Snyk reports that version 14.0.1 indirectly depends on glob 10.4.5, which has a known vulnerability:
https://www.cve.org/CVERecord?id=CVE-2025-64756
https://security.snyk.io/vuln/SNYK-JS-GLOB-14040952
The path to glob:
@semantic-release/gitlab-config@14.0.1 › @semantic-release/npm@12.0.2 › npm@10.9.4 › glob@10.4.5
Bumping @semantic-release/npm to ^13.0.0 will allow it to use npm@11.6.x, which depends on glob@13.
It may be related to #332
Snyk reports that version 14.0.1 indirectly depends on glob 10.4.5, which has a known vulnerability:
https://www.cve.org/CVERecord?id=CVE-2025-64756
https://security.snyk.io/vuln/SNYK-JS-GLOB-14040952
The path to glob:
@semantic-release/gitlab-config@14.0.1 › @semantic-release/npm@12.0.2 › npm@10.9.4 › glob@10.4.5
Bumping
@semantic-release/npmto^13.0.0will allow it to use npm@11.6.x, which depends on glob@13.It may be related to #332