[Snyk] Fix for 2 vulnerabilities

[JosanaDH]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170
	Directory Traversal SNYK-JS-TAR-15307072	165

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Directory Traversal

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Major Breaking Changes 🟠 [major] The upgrades for glob (v7 to v12) and rimraf (v2 to v6) introduce significant breaking changes to their APIs. Both libraries have removed support for the traditional callback-based signature (e.g., glob(pattern, (err, files) => ...) or rimraf(path, (err) => ...)) in favor of a Promise-based API. Any existing code in this project relying on callbacks—which was the standard for the older versions being replaced—will break at runtime. Additionally, tar v7 is now a pure ESM module, which will cause require('tar') to fail if this project is using CommonJS (as suggested by the devDependencies). "glob": "^12.0.0", Node.js Incompatibility 🟠 [major] The upgraded versions of glob (v12), rimraf (v6), and tar (v7) all require a minimum Node.js version of 18 (with glob specifically requiring v18.20+ or v20.10+). However, the project's current environment appears to target Node.js 14, as indicated by @types/node": "^14.14.31" (line 151 in context). Merging these changes will cause the application to fail in environments running Node.js versions earlier than 18. To fix the reported vulnerabilities while maintaining legacy compatibility, consider updating to the lowest fixed major versions (e.g., glob v9 and ensuring tar is at 6.2.1). "tar": "^7.5.8",

📚 Repository Context Analyzed This review considered 1 relevant code sections from 1 files (average relevance: 0.93) package.json (lines 101-200)