UI5 / webcomponents-react
85%
main: 85%

Repo Added 11 Sep 2025 01:10PM UTC

Token oPWbg1az908gQvSJuuJozJ1sPPNWz9O6K regen

Build 884 Last

Files 231

Badge

Embed ▾

LAST BUILD ON BRANCH gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb
branch: gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb

CHANGE BRANCH
x

Reset

Sync Branches

gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb

MarcusNotheis-patch-1

chore/deps-cypress

chore/gh-action-build

chore/glob-cve

chore/js-yaml

chore/serialize-javascript

chore/vite

ci/npm-trusted-publishers

dependabot/npm_and_yarn/examples/nextjs-app/js-yaml-4.1.1

dependabot/npm_and_yarn/examples/nextjs-app/multi-c22e25d29b

dependabot/npm_and_yarn/examples/react-router-ts/express-4.22.1

dependabot/npm_and_yarn/examples/react-router-ts/glob-10.5.0

dependabot/npm_and_yarn/examples/react-router-ts/js-yaml-4.1.1

dependabot/npm_and_yarn/examples/vite-ts/js-yaml-4.1.1

dependabot/npm_and_yarn/examples/vite-ts/vite-7.1.11

dependabot/npm_and_yarn/express-4.22.1

dependabot/npm_and_yarn/glob-11.1.0

dependabot/npm_and_yarn/templates/nextjs-app/js-yaml-4.1.1

dependabot/npm_and_yarn/templates/nextjs-app/next-16.0.7

dependabot/npm_and_yarn/vite-7.1.11

docs/ai-ta-stream-story

docs/at-min-rows-min-val

docs/dialog-f6

docs/op-navigation-actions

docs/post-migration-adjustments

docs/templates-examples-imports

docs/url-update

docs/welcome-remove-outdated

feat/at-custom-cell-truncation

feat/at-no-data-component

feat/code-mod-export-paths

feat/os-list-active-support

feat/ui5wc-v2.15.0

feat/ui5wc-v2.16.0

feat/wrapper-script-docs

fix/at-active-style

fix/at-bottom-border-styles

fix/at-empty-row

fix/at-general-a11y

fix/at-group-expand-a11y

fix/at-os-delta

fix/at-pinned-header-height

fix/at-row-cell-types

fix/at-scale-width-smart-grow

fix/at-scroll-sync

fix/at-scrollbar-styles

fix/at-types

fix/at-types2

fix/at-usef2-icon

fix/codemod-export-paths-reexports

fix/op-a11y-attrs-type

fix/op-section-spacing

fix/op-stacking-context

fix/op-tab-selection-border

fix/op-tabbar-alignment

fix/op-tabbar-border

fix/opt-toolbar-alignment

fix/os-inverted-focus

fix/react18-ref-type

fix/scrollbar-browser-specifics

gh-readonly-queue/main/pr-7926-283cce70f1ff72a7ce6819d05d7330137f4b6d5a

gh-readonly-queue/main/pr-7927-66d91dbc7c1a1d69ac87898b23bdb601c11fcf68

gh-readonly-queue/main/pr-7931-4d8bfb377a13c2f455adaa29fcb781a69d8007aa

gh-readonly-queue/main/pr-7933-e183240a5c5721c2177847c6507c8134ee08e554

gh-readonly-queue/main/pr-7935-8511f5a552effdbd80345f462a2786581a35701d

gh-readonly-queue/main/pr-7935-e60ad34af10b8adcf895310c6019e9335b376859

gh-readonly-queue/main/pr-7936-e60ad34af10b8adcf895310c6019e9335b376859

gh-readonly-queue/main/pr-7937-6dc1b12d88db88c8540b3c883ac8c1525326cb21

gh-readonly-queue/main/pr-7938-742b4faeac55d66dc5710c70555dded10a1504c6

gh-readonly-queue/main/pr-7940-71e9c38076bf3aa467b7935928b144c1d5a8b5bd

gh-readonly-queue/main/pr-7941-b4a1e8037e7b682d1cec66116677e907d5b67e49

gh-readonly-queue/main/pr-7942-398c6491af5d9de6fabb30f3ff85f729b015e1e2

gh-readonly-queue/main/pr-7944-4bc4f61bd9c4c4f01fb4fa2e3c2673dba34693ab

gh-readonly-queue/main/pr-7946-b722ccfc31a992795f7c971d24765fa18eef971d

gh-readonly-queue/main/pr-7946-bfbee040aeb88a6dc4298059fb74bf95d89591c9

gh-readonly-queue/main/pr-7946-ebf8ca899a8ba9f2a5f50c714e56edd748686a1b

gh-readonly-queue/main/pr-7947-59d78f1434ca9622f5abe4b53830fd1671bb137f

gh-readonly-queue/main/pr-7948-15d6d82877cb25185052c73a015ca0cf7d3cea29

gh-readonly-queue/main/pr-7950-b722ccfc31a992795f7c971d24765fa18eef971d

