mirror of
https://github.com/actualbudget/actual.git
synced 2026-05-06 07:01:45 -05:00
Closed
opened 2026-04-14 22:05:35 -05:00 by GiteaMirror
·
0 comments
No Branch/Tag Specified
master
claude/hide-default-categories-1cwBZ
matiss/crdt-source-loading
youngcw/unlock-duplicates
matiss/crdt-protobuf
release/26.5.0
claude/update-issue-template-ykMNn
claude/fix-issue-7667-DPXi3
cursor/formula-feedback-improvements-4223
cursor/resolve-pr-7449-ee11
claude/fix-typescript-build-error-JPtZ5
jfdoming/api-tokens-part-3
jfdoming/api-tokens-part-2
jfdoming/api-tokens-part-1
claude/speed-up-vrt-workflow-ZAyI5
claude/crdt-version-auto-publish-Ph1BH
copilot/add-repository-configs-to-packages
worktree-compressed-drifting-ritchie
worktree-mellow-strolling-dawn
matiss/browser-api
claude/api-consumer-verification-kfz1K
feature/enable-banking
cursor/transaction-table-rewrite-f077
pr-7454
claude/fix-issue-7410-LLLQ4
release/v100.0.0
revert-7350-trim-deps
revert-7220-sankey-report
revert-7242-fix/split-parent-update-corruption
revert-7281-generate-icons
claude/electron-to-tauri-migration-LjBN8
worktree-remotion
release/vv26.4.0-pre
claude/browser-compatible-api-QbhHh
claude/improve-cli-transactions-waTUY
claude/publish-react-native-ios-j8qoT
js-proxy
claude/fix-flaky-ci-job-5gDdz
react-query-rules
react-query-useSchedules
claude/nightly-theme-validation-scan-DzOGD
claude/debug-simplefin-error-ZuKzB
matiss/desktop-client-subpath-imports
claude/fix-simplefin-ssrf-T31gX
claude/release-notes-validation-X7rvR
add-claude-github-actions-1772738270730
cursor/sync-performance-notification-9899
react-query-prefs
matiss/chunked-sync-and-progress-ux
v26.2.1
copilot/sub-pr-6880
fix-react-query-clear-on-close-budget
copilot/sub-pr-6140
feat/auto-note
feat/scoped-bank-sync
cursor/desktop-transactions-react-table-1d0c
fix-exhaustive-deps-App
copilot/fix-find-replace-bug
release/v26.2.0-pre
matiss/browser-tests
mobile-fix-drag-and-drop-across-groups
budget-table-v2
PayeeAutocomplete2
pglite
bugfix/plugins/fix-plugins-sw
feat/plugins/plugins-core-package
prerelease
matiss/unicode-minus-fix
cursor/fix-actual-github-issue-6206-gemini-3-pro-preview-9c37
TransactionFormPage
cursor/implement-mortgage-and-loan-account-type-78ca
tests-update-fill-with-pressSequentially
mobile/link-modal
deps/25.11
cursor/fix-update-vrt-apply-ci-job-dispatch-b324
sync-server-plugins
cursor/propose-patch-for-github-issue-5680-2a18
fix/compiler-preserve-inner-dollar-escapes
cursor/analyze-actual-budget-issue-and-propose-fix-5b70
coderabbitai/docstrings/0c070e5
cursor/add-wip-prefix-and-comment-to-prs-d78d
jfdoming/08-21-auto-focus-on-navigate-in-all-browsers
show-totals-on-mobile-budget-banners
allow-child-transactions-make-transfer
mobile-calculator-keyboard
payee-geolocation
enhance/restore_scroll_position
dm-fix-second-click-on-mobile-new-transaction-2
scrollToLocationBudget
alert-autofix-38
tsconfig-composite
mobile-fix-uncategorized-transactions-on-tracking-budgets
server-budget-handlers
fix-sql-injection-in-cleanup-template
non-chrome-draggable-workaround
mobile-budget-page-swipe-navigation
ts-db-all
stable
dark-theme-with-brand-colors
fix-mobile-delete-group
ts-db-select
UnderKoen/reconcile-context-menu
master-before-server-merge
v25.2.1
ts-runQuery
rename-redux-hooks
UnderKoen/3557-persist-state-in-history
remove-redux-CLOSE_BUDGET
fix-exhaustive-deps-errors-FinancesApp
redux-toolkit-createSlice-backup
accounts-function-component
ts-useSplitsExpanded
loot-core-server-package
useTransactios-in-TransactionEdit
react-aria-input
move-redux-to-desktop-client
QueryState-type
fix-themes-applied-late
mobile-vrts
revert-3295-spendingCardFix
react-aria-button-4
split-payee-on-mobile
twk3/pin-apis-crdt
notes-tag-autocomplete
ts-LoadBackup
dnd-kit
package-upgrades
v26.5.0
v26.4.0
v26.3.0
v26.2.1
v26.2.0
v26.1.0
v25.12.0
v25.11.0
v25.10.0
v25.9.0
v25.8.0
v25.7.1
v25.7.0
v25.6.1
v25.6.0
v25.5.0
v25.4.0
v25.3.1
v25.3.0
v25.2.1
v25.2.0
v25.1.0
v24.12.0
v24.11.0
v24.10.1
v24.10.0
v24.9.0
v24.8.0
v24.7.0
v24.6.0
v24.5.0
v24.4.0
v24.3.0
v24.2.0
v24.1.0
v23.12.0
v23.11.0
v23.10.0
v23.9.0
v23.8.1
v23.8.0
v23.7.2
v23.7.1
v23.7.0
v23.6.0
v23.5.0
v23.4.2
v23.4.1
v23.4.0
v23.3.2
v23.3.0
v23.2.9
v23.2.5
v23.1.12
v22.12.9
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
regression
reports
responsive
rules
schedules
server
✨ merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
✅ approved
wontfix
Mirrored from GitHub Pull Request
No Label
pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/actual#21467
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/actualbudget/actual/pull/7355
Author: @matt-fidd
Created: 4/1/2026
Status: ✅ Merged
Merged: 4/6/2026
Merged by: @matt-fidd
Base:
master← Head:minimatch-vulnerabilities📝 Commits (2)
e5fb254pin minimatch versionsebb8f42note📊 Changes
3 files changed (+41 additions, -54 deletions)
View changed files
📝
package.json(+6 -0)➕
upcoming-release-notes/7355.md(+6 -0)📝
yarn.lock(+29 -54)📄 Description
Description
There are frankly too many versions of minimatch in use throughout all of our dependencies to expect them to resolve these, I tried to bump the parent dependencies instead but some haven't been updated, sometimes it's pulled in 3 levels deep. Resolutions are the cleanest, and possibly only realistic, way to close these.
