Current release depends on package with know vulnerability #445
Description
Snyk reports that version 14.0.1 indirectly depends on glob 10.4.5, which has a known vulnerability:
https://www.cve.org/CVERecord?id=CVE-2025-64756
https://security.snyk.io/vuln/SNYK-JS-GLOB-14040952
The path to glob:
@semantic-release/[email protected] › @semantic-release/[email protected] › [email protected] › [email protected]
Bumping @semantic-release/npm to ^13.0.0 will allow it to use [email protected], which depends on glob@13.
It may be related to #332