Skip to content

👷 chore(deps-dev)(deps-dev): Bump glob from 11.1.0 to 13.0.6#216

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/glob-13.0.6
Open

👷 chore(deps-dev)(deps-dev): Bump glob from 11.1.0 to 13.0.6#216
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/glob-13.0.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

Bumps glob from 11.1.0 to 13.0.6.

Changelog

Sourced from glob's changelog.

changeglob

13

  • Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

  • Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

  • Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
  • Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
  • Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

  • Drop support for node before v20

10.4

  • Add includeChildMatches: false option
  • Export the Ignore class

10.3

  • Add --default -p flag to provide a default pattern
  • exclude symbolic links to directories when follow and nodir are both set

10.2

  • Add glob cli

10.1

  • Return '.' instead of the empty string '' when the current working directory is returned as a match.
  • Add posix: true option to return / delimited paths, even on

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 23, 2026 13:18
@dependabot dependabot bot requested review from greghuels and typotter March 23, 2026 13:18
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/glob-13.0.6 branch 2 times, most recently from 2c5d240 to 13613ee Compare March 23, 2026 13:35
@dependabot
👷 chore(deps-dev)(deps-dev): Bump glob from 11.1.0 to 13.0.6
452345e 
Bumps [glob](https://github.com/isaacs/node-glob) from 11.1.0 to 13.0.6.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.1.0...v13.0.6)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 13.0.6
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/glob-13.0.6 branch from 13613ee to 452345e Compare March 31, 2026 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greghuels greghuels Awaiting requested review from greghuels greghuels is a code owner automatically assigned from DataDog/feature-flagging-and-experimentation-sdk

@typotter typotter Awaiting requested review from typotter typotter is a code owner automatically assigned from DataDog/feature-flagging-and-experimentation-sdk

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants