build(deps): bump glob, semantic-release and npm

[dependabot]

Removes glob. It's no longer used after updating ancestor dependencies glob, semantic-release and npm. These dependencies need to be updated together.

Removes glob

Updates semantic-release from 24.2.9 to 25.0.2

Release notes

Sourced from semantic-release's releases.

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

• deps: update dependency read-package-up to v12 (#3935) (1494cb9)

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

• deps: update to the latest version of the npm plugin to add trusted publishing support (fad173e), closes semantic-release/npm#958

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

• deps: update to latest npm plugin (a96aced)

v25.0.1-beta.2

25.0.1-beta.2 (2025-10-19)

Bug Fixes

• deps: update to the stable version of the npm plugin to add trusted publishing support (fad173e), closes semantic-release/npm#958

v25.0.1-beta.1

25.0.1-beta.1 (2025-10-16)

Bug Fixes

• deps: update to the beta of the npm plugin (c770748), closes semantic-release/npm#958
• deps: update to the latest alpha of the npm plugin (7c39330), closes semantic-release/npm#958
• deps: update to the latest alpha of the npm plugin (2434041), closes semantic-release/npm#958
• deps: update to the latest alpha of the npm plugin (a3c1129)
• deps: updated to latest alpha of the npm plugin (ea56799)
• deps: upgrade to the latest alpha of the npm plugin (e4ff786), closes semantic-release/npm#958
• deps: use the alpha of the npm plugin (ce3618e), closes semantic-release/npm#958

v25.0.1-alpha.4

... (truncated)

Commits

• 1494cb9 fix(deps): update dependency read-package-up to v12 (#3935)
• b79ff4c Merge pull request #3931 from Simek/patch-1
• ddfe3cb Merge pull request #3932 from Deltamir/docs-add-semantic-release-uv-community...
• adac0b7 Merge pull request #3920 from semantic-release/installation
• 8b68108 update Node version in npx command example
• 15293df docs(plugins): add semantic-release-uv community plugin in plugins list
• bfc6d4d docs: Update minimal required Node version
• 8d7d8ed chore(deps): update dependency @​types/node to v24.10.0 (#3929)
• 809126c chore(deps): lock file maintenance (#3928)
• d1affd3 chore(deps): update dependency got to v14.6.2 (#3927)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semantic-release since your current version.

Updates npm from 11.6.2 to 11.6.4

Release notes

Sourced from npm's releases.

v11.6.4

11.6.4 (2025-11-25)

Documentation

• dfb83c7 #8749 add example for keywords field (#8749) (@​MaxBlack-dev, Max Black)
• 1b1e227 #8750 remove outdated roadmap link (#8750) (@​MaxBlack-dev, Max Black)
• 1333d57 #8752 clarify .npmrc naming convention for environment variable overrides (#8752) (@​MaxBlack-dev)
• 22cddb8 #8755 add workspace dependencies example to workspaces (Max Black)
• 17e154c #8756 standardize env vars to uppercase convention (Max Black)
• 1e51a25 #8754 fix lifecycle event order for prepare script (Max Black)
• 8d72bc9 #8753 add os, cpu, and funding fields to package-lock.json (Max Black)

Dependencies

• f56bb13 #8779 proc-log@6.1.0 (#8779)
• f963223 #8770 proggy@4.0.0
• f51e4aa #8770 nopt@9.0.0
• 2d15040 #8770 @npmcli/query@5.0.0
• 9d77b84 #8770 @npmcli/installed-package-contents@4.0.0
• e2ac092 #8770 read@5.0.1
• 6e5bfd9 #8770 init-package-json@8.2.4
• 7f8e237 #8770 p-map@7.0.4
• a4aa218 #8770 npm-user-validate@4.0.0
• 6430446 #8770 npm-audit-report@7.0.0
• 58650dc #8770 @npmcli/fs@5.0.0
• 4a11146 #8770 glob@13.0.0
• 00511d4 #8770 @npmcli/cacache@20.0.3
• 224afa2 #8770 @npmcli/map-workspaces@5.0.3
• 664ac34 #8770 @npmcli/package-json@7.0.4
• workspace: @npmcli/arborist@9.1.8
• workspace: @npmcli/config@10.4.4
• workspace: libnpmdiff@8.0.11
• workspace: libnpmexec@10.1.10
• workspace: libnpmfund@7.0.11
• workspace: libnpmpack@9.0.11

v11.6.3

11.6.3 (2025-11-19)

Bug Fixes

• c6242d9 #8706 change npm profile to create tokens with GAT support (#8706) (@​owlstronaut, @​wraithgar)
• cbc6fa9 #8731 order of version information in error message (#8731) (@​piotrd, @​pd-be)
• 11dbd7e #8709 display full token when creating authentication tokens (#8709) (@​MaxBlack-dev, Max Black)
• 49a4eef #8676 use look behind regex for trailing slash stripping (#8676) (@​wraithgar)
• b1aee62 #8645 dep flag calculation (#8645) (@​liamcmitchell)

