Skip to content

fix: Update glob via overrides#355

Merged
kodiakhq[bot] merged 2 commits intomainfrom
fix/update_glob_via_overrides
Feb 26, 2026
Merged

fix: Update glob via overrides#355
kodiakhq[bot] merged 2 commits intomainfrom
fix/update_glob_via_overrides

Conversation

@erezrokah
Copy link
Member

@erezrokah erezrokah commented Feb 26, 2026

Copilot AI review requested due to automatic review settings February 26, 2026 15:17
@erezrokah erezrokah added the automerge Add to automerge PRs once requirements are met label Feb 26, 2026
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request addresses a Dependabot security alert by updating the glob package via an npm override mechanism. Since the direct dependency path goes through ava@vercel/nftglob, and AVA cannot directly update @vercel/nft (as referenced in avajs/ava#3413), this PR uses npm's overrides feature to force @vercel/nft to version 1.3.2.

Changes:

  • Added npm override to force @vercel/nft to version 1.3.2
  • Updated transitive dependency glob from 10.4.5 to 13.0.6 (addressing security vulnerability)
  • Updated related dependencies including lru-cache, path-scurry, minimatch, and minipass

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Added overrides section to force @vercel/nft to version 1.3.2
package-lock.json Updated @vercel/nft and its dependency tree, including glob upgrade from 10.x to 13.x; removed obsolete dependencies; added peer dependency markers

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kodiakhq kodiakhq bot merged commit 96faedf into main Feb 26, 2026
9 checks passed
@kodiakhq kodiakhq bot deleted the fix/update_glob_via_overrides branch February 26, 2026 15:25
@cq-bot cq-bot mentioned this pull request Feb 26, 2026
Merged
@erezrokah erezrokah mentioned this pull request Feb 26, 2026
Merged
kodiakhq bot pushed a commit that referenced this pull request Feb 26, 2026
@cq-bot
chore(main): Release v0.1.34 (#351)
908a517 
🤖 I have created a release *beep* *boop*
---


## [0.1.34](v0.1.33...v0.1.34) (2026-02-26)


### Bug Fixes

* **deps:** Update dependency @tsconfig/node20 to v20.1.9 ([#348](#348)) ([d921b0c](d921b0c))
* **deps:** Update dependency semver to v7.7.4 ([#349](#349)) ([22b308e](22b308e))
* **deps:** Update dependency tempy to v3.2.0 ([#350](#350)) ([a378078](a378078))
* Update `glob` via overrides ([#355](#355)) ([96faedf](96faedf))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
kodiakhq bot pushed a commit to cloudquery/javascript-plugin-template that referenced this pull request Feb 26, 2026
@erezrokah
fix: Update glob via overrides (#72)
01ee439 
Similar to cloudquery/plugin-sdk-javascript#355
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hermanschaaf hermanschaaf hermanschaaf approved these changes

Assignees

No one assigned

Labels

automerge Add to automerge PRs once requirements are met

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@erezrokah @hermanschaaf