fix(deps): upgrade glob to 12.0.0

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Infinite loop SNYK-JS-BRACEEXPANSION-15789759	555

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This update includes major version upgrades for glob and rimraf, both of which introduce significant breaking changes that require developer action.

glob@7.2.3 → glob@12.0.0

This is a very large version jump, spanning multiple major rewrites of the library. Code using glob will require significant refactoring.

Key Breaking Changes:

• Promise-based API: Starting with v9.0, glob uses a Promise-based API, completely replacing the old callback-style functions. All asynchronous operations must be updated to use async/await or .then().
• Path Separators on Windows: As of v8.0, backslashes (\) are treated exclusively as escape characters and not path separators. All glob patterns, even on Windows, must use forward-slashes (/). This is a critical change for any code that constructs paths using path.join() on Windows.
• API and Option Changes: Version 9.0 was a full rewrite that changed exported function names and removed several options, including silent, strict, nonull, and nounique.
• Node.js Version Support: Support for older Node.js versions has been dropped incrementally. Version 11+ requires Node.js v20 or higher.

Recommendation: Carefully review all usages of glob. Update asynchronous calls to use Promises, ensure all patterns use forward-slashes, and check for removed or changed options.

rimraf@2.7.1 → rimraf@6.1.1

This upgrade also spans several major versions with significant breaking changes.

Key Breaking Changes:

• Promise-based API: Similar to glob, rimraf v4.0 switched from a callback-based API to a Promise-based one.
• ESM Import Syntax: In v5.0, the default export was removed. You must now use named imports, for example: import { rimraf } from 'rimraf'.
• Globbing is Now Opt-In: In v4.0, automatic glob pattern matching was disabled by default. To remove files based on a glob pattern, you must now set the glob option to true.
• Node.js Version Support: Version 6.0 requires Node.js v20 or v22+.

Recommendation: Update rimraf calls to use Promises and named imports. If you rely on glob patterns for deletion, ensure you enable the glob option in your calls.

Source: Package documentation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.