EPMRPP-113918 || Fix security vulnerabilities

[maria-hambardzumian]

Summary by CodeRabbit

• Chores

  • Updated the glob dependency to a newer, patched version to address security issues.

• Documentation

  • Added a "Security" entry to the changelog noting updated dependency versions (including glob and other affected libraries) and related vulnerability references.

[maria-hambardzumian]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d1d1634b-df62-4685-a091-c43b1b5a9fc7

📥 Commits

Reviewing files that changed from the base of the PR and between c7f7b77 and 48408be.

📒 Files selected for processing (1)

• CHANGELOG.md

🚧 Files skipped from review as they are similar to previous changes (1)

• CHANGELOG.md

---

Walkthrough

This PR updates the glob dependency in package.json from ^13.0.1 to ^13.0.6 and adds a Security subsection to CHANGELOG.md documenting dependency version updates for glob, axios, diff, and lodash (security-related notes).

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Bumped glob dependency from ^13.0.1 to ^13.0.6.
Changelog Documentation CHANGELOG.md	Added ### Security subsection listing dependency updates for glob, axios, diff, and lodash with security references.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled code and found a hole,
I patched a version, fixed the knoll,
Dependencies tidy, burrow bright,
I hop content into the night. 🥕🔧

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: security vulnerability fixes through dependency updates to glob, axios, diff, and lodash.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/EPMRPP-113918-security-vulnerabilities

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CHANGELOG.md`:
- Around line 3-4: The CHANGELOG.md "### Security" entry overstates updated
packages by listing axios, diff, and lodash while only glob was actually bumped;
update the Security section (the line containing "Updated versions of vulnerable
packages (glob - [CVE-2026-25547], axios - [CVE-2026-25639], diff, lodash).") to
accurately reflect only the packages changed in this PR (e.g., remove axios,
diff, lodash from that sentence) or, if you intended to bump those deps, add the
corresponding dependency/version changes and CVE references to the PR so the
changelog can list them; ensure the amended text clearly names the actual
updated package(s) and CVE links.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e3c694b0-bce6-4024-ace3-9151d4b5596a

📥 Commits

Reviewing files that changed from the base of the PR and between b803003 and c7f7b77.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• CHANGELOG.md
• package.json