chore(wren-ui): resolve glob library to 10.5.0

[onlyjackfrost]

https://github.com/Canner/WrenAI/security/dependabot/133

Summary by CodeRabbit

• Chores
  • Updated package dependency resolution configuration to ensure consistent build environments across installations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A single dependency resolution constraint is added to wren-ui/package.json, pinning the glob package to version 10.5.0 in the resolutions object to enforce consistent dependency version resolution during installation.

Changes

Cohort / File(s)	Summary
Dependency Resolution wren-ui/package.json	Added glob: "10.5.0" to the resolutions object to pin glob package version

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• chore(wren-ui): update tar-fs library to 2.1.4 [WREN-539] #2005 — Also modifies the resolutions object in wren-ui/package.json for dependency constraint management

Suggested reviewers

• fredalai
• wwwy3y3

Poem

🐰 A glob so round, version ten-point-five,
Pinned just right to keep things alive,
In resolutions we trust it to stay,
Hopping along, brightening the day! 🌟

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a glob library resolution to version 10.5.0 in wren-ui/package.json, which matches the changeset perfectly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/dependency-glob

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7aee844 and 907a639.

⛔ Files ignored due to path filters (1)

• wren-ui/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• wren-ui/package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: cyyeh
Repo: Canner/WrenAI PR: 1293
File: wren-ai-service/pyproject.toml:38-38
Timestamp: 2025-02-12T22:05:37.109Z
Learning: The qdrant-client package version in wren-ai-service must match the Qdrant server version (1.11.0) to maintain compatibility.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (go)

🔇 Additional comments (1)

wren-ui/package.json (1)

102-102: glob 10.5.0 is the correct fix for CVE-2025-64756.

Glob 10.5.0 is a patched version that resolves the command injection vulnerability affecting versions 10.2.0 through 11.0.3. This resolution appropriately addresses the Dependabot security alert for the v10 major version line.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}