migrate from glob → tinyglobby

[wbolster]

hi 👋🏼,

it would be great if this repo could migrate from glob → tinyglobby.

the glob dependency is old: pinned to 10.x while upstream is at 13.x (see glob on npm), and recently had security issues, e.g. #822 which was not important for this project but affects many downstreams b/c npm audit raises alarm bells about it, etc.

glob has good modern replacements, specifically tinyglobby which is lean and fast (see e.g. https://e18e.dev/blog/tinyglobby-migration and e18e/ecosystem-issues#218), stable, popular, e.g. used by vite (which even indirectly exposes it in its API; see e.g. these docs).

there are only 3 very similar call sites in this code base, e.g.

                  await glob(globAssets, {
                    absolute: true,
                    nodir: true, // We need individual files for preparation
                    ignore: options.sourcemaps?.ignore,
                  })

… which all seem to have direct tinyglobby equivalents: absolute and ignore can be used as-is, and nodir → onlyFiles.

thanks in advance for your consideration!

[linear]

BUNDLER-108

[s1gr1d]

Thanks for writing in! You've summarized it very nicely, and it seems like a good choice. We'll discuss how to proceed with our team.

[timfish]

I'm currently refactoring the plugins to remove unplugin as a dependency and now I'm reviewing the glob usage I'm questioning if we'll need to glob at all. All the output asset information should be available in the Rollup plugin hooks so it would be my preference to remove the need to glob entirely!

More tests are required first!