Skip to content

chore(deps): bump brace-expansion and glob in /tools/breaking-changes#21610

Draft
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/tools/breaking-changes/multi-f0b6b3a12a
Draft

chore(deps): bump brace-expansion and glob in /tools/breaking-changes#21610
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/tools/breaking-changes/multi-f0b6b3a12a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor

Bumps brace-expansion to 5.0.7 and updates ancestor dependency glob. These dependencies need to be updated together.

Updates brace-expansion from 5.0.5 to 5.0.7

Commits

Updates glob from 7.2.0 to 13.0.6

Changelog

Sourced from glob's changelog.

changeglob

13

  • Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

  • Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

  • Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
  • Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
  • Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

  • Drop support for node before v20

10.4

  • Add includeChildMatches: false option
  • Export the Ignore class

10.3

  • Add --default -p flag to provide a default pattern
  • exclude symbolic links to directories when follow and nodir are both set

10.2

  • Add glob cli

10.1

  • Return '.' instead of the empty string '' when the current working directory is returned as a match.
  • Add posix: true option to return / delimited paths, even on

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


@dependabot dependabot Bot added dependencies javascript Pull requests that update javascript code labels Jun 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 11, 2026 13:46
@dependabot dependabot Bot added Major dependencies javascript Pull requests that update javascript code labels Jun 11, 2026
@github-actions github-actions Bot marked this pull request as draft June 11, 2026 13:47
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tools/breaking-changes/multi-f0b6b3a12a branch 7 times, most recently from 540dd7d to 7f4a124 Compare June 24, 2026 13:27
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tools/breaking-changes/multi-f0b6b3a12a branch 2 times, most recently from a1069c4 to a7cff57 Compare June 29, 2026 16:18
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) to 5.0.7 and updates ancestor dependency [glob](https://github.com/isaacs/node-glob). These dependencies need to be updated together.


Updates `brace-expansion` from 5.0.5 to 5.0.7
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.7)

Updates `glob` from 7.2.0 to 13.0.6
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v7.2.0...v13.0.6)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 5.0.6
  dependency-type: indirect
- dependency-name: glob
  dependency-version: 13.0.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tools/breaking-changes/multi-f0b6b3a12a branch from a7cff57 to 9c28a6c Compare June 29, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies javascript Pull requests that update javascript code Major

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants