Skip to content

update glob #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
diracdeltas wants to merge 2 commits into from
Closed

update glob #434

diracdeltas wants to merge 2 commits into from

Conversation

@diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Nov 18, 2025

@diracdeltas diracdeltas requested a review from yshym November 18, 2025 01:45
@diracdeltas diracdeltas requested a review from a team as a code owner November 18, 2025 01:45
diracdeltas
diracdeltas commented Nov 18, 2025
View reviewed changes
package.json Outdated
"git-describe": "4.1.1",
"git-rev": "0.2.1",
"glob": "8.1.0",
"glob": "11.1.0",
Copy link
Member Author

@diracdeltas diracdeltas Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this might break some stuff, not sure how to test it

Copy link
Collaborator

@remusao remusao Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there is at least one breakage in CI (across all workflows):

image

@yshym
Copy link
Collaborator

yshym commented Nov 18, 2025

The issue is here /node_modules/testem/lib/config.js:31:28. Testem relies on the previous implmentation

@yshym
Copy link
Collaborator

yshym commented Nov 18, 2025

Both current and latest versions of testem

@diracdeltas
Copy link
Member Author

diracdeltas commented Nov 18, 2025

@yshym that's unfortunate. i'm guessing we can't migrate to something that doesn't rely on a vulnerable version of glob?

in any case i think GHSA-5j98-mcp5-4vw2 only affects the glob CLI which we aren't using directly in this repo. so probably ok to ignore?

@yshym
Copy link
Collaborator

yshym commented Nov 18, 2025

Yes, I think let's ignore for now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@remusao remusao remusao left review comments

@yshym yshym Awaiting requested review from yshym yshym is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@diracdeltas @yshym @remusao