Update dev dependencies to update vulnerable Glob dependency

[derek-bc]

Environment information

System:
  OS: macOS 15.3.1
  CPU: (10) arm64 Apple M4
  Memory: 177.14 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 23.11.0 - /opt/homebrew/bin/node
  Yarn: undefined - undefined
  npm: 10.9.2 - /opt/homebrew/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/auth-construct: 1.6.1
  @aws-amplify/backend: 1.14.3
  @aws-amplify/backend-ai: Not Found
  @aws-amplify/backend-auth: 1.5.1
  @aws-amplify/backend-cli: 1.8.0
  @aws-amplify/backend-data: 1.4.1
  @aws-amplify/backend-deployer: 2.1.4
  @aws-amplify/backend-function: 1.12.3
  @aws-amplify/backend-output-schemas: 1.7.1
  @aws-amplify/backend-output-storage: 1.1.5
  @aws-amplify/backend-secret: 1.4.1
  @aws-amplify/backend-storage: 1.2.6
  @aws-amplify/cli-core: 2.2.2
  @aws-amplify/client-config: 1.9.0
  @aws-amplify/data-construct: 1.15.1
  @aws-amplify/data-schema: 1.19.0
  @aws-amplify/deployed-backend-client: 1.8.1
  @aws-amplify/form-generator: 1.2.5
  @aws-amplify/model-generator: 1.2.1
  @aws-amplify/platform-core: 1.10.2
  @aws-amplify/plugin-types: 1.11.1
  @aws-amplify/sandbox: 2.1.3
  @aws-amplify/schema-generator: 1.4.1
  @aws-cdk/toolkit-lib: 1.6.1
  aws-amplify: 6.15.5
  aws-cdk-lib: 2.225.0
  typescript: 5.8.3
No AWS environment variables
No CDK environment variables

Describe the bug

GHSA-5j98-mcp5-4vw2

rimraf

@aws-amplify/backend-cli@1.8.0
├─┬ @aws-amplify/backend-deployer@2.1.4
│ └─┬ @aws-cdk/toolkit-lib@1.6.1
│ ├─┬ @aws-cdk/cdk-assets-lib@1.0.4
│ │ └── glob@11.1.0 deduped
│ ├─┬ archiver@7.0.1
│ │ └─┬ archiver-utils@5.0.2
│ │ └── glob@10.5.0
│ └── glob@11.1.0 deduped
├─┬ @aws-amplify/form-generator@1.2.5
│ └─┬ @aws-amplify/appsync-modelgen-plugin@2.15.2
│ └─┬ @graphql-codegen/visitor-plugin-common@1.22.0
│ └─┬ @graphql-tools/relay-operation-optimizer@6.5.18
│ └─┬ @ardatan/relay-compiler@12.0.0
│ └── glob@7.2.3
├─┬ @aws-amplify/model-generator@1.2.1
│ └─┬ @aws-amplify/graphql-types-generator@3.6.0
│ └─┬ rimraf@3.0.2
│ └── glob@7.2.3
└─┬ @aws-amplify/sandbox@2.1.3
└── glob@11.1.0

Any glob version under 11.1.0 have a high severity vulnerability. HackerOne rejected my ticket because they said it wasn't dangerous enough but this causes failures in any pipelines disallowing high severity issues.

Reproduction steps

1. Install the latest version of the CLI
2. Run npm audit

[mrgrain]

Thanks @derek-bc I cannot reproduce this:

$ npm i @aws-amplify/backend-cli@1.8.0

up to date, audited 1324 packages in 1s

182 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

See the last line: found 0 vulnerabilities

---

I believe the security advisory has been updated to only include actually affected versions. Please let me know if you are still seeing this. Otherwise I will close the issue.

[ShaMan123]

+1