🚀 Feature: Update glob from 8.1.0 which is no longer supported

[einsteinsfool]

Feature Request Checklist

• I have read and agree to Mocha's Code of Conduct and Contributing Guidelines
• I have searched for related issues and issues with the faq label, but none matched my issue.
• I want to provide a PR to resolve this

Overview

mocha uses [email protected] which is not supported and also depends on inflight which is also not supported (any version).

$ mkdir mochatest
$ cd mochatest
$ npm install mocha
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
...

I do realise it's been reported in #4988 but I'm not reporting it as security vulnerability but feature request.
It would be nice not to have these warnings. Especially that a lot of packages depend on mocha (like appium from which I came).

Suggested Solution

Updating glob dependency to v9.0.0 or maybe even v10.4.1.

Alternatives

Leave glob v8.1.0 which is no longer supported and ignore warnings.

Additional Info

https://www.npmjs.com/package/inflight
https://www.npmjs.com/package/glob/v/8.1.0

[JoshuaKGoldberg]

Agreed, this would be great. There's no reason to keep glob -or any other dependency- on an outdated major version - especially one that's no deprecated!

#5114 tracks allowing ^ (minor) version matching on packages. That's a semver-minor for us.

I suspect (but am not wholly convinced) for major version bumps we'll want to play it safe and wait until the next major version of Mocha. cc @mochajs/maintenance-crew: we'd previously talked about how we wanted to get to a new major version, but are also hesitant to make new majors given how entrenched the current v10 major version of Mocha is? For reference, we took that strategy in typescript-eslint recently: typescript-eslint@v7's breaking changes were around major versions, while typescript-eslint@v8's breaking chnages are more substantial.

Marking as semver-major and in discussion just in case for now. We'll likely end up filing issues for other dependencies that are on out-of-date majors. The PRs linked in #5114 mention those.