Insecure version of the glob package used

[GrahamCampbell]

glob  10.3.7 - 11.0.3
Severity: high
glob CLI: Command injection via -c/--cmd executes matches with shell:true - https://github.com/advisories/GHSA-5j98-mcp5-4vw2
fix available via `npm audit fix`
node_modules/glob
  js-beautify  >=1.15.3
  Depends on vulnerable versions of glob
  node_modules/js-beautify

Can be mitigated by upgrading to ^11.1.0.

[jagjotsinghparry]

A PR already exists for this bump in version: #2369

[GrahamCampbell]

Oh, dang... #2350.

[jakub-pietrzak]

I have just submitted #2387.
Vulnerability fix has been backported to glob 10.5.0 -> isaacs/node-glob#636

[apuroop-busetty]

On a related note, I’m also experiencing issues with the current version of the glob package. Is there an update on when we can proceed with upgrading it, or could someone advise on the next steps? @bitwiseman , @esseks

[bitwiseman]

The issue is known. We didn't want to update until we were ready to take a breaking change.