Bump minimatch in /demo/vue-app-new

[dependabot]

Bumps and minimatch. These dependencies needed to be updated together.
Updates minimatch from 9.0.5 to 9.0.7

Commits

• 2de496f 9.0.7
• 0d4616d limit nested extglob recursion, flatten extglobs
• 7117ef3 9.0.6
• 2418458 update deps, do not checkin dist
• 1d1f531 update deps
• 03b1778 update CI matrix and actions
• f1aaffe update test expectations for coalesced consecutive stars
• 5012655 coalesce consecutive non-globstar * characters
• 3515d1e [meta] add publishConfig.tag legacy-v9
• See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.4

Commits

• 2de496f 9.0.7
• 0d4616d limit nested extglob recursion, flatten extglobs
• 7117ef3 9.0.6
• 2418458 update deps, do not checkin dist
• 1d1f531 update deps
• 03b1778 update CI matrix and actions
• f1aaffe update test expectations for coalesced consecutive stars
• 5012655 coalesce consecutive non-globstar * characters
• 3515d1e [meta] add publishConfig.tag legacy-v9
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Lockfile-only dependency bumps; main risk is unexpected build/runtime issues from updated transitive/native optional packages rather than code logic changes.

Overview
Updates demo/vue-app-new/package-lock.json to pull newer dependency versions, including minimatch (both v3 and v9 lines) plus its transitive deps (brace-expansion/balanced-match).

Also bumps several Web3-related packages in the lockfile (@wagmi/vue, @wagmi/core, wagmi, viem) and refreshes related transitive entries (e.g., adds optional native modules like bufferutil/utf-8-validate/node-gyp-build).

^{Written by Cursor Bugbot for commit d58b310. This will update automatically on new commits. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
web3auth-web	Ready	Preview, Comment	Feb 25, 2026 7:48am

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[cursor]

Resolved viem version violates new peer dependency requirement

Medium Severity

The viem peer dependency for both @web3auth/modal and @web3auth/no-modal was bumped from >=2.23/>=2.29 to >=2.45, and their dev dependencies were bumped to ^2.45.0. However, the resolved viem in node_modules/viem is still at version 2.39.0, which no longer satisfies the >=2.45 requirement. This mismatch can cause peer dependency warnings and potential runtime failures if the updated packages rely on viem APIs introduced after 2.39.0.

Additional Locations (1)

• demo/vue-app-new/package-lock.json#L192-L193