chore(deps): update dependency glob to v11 #185
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: npm. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
npm
/tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | Fail to run npm install: npm error code EJSONPARSE npm error JSON.parse Invalid package.json: JSONParseError: Unexpected token "I" (0x49), "INVALID npm error JSON.parse " is not valid JSON while parsing 'INVALID npm error JSON.parse ' npm error JSON.parse Failed to parse JSON data. npm error JSON.parse Note: package.json must be actual JSON, not just JavaScript. npm error |
| Resolving the project | ❌Error | Failure to perform the resolution operation due to an issue parsing a file | Invalid package.json file: /tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json |
You have successfully remediated 19 vulnerabilities, but introduced 26 new vulnerabilities in this branch.❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-607537-903744Path to dependency file: /apm/package.json Path to vulnerable library: /apm/package.json Dependency Hierarchy: -> atom-package-manager-2.6.5.tgz (Root Library) -> npm-6.14.17.tgz -> request-2.88.0.tgz -> har-validator-5.1.5.tgz -> ❌ ajv-6.12.6.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive ajv-6.12.6.tgz |
atom-package-manager-2.6.5.tgz | #3 | ||
CVE-2026-33671Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> readdirp-3.6.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
 High |
7.5 | Transitive picomatch-2.3.1.tgz |
mocha-10.2.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#37 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/packages/deprecation-cop/node_modules/minimatch/package.json,/packages/dev-live-reload/node_modules/minimatch/package.json,/packages/exception-reporting/node_modules/minimatch/package.json,/packages/git-diff/node_modules/minimatch/package.json Dependency Hierarchy: -> fs-plus-3.1.1.tgz (Root Library) -> rimraf-2.7.1.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
fs-plus-3.1.1.tgz | Transitive 10.2.1 |
#77 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/packages/deprecation-cop/node_modules/minimatch/package.json,/packages/dev-live-reload/node_modules/minimatch/package.json,/packages/exception-reporting/node_modules/minimatch/package.json,/packages/git-diff/node_modules/minimatch/package.json Dependency Hierarchy: -> stylelint-9.3.0.tgz (Root Library) -> file-entry-cache-2.0.0.tgz -> flat-cache-1.3.0.tgz -> del-2.2.2.tgz -> globby-5.0.0.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
stylelint-9.3.0.tgz | Transitive 10.2.1 |
#19 | |
CVE-2025-64756Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> ❌ glob-11.0.0.tgz (Vulnerable Library) |
High |
7.5 | Direct glob-11.0.0.tgz |
glob-11.0.0.tgz | glob - 11.1.0,glob - 10.5.0 | None | |
CVE-2026-33750Path to dependency file: /package.json Path to vulnerable library: /package.json,/script/package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> minimatch-5.0.1.tgz -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library) |
 Medium |
6.5 | Transitive brace-expansion-2.0.1.tgz |
mocha-10.2.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#37 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> glob-7.2.0.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
mocha-10.2.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#37 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library) -> glob-4.3.1.tgz -> minimatch-2.0.10.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#34 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> webdriverio-5.9.2.tgz (Root Library) -> config-5.9.1.tgz -> glob-7.1.4.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
webdriverio-5.9.2.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#47 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> glob-7.0.3.tgz (Root Library) -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
glob-7.0.3.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#16 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> minimatch-3.0.5.tgz (Root Library) -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
minimatch-3.0.5.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#99 | |
CVE-2026-33750Path to dependency file: /package.json Path to vulnerable library: /package.json,/script/package.json Dependency Hierarchy: -> npm-8.19.2.tgz (Root Library) -> minimatch-5.1.0.tgz -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-2.0.1.tgz |
npm-8.19.2.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#36 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> npm-8.19.2.tgz (Root Library) -> rimraf-3.0.2.tgz -> glob-7.2.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
npm-8.19.2.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#36 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> eslint-plugin-node-9.0.1.tgz (Root Library) -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
