Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@
"redux-mock-store": "^1.5.4",
"redux-thunk": "^3.1.0",
"regenerator-runtime": "^0.13.5",
"rimraf": "^3.0.2",
"rimraf": "^6.1.3",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legacy rimraf API breaks builds

High Severity

Raising the root devDependency to rimraf v6 leaves existing CommonJS build helpers on the v3 pattern (require('rimraf') and rimraf.sync). From v5 onward that default-export/sync usage is unsupported, so steps like scripts/prebuild.js and scripts/DeleteSourceMaps.js (pulled in by build:main / packaging) can throw at runtime instead of cleaning output dirs.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit bfa613a. Configure here.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wildcard paths need glob option

Medium Severity

With root rimraf at v6, DeleteSourceMaps still passes paths containing * to rimraf.sync without enabling glob expansion. v6 treats paths as literal names unless { glob: true } (or CLI -g) is set, so *.js.map cleanup during main webpack builds may no longer remove source maps.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit bfa613a. Configure here.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep glob deletes working after rimraf upgrade

This upgrade changes the behavior used by existing cleanup scripts: rimraf v4+ requires the glob option for wildcard paths, but scripts/DeleteSourceMaps.js:5-6 still calls rimraf.sync(.../*.js.map) without options and is run by the Electron main webpack configs. After installing 6.1.3 those patterns are treated as literal paths, so stale UI source-map artifacts that v3 removed can be left behind during build/package workflows; update the calls to pass { glob: true } or avoid wildcard paths before taking this bump.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rimraf v6 API mismatch

High Severity

Raising rimraf to ^6.1.3 without updating callers leaves v3-style require('rimraf') plus rimraf.sync, default ESM imports, and wildcard paths unchanged. v6 exposes named exports like rimrafSync, drops rimraf.sync, and only expands globs when { glob: true } is set, so packaging and main webpack builds can throw or skip intended deletions.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 9f54f65. Configure here.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Replace the rimraf default import before bumping

This version is no longer compatible with redisinsight/ui/vite.config.mjs:13, which still does import rimraf from 'rimraf'; rimraf v5+ only exposes named exports, so after this dependency resolves to 6.1.3, any yarn --cwd redisinsight/ui dev/build or root build:ui/build:renderer path that loads the Vite config fails before the app builds. Please update the config to use a named export such as rimrafSync/rimraf as part of the bump.

Useful? React with 👍 / 👎.

"sass": "npm:sass-embedded",
"skip-postinstall": "^1.0.0",
"socket.io-mock": "^1.3.2",
Expand Down
12 changes: 10 additions & 2 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -9149,7 +9149,7 @@ glob@^10.0.0, glob@^10.2.2, glob@^10.3.10, glob@^10.4.1:
package-json-from-dist "^1.0.0"
path-scurry "^1.11.1"

glob@^13.0.6:
glob@^13.0.3, glob@^13.0.6:
version "13.0.6"
resolved "https://registry.yarnpkg.com/glob/-/glob-13.0.6.tgz#078666566a425147ccacfbd2e332deb66a2be71d"
integrity sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==
Expand Down Expand Up @@ -12513,7 +12513,7 @@ p-try@^2.0.0:
resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6"
integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==

package-json-from-dist@^1.0.0:
package-json-from-dist@^1.0.0, package-json-from-dist@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz#4f1471a010827a86f94cfd9b0727e36d267de505"
integrity sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==
Expand Down Expand Up @@ -14159,6 +14159,14 @@ rimraf@^3.0.2:
dependencies:
glob "^7.1.3"

rimraf@^6.1.3:
version "6.1.3"
resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-6.1.3.tgz#afbee236b3bd2be331d4e7ce4493bac1718981af"
integrity sha512-LKg+Cr2ZF61fkcaK1UdkH2yEBBKnYjTyWzTJT6KNPcSPaiT7HSdhtMXQuN5wkTX0Xu72KQ1l8S42rlmexS2hSA==
dependencies:
glob "^13.0.3"
package-json-from-dist "^1.0.1"

roarr@^2.15.3:
version "2.15.4"
resolved "https://registry.yarnpkg.com/roarr/-/roarr-2.15.4.tgz#f5fe795b7b838ccfe35dc608e0282b9eba2e7afd"
Expand Down
Loading