fix(deps): update vulnerable glob pkg to 10.5.0 in v10.x

[baranbbr]

Caution

This should NOT be merged to master.

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines: https://github.com/nestjs/nest/blob/master/CONTRIBUTING.md
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[x] Refactoring (no functional changes, no api changes)
[ ] Build related changes
[ ] CI related changes
[ ] Other... Please describe:

What is the current behavior?

Updating glob package in old release 10.
This is to address CVE-2025-64756
https://security.snyk.io/vuln/SNYK-JS-GLOB-14040952

Related to Issue Number: #3189

What is the new behavior?

Does this PR introduce a breaking change?

[ ] Yes
[x] No

Other information

[baranbbr]

This is a backport for version 10.x - looking at the recent releases it looks like older versions aren't updated? I'm not sure how the maintainers want to proceed? Imo there's value in creating a maintenance branch/release on version 10.

Version 10.4.9 is still massively popular as I can see on npm: https://www.npmjs.com/package/@nestjs/cli?activeTab=versions

[baranbbr]

@kamilmysliwiec I guess there are no plans to maintain previous major versions? If so, feel free to close this

[ooxx5626]

We are also using version 10.x and would like to receive a remediated/patched version 10.X to address this CVE.

[arketec]

in the meantime, you can override glob on this dependency only in your package.json

npm

"overrides": {
    "@nestjs/cli": {
      "glob": "^10.5.0"
    }
  },

yarn:

"resolutions": {
    "@nestjs/cli/glob": "^10.5.0"
  },