Documentation

• ca53c21 #8745 add workspace usage examples (#8745) (@​MaxBlack-dev, Max Black)
• e71ca0e #8746 add --save flag to documentation (#8746) (@​MaxBlack-dev, Max Black)
• 06510a8 #8683 add ignore-scripts option to npm version help and docs (#8683) (@​Tejas242)

Dependencies

• 7f72238 #8723 cacache@20.0.2
• 7ac9db8 #8723 init-package-json@8.2.3
• 41e97c6 #8723 validate-npm-package-name@7.0.0
• 6b1fbe1 #8723 npm-package-arg@13.0.2

... (truncated)

Changelog

Sourced from npm's changelog.

11.6.4 (2025-11-25)

Documentation

• dfb83c7 #8749 add example for keywords field (#8749) (@​MaxBlack-dev, Max Black)
• 1b1e227 #8750 remove outdated roadmap link (#8750) (@​MaxBlack-dev, Max Black)
• 1333d57 #8752 clarify .npmrc naming convention for environment variable overrides (#8752) (@​MaxBlack-dev)
• 22cddb8 #8755 add workspace dependencies example to workspaces (Max Black)
• 17e154c #8756 standardize env vars to uppercase convention (Max Black)
• 1e51a25 #8754 fix lifecycle event order for prepare script (Max Black)
• 8d72bc9 #8753 add os, cpu, and funding fields to package-lock.json (Max Black)

Dependencies

• f56bb13 #8779 proc-log@6.1.0 (#8779)
• f963223 #8770 proggy@4.0.0
• f51e4aa #8770 nopt@9.0.0
• 2d15040 #8770 @npmcli/query@5.0.0
• 9d77b84 #8770 @npmcli/installed-package-contents@4.0.0
• e2ac092 #8770 read@5.0.1
• 6e5bfd9 #8770 init-package-json@8.2.4
• 7f8e237 #8770 p-map@7.0.4
• a4aa218 #8770 npm-user-validate@4.0.0
• 6430446 #8770 npm-audit-report@7.0.0
• 58650dc #8770 @npmcli/fs@5.0.0
• 4a11146 #8770 glob@13.0.0
• 00511d4 #8770 @npmcli/cacache@20.0.3
• 224afa2 #8770 @npmcli/map-workspaces@5.0.3
• 664ac34 #8770 @npmcli/package-json@7.0.4
• workspace: @npmcli/arborist@9.1.8
• workspace: @npmcli/config@10.4.4
• workspace: libnpmdiff@8.0.11
• workspace: libnpmexec@10.1.10
• workspace: libnpmfund@7.0.11
• workspace: libnpmpack@9.0.11

11.6.3 (2025-11-19)

Bug Fixes

• c6242d9 #8706 change npm profile to create tokens with GAT support (#8706) (@​owlstronaut, @​wraithgar)
• cbc6fa9 #8731 order of version information in error message (#8731) (@​piotrd, @​pd-be)
• 11dbd7e #8709 display full token when creating authentication tokens (#8709) (@​MaxBlack-dev, Max Black)
• 49a4eef #8676 use look behind regex for trailing slash stripping (#8676) (@​wraithgar)
• b1aee62 #8645 dep flag calculation (#8645) (@​liamcmitchell)

Documentation

• ca53c21 #8745 add workspace usage examples (#8745) (@​MaxBlack-dev, Max Black)
• e71ca0e #8746 add --save flag to documentation (#8746) (@​MaxBlack-dev, Max Black)
• 06510a8 #8683 add ignore-scripts option to npm version help and docs (#8683) (@​Tejas242)

Dependencies

• 7f72238 #8723 cacache@20.0.2
• 7ac9db8 #8723 init-package-json@8.2.3
• 41e97c6 #8723 validate-npm-package-name@7.0.0
• 6b1fbe1 #8723 npm-package-arg@13.0.2
• aa1d486 #8723 @npmcli/promise-spawn@9.0.1
• 599c819 #8723 which@6.0.0

... (truncated)

Commits

• 5271485 chore: release 11.6.4
• f56bb13 deps: proc-log@6.1.0 (#8779)
• b118364 fix: undefined override set conflicts shouldn't error
• dfb83c7 docs: add example for keywords field (#8749)
• 1b1e227 docs: remove outdated roadmap link (#8750)
• 1333d57 docs: clarify .npmrc naming convention for environment variable overrides (#8...
• 22cddb8 docs: add workspace dependencies example to workspaces
• 17e154c docs: standardize env vars to uppercase convention
• 1e51a25 docs: fix lifecycle event order for prepare script
• 8d72bc9 docs: add os, cpu, and funding fields to package-lock.json
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	semantic-release@​24.2.9 ⏵ 25.0.2

View full report