gh-readonly-queue/main/pr-7950-bdf765abfd6260fcaa88bf32127e5d86148e15df

gh-readonly-queue/main/pr-7951-1b2b05046fe8d5c036439722023db7c3f051a7c8

gh-readonly-queue/main/pr-7953-c338dc1fdfc32e7e5958e10765ca421768f1861f

gh-readonly-queue/main/pr-7954-d44c079a82ec0e3fadc968345a5926ff8f3ed4b0

gh-readonly-queue/main/pr-7955-c18fd0d0419e29f2540d603b84dca320cfaad4bd

gh-readonly-queue/main/pr-7956-8090be3a1c38761b2ee687ca632b6eca2d6ac7aa

gh-readonly-queue/main/pr-7957-5fac9c8b90e49fbf4e7d8f5760efbd57609af36c

gh-readonly-queue/main/pr-7958-3bbecc809f9d84abd1a5cfc490bd03c4ce706a11

gh-readonly-queue/main/pr-7959-8f388ce0eea1cbb66bf474c8c80bf98b45e050c1

gh-readonly-queue/main/pr-7962-2ad49938f2d00f690b736caa9bd9e4304f4fa8ea

gh-readonly-queue/main/pr-7963-9e97c72c10bb1efe4b9a3408934531507424e962

gh-readonly-queue/main/pr-7965-f71f4b1ee5ee669fcba62af119e12dfaf6392367

gh-readonly-queue/main/pr-7966-2b673c1d87a9182e87e034d7e6fb236acaa73a04

gh-readonly-queue/main/pr-7967-05eb6e5cbc504e9e18abea954fd37fdda752cfc5

gh-readonly-queue/main/pr-7968-f2c8252301af84851900bc33d1b349fbb65c1dcd

gh-readonly-queue/main/pr-7969-91561ca7fe0ba23a36fde490cda4aa8bd8f02833

gh-readonly-queue/main/pr-7970-0badbcb30341dc0d2eb246b4568e29eb6cba7cdc

gh-readonly-queue/main/pr-7971-31a2de72ec47c985c4f11cfc8b59dddb19d167db

gh-readonly-queue/main/pr-7973-116873cd918204b656554c66e71f3e161d553a83

gh-readonly-queue/main/pr-7974-2b218f942ff885afae3a8b7e901b86cc3bc841d6

gh-readonly-queue/main/pr-7975-79eccd90d441f6f7b9c984389294fb33042f3548

gh-readonly-queue/main/pr-7977-8054eafed90b5cd2b201985ea91a63d889d5ba6f

gh-readonly-queue/main/pr-7978-99bb975bcbc298d08a1f6958fe3cdfe44b20fedc

gh-readonly-queue/main/pr-7979-0c058c121b78ba2ca9fad7e403e18fb95bc90b95

gh-readonly-queue/main/pr-7983-1673eb6303bdfc69d7e1c3d20ce634445f910f2f

gh-readonly-queue/main/pr-7984-79eccd90d441f6f7b9c984389294fb33042f3548

gh-readonly-queue/main/pr-7985-117425d45158dbd8c9e1850825e068f49a26a3bc

gh-readonly-queue/main/pr-7986-be253617b986f7f33ed3c0c2f4c5d1f978830e2d

gh-readonly-queue/main/pr-7987-fe80c2e9888c7e0a736328b3b7a6f21cd0f52f3f

gh-readonly-queue/main/pr-7990-db804ee1bd0b72a5b28c56d168150771df563ace

gh-readonly-queue/main/pr-7991-2de9b7135fcf384a9fbc59fa3a2d000b0713d45d

gh-readonly-queue/main/pr-7992-e6b8b76ee61fe2eb83eac5ea581a11a2b385c287

gh-readonly-queue/main/pr-7993-1033b3e66334fb872130190f1790d7ea004a3c77

gh-readonly-queue/main/pr-7994-683a08d6ddca193f99e43959d58cbab585dadfb0

gh-readonly-queue/main/pr-7995-64c3c4ca3c24693d1b7f07cd3c0ad4026a4c07a9

gh-readonly-queue/main/pr-7996-c2a440607e6a6410f19dec8ae3456cd29a071c77

gh-readonly-queue/main/pr-7997-679633a9fc5301ec358b3a26de411b4dd8750517

gh-readonly-queue/main/pr-7998-8976d39f0eb6dc252135a05544b3d03f65c11449

main

refactor/export-map-internal-types

refactor/modals-remove-workaround

refactor/subcomp-structure-unify

renovate/actions-checkout-5.0.x

renovate/actions-checkout-6.0.x

renovate/actions-checkout-6.x

renovate/actions-setup-node-6.x

renovate/actions-stale-10.1.x

renovate/actions-stale-10.x

renovate/chromaui-action-13.1.x

renovate/chromaui-action-13.2.x

renovate/chromaui-action-13.3.x

renovate/chromaui-action-13.x

renovate/cypress-io-github-action-6.10.x

renovate/eslint-compat-2.x

renovate/examples-all-minor-patch

renovate/examples-ui5-webcomponents-react

renovate/execa-9.6.x

renovate/fsfe-reuse-action-6.x

renovate/github-codeql-action-3.30.x

renovate/github-codeql-action-4.30.x

renovate/github-codeql-action-4.31.x

renovate/github-codeql-action-4.x

renovate/glob-12.x

