Skip to content

Bump glob and eslint-config-next#14

Merged
Dayifour merged 2 commits intomainfrom
dependabot/npm_and_yarn/multi-9caca4a243
Dec 12, 2025
Merged

Bump glob and eslint-config-next#14
Dayifour merged 2 commits intomainfrom
dependabot/npm_and_yarn/multi-9caca4a243

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 12, 2025

Bumps glob to 10.5.0 and updates ancestor dependency eslint-config-next. These dependencies need to be updated together.

Updates glob from 10.3.10 to 10.5.0

Changelog

Sourced from glob's changelog.

changeglob

13

  • Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

  • Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

  • Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
  • Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
  • Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

  • Drop support for node before v20

10.4

  • Add includeChildMatches: false option
  • Export the Ignore class

10.3

  • Add --default -p flag to provide a default pattern
  • exclude symbolic links to directories when follow and nodir are both set

10.2

  • Add glob cli

10.1

  • Return '.' instead of the empty string '' when the current working directory is returned as a match.
  • Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

Updates eslint-config-next from 14.2.7 to 16.0.10

Release notes

Sourced from eslint-config-next's releases.

v16.0.10

Please see the Next.js Security Update for information about this security patch.

v16.0.8

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Update react version in cna templates (#86950)

Credits

Huge thanks to @​huozhi for helping!

v16.0.7

Please see CVE-2025-66478 for additional details about this release.

v16.0.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • bump the browserslist version to silence a warning in CI (#86625)

Credits

Huge thanks to @​lukesandberg for helping!

v16.0.5

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix(nodejs-middleware): await for body cloning to be properly finalized (#85418)

Credits

Huge thanks to @​lucasadrianof for helping!

v16.0.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: Rename proxy.js to middleware.js in NFT file (#86214)
  • fix: prevent fetch abort errors propagating to user error boundaries (#86277)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump glob and eslint-config-next
423a41d 
Bumps [glob](https://github.com/isaacs/node-glob) to 10.5.0 and updates ancestor dependency [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next). These dependencies need to be updated together.


Updates `glob` from 10.3.10 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.3.10...v10.5.0)

Updates `eslint-config-next` from 14.2.7 to 16.0.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.0.10/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
- dependency-name: eslint-config-next
  dependency-version: 16.0.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 12, 2025
@vercel
Copy link

vercel bot commented Dec 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
dayif-portfolio Ready Ready Preview Comment Dec 12, 2025 9:24am

