From 5f3658b88570d174533cc7a7e1e76cb979739190 Mon Sep 17 00:00:00 2001
From: bb111189 <4401980+bb111189@users.noreply.github.com>
Date: Tue, 18 Nov 2025 02:13:20 +0800
Subject: [PATCH] fix(deps): upgrade glob to v11.1.0 to fix security
 vulnerability

Resolves dependabot alert #82 (GHSA-8g2g-xc48-r68v)
Fixes high severity vulnerability: command injection via -c/--cmd executes matches with shell:true
---
 package.json |  3 +++
 yarn.lock    | 14 +++++++-------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index ea4164c..c3d878c 100644
--- a/package.json
+++ b/package.json
@@ -53,5 +53,8 @@
     "jasmine-spec-reporter": "^7.0.0",
     "prettier": "^3.1.1",
     "source-map-support": "^0.5.21"
+  },
+  "resolutions": {
+    "glob": "^11.1.0"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index cbc325d..702f066 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1555,16 +1555,16 @@ glob-parent@^5.1.2:
     is-glob "^4.0.1"
 
 glob@^10.2.2:
-  version "10.4.5"
-  resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956"
-  integrity sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==
+  version "11.1.0"
+  resolved "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz"
+  integrity sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==
   dependencies:
-    foreground-child "^3.1.0"
-    jackspeak "^3.1.2"
-    minimatch "^9.0.4"
+    foreground-child "^3.3.1"
+    jackspeak "^4.1.1"
+    minimatch "^10.1.1"
     minipass "^7.1.2"
     package-json-from-dist "^1.0.0"
-    path-scurry "^1.11.1"
+    path-scurry "^2.0.0"
 
 glob@^7.1.3:
   version "7.2.3"