renovate/glob-13.x

renovate/jamesives-github-pages-deploy-action-4.7.x

renovate/major-github-artifact-actions

renovate/major-lerna-monorepo

renovate/major-nextjs-monorepo

renovate/major-react-monorepo

renovate/major-semantic-release-monorepo

renovate/major-storybook-monorepo

renovate/node-22.21.x

renovate/node-22.x

renovate/node-24.11.x

renovate/node-24.x

renovate/npm-glob-vulnerability

renovate/npm-next-vulnerability

renovate/npm-vite-vulnerability

renovate/patch-examples-all-minor-patch

renovate/patch-examples-ui5-webcomponents-react

renovate/patch-package-8.0.x

renovate/patch-react-monorepo

renovate/patch-rimraf

renovate/patch-root-all-minor-patch

renovate/patch-root-ui5-webcomponents

renovate/patch-storybook-monorepo

renovate/patch-typescript

renovate/react-monorepo

renovate/recharts-3.x

renovate/rimraf

renovate/root-all-minor-patch

renovate/root-ui5-webcomponents

renovate/sap-project-piper-action-1.22.x

renovate/sap-project-piper-action-1.23.x

renovate/sap-project-piper-action-1.25.x

renovate/sap-project-piper-action-1.x

renovate/typescript

renovate/ui5-web-components

test/op-auto-resize

test/op-ci

Committed 18 Nov 2025 08:16AM UTC coverage: 84.91% (-0.02%) from 84.929%

Build # 19459145497

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): update dependency glob to v11.1.0 [security] (#7950)

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [glob](https://redirect.github.com/isaacs/node-glob) | [`11.0.3` ->
`11.1.0`](https://renovatebot.com/diffs/npm/glob/11.0.3/11.1.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/glob/11.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/glob/11.0.3/11.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-64756](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)

### Summary

The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.

### Details

**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:

```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```

**Technical Flow:**
1. User runs `glob -c <command> <pattern>` 
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands

**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not... (continued)

Run Details

3263 of 4169 branches covered (78.27%)

Branch coverage included in aggregate %.

5740 of 6434 relevant lines covered (89.21%)

118565.16 hits per line

Relevant lines Covered

6434 RELEVANT LINES 5740 COVERED LINES

118565.16 HITS PER LINE

Source Files on gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
19459145497	gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb	chore(deps): update dependency glob to v11.1.0 [security] (#7950) This PR contains the following updates: \| Package \| Change \| Age \| Confidence \| \|---\|---\|---\|---\| \| [glob](https://redirect.github.com/isaacs/node-glob) \| [`11.0.3` -> `11.1.0`](h...	push	18 Nov 2025 08:27AM UTC	web-flow	github	84.91

See All Builds (876)

Badge your Repo: webcomponents-react

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Embed ▾

Refresh

UI5 / webcomponents-react
85%
main: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb

Recent builds

Badge your Repo: webcomponents-react

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

UI5 / webcomponents-react 85% main: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on gh-readonly-queue/main/pr-7950-e775f5285b979afe7845e7f7869e573a837347bb

Recent builds

Badge your Repo: webcomponents-react

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

UI5 / webcomponents-react
85%
main: 85%

README BADGES
x

CHANGE BRANCH
x

README BADGES
x