feat(deps): Bump glob in @sentry/react-router

[rfoel]

Bumps glob from 11.1.0 to 13.0.1 in @sentry/react-router to resolve a security vulnerability in the transitive dependency @isaacs/brace-expansion.

Dependency chain: @sentry/react-router → glob → minimatch → @isaacs/brace-expansion

Details
The previous version of glob (11.1.0) pulled in a vulnerable version of @isaacs/brace-expansion. The vulnerability has been patched upstream:

@isaacs/brace-expansion was patched
minimatch released a new version with the fix
glob 13.0.1 includes the updated dependencies
This is a dependency-only change with no code modifications.

CVE

[Lms24]

Thanks for submitting this PR! Sounds reasonable to me to bump this. @chargome any concerns regarding the major bumps? I don't think any of the breaking changes apply to RR.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Glob v13 may break CJS consumers

High Severity

Upgrading glob to 13.0.1 may introduce a breaking runtime change for CommonJS consumers of @sentry/react-router if glob’s v13 exports/module format no longer supports require() or behaves differently in CJS (notably for array patterns passed to glob() in sentryOnBuildEnd).

Additional Locations (1)

• yarn.lock#L18120-L18129

 

[chargome]

This one is just used for onBuildEnd so we should be fine, thanks for contributing!

[chargome]

Suggested change

	"glob": "13.0.1"
	"glob": "^13.0.1"

[chargome]

@rfoel please apply this and re-run yarn before merging in