chore: updating minimatch

[isaacs]

• Adding a devDependency on minimatch in the root, so that all outdated versions get pushed into duplicates.
• Updated minimatch direct dependency packages/node, packages/react-router, and packages/remix
• Once chore: updating minimatch sentry-javascript-bundler-plugins#885 lands, we can update the dependency coming in from @sentry/bundler-plugin-core

There are several other dependencies that transitively bring in a minimatch v3, v5, v8, or v9. Fixes for the ReDOS will be backported where those dependencies cannot be easily updated.

Before submitting a pull request, please take a look at our
Contributing guidelines and verify:

• If you've added code that should be tested, please add tests.
• Ensure your code lints and the test suite passes (yarn lint) & (yarn test).
• Link an issue if there is one related to your pull request. If no issue is linked, one will be auto-generated and linked.

Closes #issue_link_here

[linear]

JS-1765 Vulnerable dependency: Minimatch

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	25.61 kB	-	-
@sentry/browser - with treeshaking flags	24.12 kB	-	-
@sentry/browser (incl. Tracing)	42.42 kB	-	-
@sentry/browser (incl. Tracing, Profiling)	47.08 kB	-	-
@sentry/browser (incl. Tracing, Replay)	81.24 kB	-	-
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	70.86 kB	-	-
@sentry/browser (incl. Tracing, Replay with Canvas)	85.93 kB	-	-
@sentry/browser (incl. Tracing, Replay, Feedback)	98.09 kB	-	-
@sentry/browser (incl. Feedback)	42.33 kB	-	-
@sentry/browser (incl. sendFeedback)	30.28 kB	-	-
@sentry/browser (incl. FeedbackAsync)	35.28 kB	-	-
@sentry/browser (incl. Metrics)	26.78 kB	-	-
@sentry/browser (incl. Logs)	26.92 kB	-	-
@sentry/browser (incl. Metrics & Logs)	27.6 kB	-	-
@sentry/react	27.37 kB	-	-
@sentry/react (incl. Tracing)	44.76 kB	-	-
@sentry/vue	30.06 kB	-	-
@sentry/vue (incl. Tracing)	44.26 kB	-	-
@sentry/svelte	25.64 kB	-	-
CDN Bundle	28.16 kB	-	-
CDN Bundle (incl. Tracing)	43.25 kB	-	-
CDN Bundle (incl. Logs, Metrics)	29 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics)	44.09 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics)	68.08 kB	-	-
CDN Bundle (incl. Tracing, Replay)	80.12 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	80.99 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback)	85.56 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.46 kB	-	-
CDN Bundle - uncompressed	82.33 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	128.05 kB	-	-
CDN Bundle (incl. Logs, Metrics) - uncompressed	85.17 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	130.88 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	208.83 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	244.93 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	247.75 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	257.73 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	260.54 kB	-	-
@sentry/nextjs (client)	47.17 kB	-	-
@sentry/sveltekit (client)	42.88 kB	-	-
@sentry/node-core	52.18 kB	+0.02%	+7 B 🔺
@sentry/node	166.67 kB	+0.09%	+139 B 🔺
@sentry/node - without tracing	93.97 kB	+0.02%	+10 B 🔺
@sentry/aws-serverless	109.47 kB	+0.01%	+8 B 🔺

View base workflow run

[github-actions]

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	9,268	-	11,549	-20%
GET With Sentry	1,652	18%	1,938	-15%
GET With Sentry (error only)	5,978	65%	7,584	-21%
POST Baseline	1,167	-	1,183	-1%
POST With Sentry	573	49%	591	-3%
POST With Sentry (error only)	1,030	88%	1,052	-2%
MYSQL Baseline	3,322	-	3,994	-17%
MYSQL With Sentry	443	13%	563	-21%
MYSQL With Sentry (error only)	2,699	81%	3,251	-17%

View base workflow run