From 8275b3da3b2277ade57bf511fe06c9e72590b7c2 Mon Sep 17 00:00:00 2001
From: kbroughton <kesten.broughton@gmail.com>
Date: Sat, 11 Apr 2026 11:00:37 -0500
Subject: [PATCH] fix(deps): upgrade glob from ^11.0.3 to ^13.0.0 (fixes #1717)

glob@11.x is deprecated by its maintainer and flagged as containing
widely-publicised security vulnerabilities (including ReDoS risks).
The latest stable version is glob@13.0.6.

Compatibility verified: the codebase uses only `globSync` with
`{ nodir, absolute }` options in two files:
- src/services/transcripts/watcher.ts
- scripts/analyze-transformations-smart.js

The `globSync` function signature and these options are identical
in glob@13. No call-site changes are required.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 0809763d..e8aa726f 100644
--- a/package.json
+++ b/package.json
@@ -115,7 +115,7 @@
     "ansi-to-html": "^0.7.2",
     "dompurify": "^3.3.1",
     "express": "^4.18.2",
-    "glob": "^11.0.3",
+    "glob": "^13.0.0",
     "handlebars": "^4.7.8",
     "picocolors": "^1.1.1",
     "react": "^18.3.1",