Bump glob from 10.4.5 to 10.5.0

[dependabot]

Bumps glob from 10.4.5 to 10.5.0.

Commits

• 56774ef 10.5.0
• 1e4e297 bin: Do not expose filenames to shell expansion
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

⬆️ This PR updates the glob dependency from version 10.4.5 to 10.5.0, bringing security improvements and bug fixes. The update is an automated dependency bump managed by Dependabot that includes a critical security fix preventing shell expansion vulnerabilities in the glob binary.

🔍 Detailed Analysis

Key Changes

• Dependency Update: Bumps glob package from 10.4.5 to 10.5.0 as an indirect dependency
• Security Fix: Includes commit 1e4e297 that prevents filenames from being exposed to shell expansion in the glob binary
• Automated Management: This is a Dependabot-generated PR with automatic conflict resolution capabilities

Technical Implementation

flowchart TD
    A[Dependabot Scan] --> B[Detect glob 10.4.5]
    B --> C[Check for Updates]
    C --> D[Find glob 10.5.0]
    D --> E[Analyze Changes]
    E --> F[Create PR with Security Fix]
    F --> G[Shell Expansion Prevention]
    G --> H[Ready for Review/Merge]

Loading

Impact

• Security Enhancement: Prevents potential shell injection vulnerabilities when glob binary processes filenames
• Maintenance: Keeps dependencies up-to-date with latest patches and improvements
• Compatibility: Minor version bump maintains backward compatibility while providing security fixes

Created with Palmier

---

Summary by cubic

Upgraded glob from 10.4.5 to 10.5.0 to pick up a CLI safety fix that prevents shell filename expansion. No application code changes.

• Dependencies
  • Updated glob to 10.5.0 in package-lock.
  • Includes bin change: filenames are no longer exposed to shell expansion.
  • No breaking changes expected.

^{Written for commit 6244d2c. Summary will update automatically on new commits.}

---

EntelligenceAI PR Summary

This PR updates the glob package dependency to version 10.5.0 as part of routine dependency maintenance.

• Bumped glob package from version 10.4.5 to 10.5.0 (minor version update)
• Updated package metadata including resolved URL and integrity hash in package-lock.json
• Maintained existing ISC license and dependency structure
• Incorporates upstream bug fixes and minor improvements

[codesherlock-ai]

We could not run your PR Review. We noticed that you are part of an Org. We require everyone who is part of an Org to SignUp via GitHub so we can track your individual usage and maximize on your usage capacity. Enroll into CodeSherlock system by signing up via GitHub using the SignUp link. Also, please note — every user pays for their own usage.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[jazzberry-ai]

This repository is associated with RectiFlex whose free trial has ended. Subscribe at jazzberry.ai.
_{If this is an error contact us at support@jazzberry.ai.}

[entelligence-ai-pr-reviews]

Entelligence AI Vulnerability Scanner

Status: No security vulnerabilities found

Your code passed our comprehensive security analysis.

[entelligence-ai-pr-reviews]

Walkthrough

This pull request performs a routine dependency update for the glob package in the project's package-lock.json file. The update bumps the version from 10.4.5 to 10.5.0, representing a minor version increment. This type of update typically includes bug fixes, performance improvements, or minor feature additions from the upstream package maintainer. The package metadata has been updated accordingly with new resolved URL and integrity hash values, while the ISC license and existing dependencies remain unchanged. This is a standard maintenance task to keep project dependencies current and secure.

Changes

File(s)	Summary
package-lock.json	Updated glob package dependency from version 10.4.5 to 10.5.0 with corresponding changes to resolved URL and integrity hash.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Dev as Developer
    participant NPM as NPM Package Manager
    participant Registry as NPM Registry
    participant Lock as package-lock.json

    Dev->>NPM: Update glob dependency
    activate NPM
    NPM->>Registry: Request glob@10.5.0 metadata
    activate Registry
    Registry-->>NPM: Return package info & integrity hash
    deactivate Registry
    NPM->>Lock: Update glob version entry
    Note over Lock: Version: 10.4.5 → 10.5.0<br/>Integrity hash updated
    NPM->>Lock: Preserve foreground-child@^3.1.0
    NPM-->>Dev: Dependency updated successfully
    deactivate NPM

Loading

---

🔗 Cross-Repository Impact Analysis

Enable automatic detection of breaking changes across your dependent repositories. → Set up now

Learn more about Cross-Repository Analysis

What It Does

• Automatically identifies repositories that depend on this code
• Analyzes potential breaking changes across your entire codebase
• Provides risk assessment before merging to prevent cross-repo issues

How to Enable

1. Visit Settings → Code Management
2. Configure repository dependencies
3. Future PRs will automatically include cross-repo impact analysis!

Benefits

• 🛡️ Prevent breaking changes across repositories
• 🔍 Catch integration issues before they reach production
• 📊 Better visibility into your multi-repo architecture

---

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[cubic-dev-ai]

No issues found across 1 file