BED-6833 chore(vuln): Bump glob pkg to ^11.1.0

[mistahj67]

Merge Request Runbook

See the runbook for more information on formatting and managing your MRs:
https://specterops.atlassian.net/wiki/spaces/BE/pages/233504866/Merge+Requests

Description

Fix vuln CVE-2025-64756

Motivation and Context

Address CVE-2025-64756
Addressed this at top level package.json because this pkg is a deep dependency across multiple dependencies and to update each would be non-trivial

Resolves: BED-6833

How Has This Been Tested?

Built UI and spot tested across app

Screenshots (if appropriate):

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Documentation updates are needed, and have been made accordingly.
• I have added and/or updated tests to cover my changes.
• All new and existing tests passed.
• My changes include a database migration.

Summary by CodeRabbit

• Chores
  • Pinned an additional dependency resolution to improve package stability.
• Style
  • Minor formatting and code-style cleanups in UI components (no behavioral changes).

[coderabbitai]

Walkthrough

Added a resolution pin for the glob package in package.json and made non-functional formatting/refactorings in two React components (DynamicDetails.tsx, TagForm.tsx); no exported APIs or behavior changes.

Changes

Cohort / File(s)	Summary
Dependency Resolution Update package.json	Added "glob": "^11.1.0" to the resolutions section (pins glob across the repo).
PrivilegeZones — Details (formatting) packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx	Reordered two hook imports and reformatted a ternary expression for the Analysis/TagDetails value (no logic change).
PrivilegeZones — Save/TagForm (formatting) packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Save/TagForm/TagForm.tsx	Reflowed long className and FormLabel string literals across lines; purely formatting, no functional changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Pay attention to DynamicDetails.tsx for the ternary reformat to confirm no subtle logic change.
• Verify package.json resolutions merge correctly with existing entries and tooling (yarn/npm) respects the field.

Suggested reviewers

• superlinkx
• elikmiller

Poem

🐇 I hopped through code with careful paws,
Pinned a glob without a pause.
Lines tidied up, nice and neat —
Builds stay steady, hops stay sweet. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: bumping the glob package to ^11.1.0 to address a vulnerability, with the ticket identifier BED-6833 included.
Description check	✅ Passed	The description covers key sections including a clear problem statement (CVE-2025-64756 fix), motivation/context with ticket resolution, testing approach, and proper checklist completion with types of changes marked.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-6833

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb23542 and af939db.

📒 Files selected for processing (2)

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx (2 hunks)
• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Save/TagForm/TagForm.tsx (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Save/TagForm/TagForm.tsx

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-08-28T19:26:03.304Z

Learnt from: benwaples
Repo: SpecterOps/BloodHound PR: 1829
File: packages/javascript/bh-shared-ui/src/views/ZoneManagement/ZoneAnalysisIcon.tsx:26-26
Timestamp: 2025-08-28T19:26:03.304Z
Learning: In packages/javascript/bh-shared-ui/src/hooks/, useZonePathParams is exported through the useZoneParams barrel (useZoneParams/index.ts exports it via wildcard from useZonePathParams.tsx), and usePrivilegeZoneAnalysis is exported through useConfiguration.ts. Both are available via the main hooks barrel import.

Applied to files:

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx

📚 Learning: 2025-08-25T20:12:35.629Z

Learnt from: mistahj67
Repo: SpecterOps/BloodHound PR: 1803
File: packages/javascript/bh-shared-ui/src/views/ZoneManagement/Summary/SummaryCard.tsx:24-24
Timestamp: 2025-08-25T20:12:35.629Z
Learning: The useHighestPrivilegeTagId hook is available through the hooks barrel export in packages/javascript/bh-shared-ui/src/hooks/index.ts via the wildcard export `export * from './useAssetGroupTags'`. The import `import { useHighestPrivilegeTagId } from '../../../hooks'` works correctly and doesn't cause build failures.

Applied to files:

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx

📚 Learning: 2025-09-08T19:22:49.284Z

Learnt from: jvacca-specterops
Repo: SpecterOps/BloodHound PR: 1823
File: packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/SavedQueries/TagToZoneLabelDialog.tsx:34-35
Timestamp: 2025-09-08T19:22:49.284Z
Learning: In BloodHound's TagToZoneLabelDialog component (packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/SavedQueries/TagToZoneLabelDialog.tsx), importing AssetGroupTag type from 'js-client-library' to type tag shapes is incorrect - this type should not be used for typing tags in this context.

Applied to files:

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx

📚 Learning: 2025-11-06T21:35:45.118Z

Learnt from: dcairnsspecterops
Repo: SpecterOps/BloodHound PR: 2010
File: packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/CypherSearch.tsx:86-90
Timestamp: 2025-11-06T21:35:45.118Z
Learning: In CypherSearch.tsx (packages/javascript/bh-shared-ui/src/views/Explore/ExploreSearch/CypherSearch.tsx), the useLayoutEffect that directly sets aria-label on cypherEditorRef.current.cypherEditor.codemirror.contentDOM is necessary because the aria-label prop passed to the CypherEditor component (neo4j-cypher/react-codemirror) does not properly reach the correct DOM element for accessibility. The direct DOM manipulation is required to satisfy Axe DevTools requirements.

Applied to files:

• packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-tests
• GitHub Check: build-ui
• GitHub Check: run-analysis

🔇 Additional comments (2)

packages/javascript/bh-shared-ui/src/views/PrivilegeZones/Details/DynamicDetails.tsx (2)

31-31: Formatting-only change: import reordering.

The import statement has been reordered alphabetically. This is a non-functional change unrelated to the glob vulnerability fix but improves code consistency.

---

95-102: Formatting-only change: multiline value expression.

The value prop has been expanded to multiple lines for improved readability. The conditional logic remains unchanged and is correct.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mistahj67]

came in by PFC

[mistahj67]

came in by PFC