@Dayifour
Copy link
Owner

Dayifour commented Dec 12, 2025

Deployement fails. Logs: 09:12:16.478 Running build in Washington, D.C., USA (East) – iad1
09:12:16.479 Build machine configuration: 2 cores, 8 GB
09:12:16.489 Cloning github.com/Dayifour/dayif-portfolio (Branch: dependabot/npm_and_yarn/multi-9caca4a243, Commit: 423a41d)
09:12:16.491 Skipping build cache, deployment was triggered without cache.
09:12:16.862 Cloning completed: 372.000ms
09:12:17.235 Running "vercel build"
09:12:17.635 Vercel CLI 50.0.0
09:12:17.953 Installing dependencies...
09:12:19.366 npm error code ERESOLVE
09:12:19.368 npm error ERESOLVE could not resolve
09:12:19.368 npm error
09:12:19.368 npm error While resolving: eslint-config-next@16.0.10
09:12:19.369 npm error Found: eslint@8.57.0
09:12:19.369 npm error node_modules/eslint
09:12:19.369 npm error peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.9.0
09:12:19.369 npm error node_modules/@eslint-community/eslint-utils
09:12:19.369 npm error @eslint-community/eslint-utils@"^4.7.0" from @typescript-eslint/utils@8.49.0
09:12:19.369 npm error node_modules/@typescript-eslint/utils
09:12:19.369 npm error @typescript-eslint/utils@"8.49.0" from @typescript-eslint/eslint-plugin@8.49.0
09:12:19.369 npm error node_modules/@typescript-eslint/eslint-plugin
09:12:19.369 npm error @typescript-eslint/eslint-plugin@"8.49.0" from typescript-eslint@8.49.0
09:12:19.370 npm error node_modules/typescript-eslint
09:12:19.370 npm error 2 more (@typescript-eslint/type-utils, typescript-eslint)
09:12:19.370 npm error @eslint-community/eslint-utils@"^4.2.0" from eslint@8.57.0
09:12:19.370 npm error peer eslint@"^8.57.0 || ^9.0.0" from @typescript-eslint/eslint-plugin@8.49.0
09:12:19.370 npm error node_modules/@typescript-eslint/eslint-plugin
09:12:19.370 npm error @typescript-eslint/eslint-plugin@"8.49.0" from typescript-eslint@8.49.0
09:12:19.370 npm error node_modules/typescript-eslint
09:12:19.370 npm error typescript-eslint@"^8.46.0" from eslint-config-next@16.0.10
09:12:19.370 npm error node_modules/eslint-config-next
09:12:19.370 npm error dev eslint-config-next@"16.0.10" from the root project
09:12:19.370 npm error 10 more (@typescript-eslint/parser, ...)
09:12:19.370 npm error
09:12:19.370 npm error Could not resolve dependency:
09:12:19.370 npm error peer eslint@">=9.0.0" from eslint-config-next@16.0.10
09:12:19.370 npm error node_modules/eslint-config-next
09:12:19.370 npm error dev eslint-config-next@"16.0.10" from the root project
09:12:19.371 npm error
09:12:19.371 npm error Conflicting peer dependency: eslint@9.39.1
09:12:19.371 npm error node_modules/eslint
09:12:19.371 npm error peer eslint@">=9.0.0" from eslint-config-next@16.0.10
09:12:19.371 npm error node_modules/eslint-config-next
09:12:19.372 npm error dev eslint-config-next@"16.0.10" from the root project
09:12:19.372 npm error
09:12:19.372 npm error Fix the upstream dependency conflict, or retry
09:12:19.372 npm error this command with --force or --legacy-peer-deps
09:12:19.373 npm error to accept an incorrect (and potentially broken) dependency resolution.
09:12:19.373 npm error
09:12:19.373 npm error
09:12:19.373 npm error For a full report see:
09:12:19.373 npm error /vercel/.npm/_logs/2025-12-12T09_12_18_490Z-eresolve-report.txt
09:12:19.374 npm error A complete log of this run can be found in: /vercel/.npm/_logs/2025-12-12T09_12_18_490Z-debug-0.log
09:12:19.384 Error: Command "npm install" exited with 1

@Dayifour Dayifour requested a review from Copilot December 12, 2025 09:14
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates two key dependencies: glob from 10.3.10 to 10.5.0 and eslint-config-next from 14.2.7 to 16.0.10. The latter is a major version upgrade that skips v15 entirely, representing potentially significant changes to linting configuration and rules.

Key Changes

  • glob upgraded to 10.5.0 with security fixes (referenced in the changelog regarding shell command safety)
  • eslint-config-next major version bump to 16.0.10, aligning with Next.js 16.x
  • Introduction of typescript-eslint v8.49.0 as a consolidated dependency, replacing separate parser/plugin packages
  • Multiple peer dependencies now explicitly marked, including react, next, typescript, and tailwindcss

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates eslint-config-next from 14.2.7 to 16.0.10
package-lock.json Extensive dependency tree updates including glob 10.5.0, new typescript-eslint packages, updated peer dependencies, and removal of @rushstack/eslint-patch

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copy link

Copilot AI commented Dec 12, 2025

@Dayifour I've opened a new pull request, #15, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Dec 12, 2025
Closed
@Dayifour
Copy link
Owner

Dayifour commented Dec 12, 2025

@copilot open a new pull request to apply changes based on the comments in this thread

Copilot AI mentioned this pull request Dec 12, 2025
Closed
Copy link

Copilot AI commented Dec 12, 2025

@Dayifour I've opened a new pull request, #16, to work on those changes. Once the pull request is ready, I'll request review from you.

@Dayifour
Copy link
Owner

Dayifour commented Dec 12, 2025

@copilot open a new pull request to apply changes based on the comments in this thread

Copilot AI mentioned this pull request Dec 12, 2025
Closed
Copy link

Copilot AI commented Dec 12, 2025

@Dayifour I've opened a new pull request, #17, to work on those changes. Once the pull request is ready, I'll request review from you.

@Dayifour Dayifour requested a review from Copilot December 12, 2025 09:20
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Dayifour
Update package.json
ffd5e6a 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Dayifour Dayifour merged commit cff9541 into main Dec 12, 2025
2 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-9caca4a243 branch December 12, 2025 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dayifour Dayifour Dayifour left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Dayifour