chore(deps): upgrade glob to v13, drop Node 18 support#1805
chore(deps): upgrade glob to v13, drop Node 18 support#1805pereorga wants to merge 1 commit intohtmlhint:mainfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly upgrades the glob dependency to version 13 to address security vulnerabilities and updates the Node.js engine requirement to 20 || >=22, dropping support for Node 18 as stated. The changes in package.json and package-lock.json are consistent and reflect these updates. I have one suggestion regarding dependency pinning to enhance the stability of the project.
| "chalk": "4.1.2", | ||
| "commander": "11.1.0", | ||
| "glob": "^9.0.0", | ||
| "glob": "^13.0.4", |
There was a problem hiding this comment.
For better dependency stability and to prevent unexpected issues from future automatic updates, it's a good practice to pin the exact version of dependencies, especially after a major upgrade motivated by security concerns. Using a caret ^ could pull in minor or patch versions that might introduce regressions. Pinning to the exact version ensures that your project uses the version that has been tested.
| "glob": "^13.0.4", | |
| "glob": "13.0.4", |
1 participant
glob@9 is deprecated with published security vulnerabilities. Upgrading to v13 (latest).
glob@13 requires Node 20 or >=22, so Node 18 support is dropped accordingly: Node 18 reached EOL in April 2025.