Skip to content

chore(deps): update dependency glob to v13 #1443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency glob to v13 #1443

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 19, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
glob dependencies major 12.0.0 -> 13.0.0 OpenSSF Scorecard

Release Notes

isaacs/node-glob (glob)

v13.0.0

Compare Source

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
chore(deps): update dependency glob to v13
0ecf188 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Dependency updates label Nov 19, 2025
@github-actions github-actions bot added the qa:running QA workflow is currently running label Nov 19, 2025
@github-actions
Copy link

github-actions bot commented Nov 19, 2025

📦 Packages

Package NPM Docker
SDK Cli @settlemint/[email protected]
SDK The Graph @settlemint/[email protected]
SDK Portal @settlemint/[email protected]
SDK Hasura @settlemint/[email protected]
SDK JS @settlemint/[email protected]
SDK Utils @settlemint/[email protected]
SDK Next @settlemint/[email protected]
SDK Minio @settlemint/[email protected]
SDK IPFS @settlemint/[email protected]
SDK Blockscout @settlemint/[email protected]
SDK MCP @settlemint/[email protected]
SDK Viem @settlemint/[email protected]
SDK EAS @settlemint/[email protected]

@github-actions github-actions bot added qa:success QA workflow passed successfully status:ready-for-review Pull request is ready for review and removed qa:running QA workflow is currently running labels Nov 19, 2025
@socket-security
Copy link

socket-security bot commented Nov 19, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedglob@​13.0.0100100100100100

View full report

sentry[bot]
sentry bot reviewed Nov 19, 2025
View reviewed changes
sdk/utils/package.json
"console-table-printer": "^2",
"deepmerge-ts": "^7",
"environment": "^1",
"find-up": "^8.0.0",
Copy link

@sentry sentry bot Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: glob v13 fails to match paths on Windows due to path.join() generating backslashes, breaking monorepo package detection.
Severity: HIGH | Confidence: High

🔍 Detailed Analysis

On Windows, path.join() generates backslashes in paths passed to glob. With glob v13.0.0, backslashes are treated as escape characters instead of path separators. This causes the glob pattern join(monoRepoRoot, workspace, "package.json") in sdk/utils/src/filesystem/mono-repo.ts to fail matching any files. Consequently, allPaths becomes an empty array, leading to incorrect monorepo package detection and silent functional failure on Windows systems.

💡 Suggested Fix

Convert backslashes to forward slashes using .replace(/\\/g, '/') before passing paths to glob, or use the windowsPathsNoEscape: true option for glob on Windows.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: sdk/utils/package.json#L75

Potential issue: On Windows, `path.join()` generates backslashes in paths passed to
`glob`. With `glob` v13.0.0, backslashes are treated as escape characters instead of
path separators. This causes the glob pattern `join(monoRepoRoot, workspace,
"package.json")` in `sdk/utils/src/filesystem/mono-repo.ts` to fail matching any files.
Consequently, `allPaths` becomes an empty array, leading to incorrect monorepo package
detection and silent functional failure on Windows systems.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference_id: 2826639

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 19, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

+1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Dependency updates qa:success QA workflow passed successfully status:ready-for-review Pull request is ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant