deps(extension)(deps-dev): bump glob from 8.1.0 to 13.0.1 in /chartsmith-extension

[dependabot]

Bumps glob from 8.1.0 to 13.0.1.

Changelog

Sourced from glob's changelog.

changeglob

13

• Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

• Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

• Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
• Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
• Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

• Drop support for node before v20

10.4

• Add includeChildMatches: false option
• Export the Ignore class

10.3

• Add --default -p flag to provide a default pattern
• exclude symbolic links to directories when follow and nodir are both set

10.2

• Add glob cli

10.1

• Return '.' instead of the empty string '' when the current working directory is returned as a match.
• Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

• c759f03 13.0.1
• 8354a18 update deps
• ff6e0f5 ci: update action versions
• 1469286 update workflows and formatting/docs
• 3bfb960 13.0.0
• db31a63 Split the CLI out from the main project
• 5493458 ci: remove node 20
• 3f7526c test: fix bin tests on windows (slashes)
• 2b03cca 12.0.0
• d56203d prettier config
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Stale @types/glob v8 mismatches glob v13 API

Low Severity

glob was bumped from v8 to v13 but @types/glob remains at ^8.1.0. Since glob v9+, the package ships its own TypeScript types and the old @types/glob describes a completely different callback-based API. The @types/glob package is now stale and would provide incorrect type information if anyone imports glob. It can safely be removed since glob v13 bundles its own types.

Additional Locations (1)

• chartsmith-extension/package.json#L110-L111