Minimatch versions in use:
├─ @electron/asar@npm:3.4.1 │ └─ minimatch@npm:3.1.2 (via npm:^3.0.4) │ ├─ @electron/universal@npm:2.0.3 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.3) │ ├─ @eslint/config-array@npm:0.21.2 │ └─ minimatch@npm:3.1.5 (via npm:^3.1.5) │ ├─ @eslint/eslintrc@npm:3.3.5 │ └─ minimatch@npm:3.1.5 (via npm:^3.1.5) │ ├─ @microsoft/api-extractor@npm:7.57.2 │ └─ minimatch@npm:10.2.1 (via npm:10.2.1) │ ├─ @typescript-eslint/typescript-estree@npm:8.53.1 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.5) │ ├─ @typescript-eslint/typescript-estree@npm:8.56.0 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.5) │ ├─ @typescript-eslint/typescript-estree@npm:8.57.1 │ └─ minimatch@npm:10.2.4 (via npm:^10.2.2) │ ├─ @typescript-eslint/typescript-estree@npm:8.57.1 [08e92] │ └─ minimatch@npm:10.2.4 (via npm:^10.2.2) │ ├─ @typescript-eslint/typescript-estree@npm:8.53.1 [3a4b9] │ └─ minimatch@npm:9.0.5 (via npm:^9.0.5) │ ├─ @typescript-eslint/typescript-estree@npm:8.56.0 [49d01] │ └─ minimatch@npm:9.0.5 (via npm:^9.0.5) │ ├─ @vue/language-core@npm:2.2.0 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.3) │ ├─ @vue/language-core@npm:2.2.0 [ec2be] │ └─ minimatch@npm:9.0.5 (via npm:^9.0.3) │ ├─ actual@workspace:. │ └─ minimatch@npm:10.2.4 (via npm:^10.2.4) │ ├─ app-builder-lib@npm:26.4.0 │ └─ minimatch@npm:10.1.1 (via npm:^10.0.3) │ ├─ app-builder-lib@npm:26.4.0 [99f8e] │ └─ minimatch@npm:10.1.1 (via npm:^10.0.3) │ ├─ copyfiles@npm:2.4.1 │ └─ minimatch@npm:3.1.2 (via npm:^3.0.3) │ ├─ dir-compare@npm:4.2.0 │ └─ minimatch@npm:3.1.2 (via npm:^3.0.5) │ ├─ eslint@npm:9.39.4 │ └─ minimatch@npm:3.1.5 (via npm:^3.1.5) │ ├─ eslint@npm:9.39.4 [0d005] │ └─ minimatch@npm:3.1.5 (via npm:^3.1.5) │ ├─ filelist@npm:1.0.4 │ └─ minimatch@npm:5.1.6 (via npm:^5.0.1) │ ├─ glob@npm:10.4.5 ��� └─ minimatch@npm:9.0.5 (via npm:^9.0.4) │ ├─ glob@npm:11.1.0 │ └─ minimatch@npm:10.1.1 (via npm:^10.1.1) │ ├─ glob@npm:13.0.5 │ └─ minimatch@npm:10.2.1 (via npm:^10.2.1) │ ├─ glob@npm:7.2.3 │ └─ minimatch@npm:3.1.2 (via npm:^3.1.1) │ ├─ glob@npm:8.1.0 │ └─ minimatch@npm:5.1.6 (via npm:^5.0.1) │ ├─ matcher-collection@npm:2.0.1 │ └─ minimatch@npm:3.1.2 (via npm:^3.0.2) │ ├─ migrate@npm:2.1.0 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.1) │ ├─ nodemon@npm:3.1.14 │ └─ minimatch@npm:10.2.1 (via npm:^10.2.1) │ ├─ npm-run-all@npm:4.1.5 │ └─ minimatch@npm:3.1.2 (via npm:^3.0.4) │ ├─ serve-handler@npm:6.1.6 │ └─ minimatch@npm:3.1.2 (via npm:3.1.2) │ ├─ typescript-strict-plugin@npm:2.4.4 │ └─ minimatch@npm:9.0.5 (via npm:^9.0.3) │ └─ walk-sync@npm:2.2.0 └─ minimatch@npm:3.1.2 (via npm:^3.0.4)Related issue(s)
Fixes 15 vulnerabilities reported by dependabot (lots of duplicates from similar versions)
Testing
CI should pass, ran locally with real budget file
Checklist
Bundle Stats
View detailed bundle stats
desktop-client
Total
View detailed bundle breakdown
Added
No assets were added
Removed
No assets were removed
Bigger
No assets were bigger
Smaller
No assets were smaller
Unchanged
loot-core
Total
View detailed bundle breakdown
Added
No assets were added
Removed
No assets were removed
Bigger
No assets were bigger
Smaller
No assets were smaller
Unchanged
api
Total
View detailed bundle breakdown
Added
No assets were added
Removed
No assets were removed
Bigger
No assets were bigger
Smaller
No assets were smaller
Unchanged
cli
Total
View detailed bundle breakdown
Added
No assets were added
Removed
No assets were removed
Bigger
No assets were bigger
Smaller
No assets were smaller
Unchanged
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.