 to 10.2.3.
• Replace manual regex-based escaping of pathPrefix with minimatch.escape() (plus explicit # handling).

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
src/index.ts	Switches pathPrefix escaping to minimatch.escape() before building Minimatch globs.
package.json	Updates the direct minimatch dependency version.
pnpm-lock.yaml	Updates lockfile resolutions for minimatch and many transitive dependencies.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (9978ccb) to head (61936a9).
⚠️ Report is 6 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #152   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines          762       755    -7     
  Branches        67        67           
=========================================
- Hits           762       755    -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[hildjj]

I like this change more than just upgrading to 10.2.4. Can you update 10.2.3 -> 10.2.4, and ensure you are in the contributors section of package.json please?

[G-Rath]

Can we also relax the constraints? The brace expansion bug has been fixed

[hildjj]

We can relax the constraints, but I'd prefer to keep them tight, since we've had such issues with different minimatch versions breaking things.

I'm open to having my mind changed, however.

[G-Rath]

Me and others in the community have done what we can to get those addressed, and frankly I think both minimatch and brace-expansions are very stable so unlikely to see more releases, and pinning makes it harder to deduplicate dependencies...

I don't know if there's much more I can say beyond that 😅

(If it matters, I think relaxing for the v1 line is more useful 🤷‍♂️)

[hildjj]

Shrug, ok. Let's add a ~.

[rlorenzo]

@hildjj I pushed the changes and amended the commit. I add "minimatch": "~10.2.4"

[hildjj]

It needs a pnpm install and push the update lockfile, please.

[rlorenzo]

It needs a pnpm install and push the update lockfile, please.

Sorry, I left for out of town and don’t gave a computer to make the last changes needed. Can you please do the missing step I forgot?