fix: upgrade glob to 11.1.0, 10.5.0 (CVE-2025-64756)

[orbisai0security]

Summary

Upgrade glob from 10.4.5 to 11.1.0, 10.5.0 to fix CVE-2025-64756.

Vulnerability

Field	Value
ID	CVE-2025-64756
Severity	HIGH
Scanner	trivy
Rule	CVE-2025-64756
File	pnpm-lock.yaml

Description: glob: glob: Command Injection Vulnerability via Malicious Filenames

Changes

• package.json
• pnpm-lock.yaml

Verification

• Build passes
• Scanner re-scan confirms fix
• LLM code review passed

---

Automated security fix by OrbisAI Security

[netlify]

✅ Deploy Preview for mermaid-js ready!

Name	Link
🔨 Latest commit	2e23b8b
🔍 Latest deploy log	https://app.netlify.com/projects/mermaid-js/deploys/6a1021e04cf28a0008f683f8
😎 Deploy Preview	https://deploy-preview-7773--mermaid-js.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2e23b8b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@mermaid-js/examples

npm i https://pkg.pr.new/@mermaid-js/examples@7773

mermaid

npm i https://pkg.pr.new/mermaid@7773

@mermaid-js/layout-elk

npm i https://pkg.pr.new/@mermaid-js/layout-elk@7773

@mermaid-js/layout-tidy-tree

npm i https://pkg.pr.new/@mermaid-js/layout-tidy-tree@7773

@mermaid-js/mermaid-zenuml

npm i https://pkg.pr.new/@mermaid-js/mermaid-zenuml@7773

@mermaid-js/parser

npm i https://pkg.pr.new/@mermaid-js/parser@7773

@mermaid-js/tiny

npm i https://pkg.pr.new/@mermaid-js/tiny@7773

commit: 2e23b8b

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 3.26%. Comparing base (46e8044) to head (2e23b8b).

Additional details and impacted files

@@           Coverage Diff           @@
##           develop   #7773   +/-   ##
=======================================
  Coverage     3.26%   3.26%           
=======================================
  Files          599     599           
  Lines        60839   60839           
  Branches       917     917           
=======================================
  Hits          1986    1986           
  Misses       58853   58853           

Flag	Coverage Δ
unit	3.26% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	✅ No changes detected	-	May 22, 2026, 9:42 AM