Skip to content

chore: FIT-1008: Update glob package to address security advisory #8839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore: FIT-1008: Update glob package to address security advisory #8839

wants to merge 1 commit into from
+18 −99

Conversation

@bmartel
Copy link
Contributor

@bmartel bmartel commented Nov 18, 2025
edited
Loading

Updated glob package to latest secure version per security advisory.

Changes:

  • Added glob resolution (>=11.1.0) to package.json
  • Updated yarn.lock to enforce secure version across dependencies
  • Upgraded glob to v11.1.0

This update addresses a security advisory for the glob package. All transitive dependencies have been updated accordingly.

@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for heartex-docs canceled.

Name Link
🔨 Latest commit 0ea632d
🔍 Latest deploy log https://app.netlify.com/projects/heartex-docs/deploys/691c8f744b215200074ba221

@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for label-studio-storybook ready!

Name Link
🔨 Latest commit 0ea632d
🔍 Latest deploy log https://app.netlify.com/projects/label-studio-storybook/deploys/691c8f7570b5dc0008b7952b
😎 Deploy Preview https://deploy-preview-8839--label-studio-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions bot added the chore label Nov 18, 2025
@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for label-studio-playground failed. Why did it fail? →

Name Link
🔨 Latest commit 0ea632d
🔍 Latest deploy log https://app.netlify.com/projects/label-studio-playground/deploys/691c8f75b2188f0008e81bee

@netlify
Copy link

netlify bot commented Nov 18, 2025
edited
Loading

Deploy Preview for label-studio-docs-new-theme canceled.

Name Link
🔨 Latest commit 0ea632d
🔍 Latest deploy log https://app.netlify.com/projects/label-studio-docs-new-theme/deploys/691c8f75a141080008c0f221

@bmartel bmartel added the security-sentinel Security Improvements & Fixes label Nov 18, 2025
@bmartel
chore: FIT-1008: Update glob package to address security advisory
0ea632d 
Updated glob package to latest secure version per security advisory.

Changes:
- Added glob resolution (^11.1.0) to package.json
- Updated yarn.lock to enforce secure version across dependencies
- Upgraded glob from v11.0.3 to v11.1.0 (minimal patched version)

This update addresses a security advisory for the glob package.
All transitive dependencies have been updated accordingly.
@bmartel bmartel marked this pull request as draft November 18, 2025 21:54
@bmartel bmartel marked this pull request as ready for review November 18, 2025 21:54
@bmartel
Copy link
Contributor Author

bmartel commented Nov 19, 2025

This change would require far more updates to take place, and the vulnerable aspect is not the library, but the cli package (which we do not use CLI explicitly or implicitly).

@bmartel bmartel closed this Nov 19, 2025
@codecov
Copy link

codecov bot commented Nov 19, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (ef83d11) to head (0ea632d).
⚠️ Report is 5 commits behind head on develop.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #8839       +/-   ##
===========================================
- Coverage    65.87%       0   -65.88%     
===========================================
  Files          812       0      -812     
  Lines        63602       0    -63602     
  Branches     10761       0    -10761     
===========================================
- Hits         41899       0    -41899     
+ Misses       21699       0    -21699     
+ Partials         4       0        -4
Flag Coverage Δ
lsf-e2e ?
lsf-integration ?
lsf-unit ?
pytests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yyassi-heartex yyassi-heartex yyassi-heartex approved these changes

Assignees

No one assigned

Labels

chore security-sentinel Security Improvements & Fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bmartel @yyassi-heartex