Skip to content

Bump glob from 11.0.3 to 11.1.0#125

Merged
shadowwwind merged 1 commit into
masterfrom
dependabot/npm_and_yarn/glob-11.1.0
Mar 29, 2026
Merged

Bump glob from 11.0.3 to 11.1.0#125
shadowwwind merged 1 commit into
masterfrom
dependabot/npm_and_yarn/glob-11.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 18, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps glob from 11.0.3 to 11.1.0.

Changelog

Sourced from glob's changelog.

changeglob

13

  • Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

  • Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

  • Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
  • Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
  • Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

  • Drop support for node before v20

10.4

  • Add includeChildMatches: false option
  • Export the Ignore class

10.3

  • Add --default -p flag to provide a default pattern
  • exclude symbolic links to directories when follow and nodir are both set

10.2

  • Add glob cli

10.1

  • Return '.' instead of the empty string '' when the current working directory is returned as a match.
  • Add posix: true option to return / delimited paths, even on

... (truncated)

Commits
  • 2551fb5 11.1.0
  • 47473c0 bin: Do not expose filenames to shell expansion
  • bc33fe1 skip tilde test on systems that lack tilde expansion
  • 59bf9ca fix notes
  • dde4fa6 docs(README): add #anchor and improve notes
  • 0559b0e docs: add better links to path-scurry docs
  • c9773c2 fix: correct typos in README.md
  • 13e68ea Fix punctuation in traversal function documentation
  • 1527e2b fix repo url
  • 7e190e8 fix typo mathspaths
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 18, 2025
@sonarqubecloud

sonarqubecloud Bot commented Nov 18, 2025

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@shadowwwind

shadowwwind commented Mar 29, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
Bump glob from 11.0.3 to 11.1.0
9a42b77 
Bumps [glob](https://github.com/isaacs/node-glob) from 11.0.3 to 11.1.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.0.3...v11.1.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/glob-11.1.0 branch from a337bba to 9a42b77 Compare March 29, 2026 19:17
@sonarqubecloud

sonarqubecloud Bot commented Mar 29, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@shadowwwind shadowwwind merged commit 9590f88 into master Mar 29, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/glob-11.1.0 branch March 29, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shadowwwind shadowwwind shadowwwind approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shadowwwind