Skip to content

chore(deps): bump glob to ^10.5.0 via scoped resolutions#962

Merged
brendan-kellam merged 2 commits intomainfrom
brendan/chore-bump-glob
Feb 27, 2026
Merged

chore(deps): bump glob to ^10.5.0 via scoped resolutions#962
brendan-kellam merged 2 commits intomainfrom
brendan/chore-bump-glob

Conversation

@brendan-kellam
Copy link
Contributor

@brendan-kellam brendan-kellam commented Feb 27, 2026

Adds scoped yarn resolutions to bump glob from 10.4.5 to ^10.5.0 for the four transitive consumers of the vulnerable 10.x range (cacache, node-gyp, rimraf@5, sucrase).

Scoped resolutions (cacache/glob, node-gyp/glob, etc.) are used instead of a blanket override to avoid affecting the unrelated glob@7.x, 9.x, and 11.x consumers in the tree.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Documentation
    • Added a changelog entry noting the transitive dependency update for glob to ^10.5.0.
  • Chores
    • Updated transitive glob dependency to version ^10.5.0 across lock/resolution settings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 27, 2026

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5efdb1f and 877ae20.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (1)
  • CHANGELOG.md

Walkthrough

Adds yarn resolutions pinning the transitive glob dependency to ^10.5.0 for cacache, node-gyp, sucrase, and rimraf@npm:5.0.10, and records this change in CHANGELOG.md under Unreleased -> Changed.

Changes

Cohort / File(s) Summary
Resolutions & Changelog
package.json, CHANGELOG.md
Adds four resolutions entries (cacache/glob, node-gyp/glob, sucrase/glob, rimraf@npm:5.0.10/glob) set to ^10.5.0 in package.json and a single changelog entry documenting the bump.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and accurately summarizes the main change: bumping the glob dependency to ^10.5.0 using scoped yarn resolutions, which matches the primary objective and all file modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch brendan/chore-bump-glob

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@brendan-kellam brendan-kellam enabled auto-merge (squash) February 27, 2026 22:23
@brendan-kellam brendan-kellam merged commit 6f82192 into main Feb 27, 2026
7 of 8 checks passed
@brendan-kellam brendan-kellam deleted the brendan/chore-bump-glob branch February 27, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant