This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-js.git
The following commit(s) were added to refs/heads/main by this push:
new 973774e chore: bump glob from 11.0.3 to 12.0.0 (#335)
973774e is described below
commit 973774e7c38a7aa50f7073fb28cd54b9fecaa96b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Nov 18 10:48:23 2025 +0900
chore: bump glob from 11.0.3 to 12.0.0 (#335)
Bumps [glob](https://github.com/isaacs/node-glob) from 11.0.3 to 12.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-glob/blob/main/changelog.md";>glob's
changelog</a>.</em></p>
<blockquote>
<h1>changeglob</h1>
<h2>12</h2>
<ul>
<li>Remove the unsafe <code>--shell</code> option. The
<code>--shell</code> option is now
ONLY supported on known shells where the behavior can be
implemented safely.</li>
</ul>
<h2>11.1</h2>
<p><a
href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2";>GHSA-5j98-mcp5-4vw2</a></p>
<ul>
<li>Add the <code>--shell</code> option for the command line, with a
warning
that this is unsafe. (It will be removed in v12.)</li>
<li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to
<em>safely</em> add positional
arguments to the command provided to the CLI tool.</li>
<li>Detect commands with space or quote characters on known shells,
and pass positional arguments to them safely, avoiding
<code>shell:true</code> execution.</li>
</ul>
<h2>11.0</h2>
<ul>
<li>Drop support for node before v20</li>
</ul>
<h2>10.4</h2>
<ul>
<li>Add <code>includeChildMatches: false</code> option</li>
<li>Export the <code>Ignore</code> class</li>
</ul>
<h2>10.3</h2>
<ul>
<li>Add <code>--default -p</code> flag to provide a default pattern</li>
<li>exclude symbolic links to directories when <code>follow</code> and
<code>nodir</code>
are both set</li>
</ul>
<h2>10.2</h2>
<ul>
<li>Add glob cli</li>
</ul>
<h2>10.1</h2>
<ul>
<li>Return <code>'.'</code> instead of the empty string <code>''</code>
when the current
working directory is returned as a match.</li>
<li>Add <code>posix: true</code> option to return <code>/</code>
delimited paths, even on
Windows.</li>
</ul>
<h2>10.0.0</h2>
<ul>
<li>No default exports, only named exports</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/node-glob/commit/2b03ccaf9fc397b6054d639cd5fbe97104d36221";><code>2b03cca</code></a>
12.0.0</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/d56203dc19a4af5c8f8177a3b67e63a14a246458";><code>d56203d</code></a>
prettier config</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/bb521e5d188a8cbbe86d5cef3bf57a49fdee7c59";><code>bb521e5</code></a>
Remove --shell option where unsafe to use</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/2551fb51440d402fa2120457bf460e546ee9964d";><code>2551fb5</code></a>
11.1.0</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146";><code>47473c0</code></a>
bin: Do not expose filenames to shell expansion</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/bc33fe1c6a47abd497703d79ad96036e7891ff62";><code>bc33fe1</code></a>
skip tilde test on systems that lack tilde expansion</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/59bf9ca211bda5636c4fe9e32d41530c90a4f30d";><code>59bf9ca</code></a>
fix notes</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/dde4fa66c87e24b37bb5be28ed10c6e12019edac";><code>dde4fa6</code></a>
docs(README): add #anchor and improve <code>note</code>s</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/0559b0ed13c0f8147cd2ac9d48bb49684caaf20e";><code>0559b0e</code></a>
docs: add better links to path-scurry docs</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/c9773c249b4b9ed6b2447222c226f9d20c6ce916";><code>c9773c2</code></a>
fix: correct typos in <code>README.md</code></li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/node-glob/compare/v11.0.3...v12.0.0";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
package.json | 2 +-
yarn.lock | 18 +++++++++---------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/package.json b/package.json
index a1c41a9..e9b7483 100644
--- a/package.json
+++ b/package.json
@@ -78,7 +78,7 @@
"eslint": "9.39.1",
"eslint-plugin-jest": "29.0.1",
"eslint-plugin-unicorn": "59.0.1",
- "glob": "11.0.3",
+ "glob": "12.0.0",
"google-closure-compiler": "20251001.0.0",
"gulp": "5.0.1",
"gulp-esbuild": "0.14.1",
diff --git a/yarn.lock b/yarn.lock
index e768568..57a4d8b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3481,14 +3481,14 @@ glob-watcher@^6.0.0:
async-done "^2.0.0"
chokidar "^3.5.3"
[email protected]:
- version "11.0.3"
- resolved
"https://registry.yarnpkg.com/glob/-/glob-11.0.3.tgz#9d8087e6d72ddb3c4707b1d2778f80ea3eaefcd6";
- integrity
sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==
[email protected]:
+ version "12.0.0"
+ resolved
"https://registry.yarnpkg.com/glob/-/glob-12.0.0.tgz#4f75198719ab443ea433fdc023629b853532a443";
+ integrity
sha512-5Qcll1z7IKgHr5g485ePDdHcNQY0k2dtv/bjYy0iuyGxQw2qSOiiXUXJ+AYQpg3HNoUMHqAruX478Jeev7UULw==
dependencies:
foreground-child "^3.3.1"
jackspeak "^4.1.1"
- minimatch "^10.0.3"
+ minimatch "^10.1.1"
minipass "^7.1.2"
package-json-from-dist "^1.0.0"
path-scurry "^2.0.0"
@@ -4890,10 +4890,10 @@ min-indent@^1.0.1:
resolved
"https://registry.yarnpkg.com/min-indent/-/min-indent-1.0.1.tgz#a63f681673b30571fbe8bc25686ae746eefa9869";
integrity
sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==
-minimatch@^10.0.3:
- version "10.0.3"
- resolved
"https://registry.yarnpkg.com/minimatch/-/minimatch-10.0.3.tgz#cf7a0314a16c4d9ab73a7730a0e8e3c3502d47aa";
- integrity
sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==
+minimatch@^10.1.1:
+ version "10.1.1"
+ resolved
"https://registry.yarnpkg.com/minimatch/-/minimatch-10.1.1.tgz#e6e61b9b0c1dcab116b5a7d1458e8b6ae9e73a55";
+ integrity
sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==
dependencies:
"@isaacs/brace-expansion" "^5.0.0"
