chore(deps-dev): bump rimraf from 3.0.2 to 6.1.3#6079
Conversation
Bumps [rimraf](https://github.com/isaacs/rimraf) from 3.0.2 to 6.1.3. - [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md) - [Commits](isaacs/rimraf@v3.0.2...v6.1.3) --- updated-dependencies: - dependency-name: rimraf dependency-version: 6.1.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
|
|
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit bfa613a. Configure here.
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
Legacy rimraf API breaks builds
High Severity
Raising the root devDependency to rimraf v6 leaves existing CommonJS build helpers on the v3 pattern (require('rimraf') and rimraf.sync). From v5 onward that default-export/sync usage is unsupported, so steps like scripts/prebuild.js and scripts/DeleteSourceMaps.js (pulled in by build:main / packaging) can throw at runtime instead of cleaning output dirs.
Reviewed by Cursor Bugbot for commit bfa613a. Configure here.
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
Wildcard paths need glob option
Medium Severity
With root rimraf at v6, DeleteSourceMaps still passes paths containing * to rimraf.sync without enabling glob expansion. v6 treats paths as literal names unless { glob: true } (or CLI -g) is set, so *.js.map cleanup during main webpack builds may no longer remove source maps.
Reviewed by Cursor Bugbot for commit bfa613a. Configure here.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bfa613a134
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
This upgrade changes the behavior used by existing cleanup scripts: rimraf v4+ requires the glob option for wildcard paths, but scripts/DeleteSourceMaps.js:5-6 still calls rimraf.sync(.../*.js.map) without options and is run by the Electron main webpack configs. After installing 6.1.3 those patterns are treated as literal paths, so stale UI source-map artifacts that v3 removed can be left behind during build/package workflows; update the calls to pass { glob: true } or avoid wildcard paths before taking this bump.
Useful? React with 👍 / 👎.
1 participant
Bumps rimraf from 3.0.2 to 6.1.3.
Changelog
Sourced from rimraf's changelog.
... (truncated)
Commits
f738c786.1.3a164a85update deps4635ba7update deps509c53flimit ci workflow permissions68ce04fformatting37680c5add warning to not pass untrusted input to this method ever786563dremove contributing doc, already covered by .github repodbeef73contributing84d27afupdate workflows and standard project junkcd454986.1.2Maintainer changes
This version was pushed to npm by isaacs, a new releaser for rimraf since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Dev-only dependency bump with no application source changes; main risk is a subtle CLI/API behavior change if any script relied on rimraf 3 semantics or default ESM/CJS imports (this repo primarily uses the CLI in npm scripts).
Overview
Bumps the root devDependency
rimraffrom 3.0.2 to 6.1.3 and refreshes yarn.lock so the resolved tree picks up rimraf 6’s stack (e.g. glob ^13, path-scurry ^2, lru-cache ^11).This is a major-version jump for a dev-only file-deletion utility; callers that invoke the
rimrafCLI (such as APIprebuild/build:prodscripts that runrimraf dist) should behave the same for simple path cleanup. Node >=24 inenginessatisfies rimraf 6’s minimum Node requirement.Reviewed by Cursor Bugbot for commit bfa613a. Bugbot is set up for automated code reviews on this repo. Configure here.