eslint-plugin-node-9.0.1.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#43 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> electron-winstaller-0.0.1.tgz (Root Library) -> asar-1.0.0.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
electron-winstaller-0.0.1.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#44 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> babel-core-5.8.38.tgz (Root Library) -> minimatch-2.0.10.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
babel-core-5.8.38.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#7 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> fs-extra-0.30.0.tgz (Root Library) -> rimraf-2.6.2.tgz -> glob-7.1.2.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
fs-extra-0.30.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#50 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> atom-package-manager-2.6.5.tgz (Root Library) -> glob-7.2.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
atom-package-manager-2.6.5.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#3 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> electron-packager-16.0.0.tgz (Root Library) -> asar-3.2.0.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
electron-packager-16.0.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#40 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> scandal-3.2.0.tgz (Root Library) -> minimatch-2.0.10.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
scandal-3.2.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#46 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> eslint-5.16.0.tgz (Root Library) -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
eslint-5.16.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#23 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> eslint-plugin-import-2.17.2.tgz (Root Library) -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
eslint-plugin-import-2.17.2.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#24 | |
CVE-2026-33750Path to dependency file: /packages/deprecation-cop/package.json Path to vulnerable library: /packages/deprecation-cop/node_modules/brace-expansion/package.json,/packages/dev-live-reload/node_modules/brace-expansion/package.json,/packages/exception-reporting/node_modules/brace-expansion/package.json,/packages/git-diff/node_modules/brace-expansion/package.json Dependency Hierarchy: -> fs-plus-3.1.1.tgz (Root Library) -> rimraf-2.7.1.tgz -> glob-7.2.3.tgz -> minimatch-3.1.5.tgz -> ❌ brace-expansion-1.1.12.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.12.tgz |
fs-plus-3.1.1.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#77 | |
CVE-2026-33750Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/script/vsts/package.json,/package.json Dependency Hierarchy: -> stylelint-9.3.0.tgz (Root Library) -> globby-8.0.1.tgz -> glob-7.1.2.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
stylelint-9.3.0.tgz | Transitive Upgrade to version brace-expansion - 5.0.5 or greater |
#19 | |
CVE-2026-33672Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> readdirp-3.6.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
mocha-10.2.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#37 | |
CVE-2026-33532Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> github-https://www.atom.io/api/packages/github/versions/0.34.2/tarball.tgz (Root Library) -> babel-plugin-relay-5.0.0.tgz -> babel-plugin-macros-2.8.0.tgz -> cosmiconfig-6.0.0.tgz -> ❌ yaml-1.8.2.tgz (Vulnerable Library) |
Medium |
4.3 | Transitive yaml-1.8.2.tgz |
github-https://www.atom.io/api/packages/github/versions/0.34.2/tarball.tgz | Transitive Upgrade to version yaml - 2.8.3 or greater |
#20 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-xf5p-87ch-gxw2 | marked-0.5.2.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-6.1.0.tgz |
| GHSA-2pr6-76vf-7546 | js-yaml-3.6.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.1.3.tgz |
| CVE-2025-404142 | buffers-0.1.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| GHSA-f7xj-rg7h-mc87 | stylelint-9.3.0.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| GHSA-ch52-vgq2-943f | marked-0.5.2.tgz |
| GHSA-7m7q-q53v-j47v | marked-0.5.2.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-7.0.2.tgz |
| GHSA-8j8c-7jfh-h6hx | js-yaml-3.6.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-g95f-p29q-9xw4 | braces-1.8.5.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| GHSA-7wwv-vh3v-89cq | highlight.js-9.16.2.tgz |
| GHSA-xf5p-87ch-gxw2 | marked-0.3.19.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| GHSA-ch52-vgq2-943f | marked-0.6.3.tgz |
Base branch total remaining vulnerabilities: 263
Base branch commit: 516d2ba6154c1452a1ee42314809c66edc833096
Total libraries scanned: 2264
Scan token: 2a6fa254eabc413d8fc0f67d63feedd9