chore(deps-dev): bump rimraf from 3.0.2 to 6.1.3#6079
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
|
|
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
Legacy rimraf API breaks builds
High Severity
Raising the root devDependency to rimraf v6 leaves existing CommonJS build helpers on the v3 pattern (require('rimraf') and rimraf.sync). From v5 onward that default-export/sync usage is unsupported, so steps like scripts/prebuild.js and scripts/DeleteSourceMaps.js (pulled in by build:main / packaging) can throw at runtime instead of cleaning output dirs.
Reviewed by Cursor Bugbot for commit bfa613a. Configure here.
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
Wildcard paths need glob option
Medium Severity
With root rimraf at v6, DeleteSourceMaps still passes paths containing * to rimraf.sync without enabling glob expansion. v6 treats paths as literal names unless { glob: true } (or CLI -g) is set, so *.js.map cleanup during main webpack builds may no longer remove source maps.
Reviewed by Cursor Bugbot for commit bfa613a. Configure here.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bfa613a134
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
This upgrade changes the behavior used by existing cleanup scripts: rimraf v4+ requires the glob option for wildcard paths, but scripts/DeleteSourceMaps.js:5-6 still calls rimraf.sync(.../*.js.map) without options and is run by the Electron main webpack configs. After installing 6.1.3 those patterns are treated as literal paths, so stale UI source-map artifacts that v3 removed can be left behind during build/package workflows; update the calls to pass { glob: true } or avoid wildcard paths before taking this bump.
Useful? React with 👍 / 👎.
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/rimraf-6.1.3
branch
from
bfa613a to
dfed41c
Compare
Bumps [rimraf](https://github.com/isaacs/rimraf) from 3.0.2 to 6.1.3. - [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md) - [Commits](isaacs/rimraf@v3.0.2...v6.1.3) --- updated-dependencies: - dependency-name: rimraf dependency-version: 6.1.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/rimraf-6.1.3
branch
from
dfed41c to
9f54f65
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 3 total unresolved issues (including 2 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 9f54f65. Configure here.
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
rimraf v6 API mismatch
High Severity
Raising rimraf to ^6.1.3 without updating callers leaves v3-style require('rimraf') plus rimraf.sync, default ESM imports, and wildcard paths unchanged. v6 exposes named exports like rimrafSync, drops rimraf.sync, and only expands globs when { glob: true } is set, so packaging and main webpack builds can throw or skip intended deletions.
Reviewed by Cursor Bugbot for commit 9f54f65. Configure here.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9f54f65e89
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "redux-thunk": "^3.1.0", | ||
| "regenerator-runtime": "^0.13.5", | ||
| "rimraf": "^3.0.2", | ||
| "rimraf": "^6.1.3", |
There was a problem hiding this comment.
This version is no longer compatible with redisinsight/ui/vite.config.mjs:13, which still does import rimraf from 'rimraf'; rimraf v5+ only exposes named exports, so after this dependency resolves to 6.1.3, any yarn --cwd redisinsight/ui dev/build or root build:ui/build:renderer path that loads the Vite config fails before the app builds. Please update the config to use a named export such as rimrafSync/rimraf as part of the bump.
Useful? React with 👍 / 👎.
1 participant
Bumps rimraf from 3.0.2 to 6.1.3.
Changelog
Sourced from rimraf's changelog.
... (truncated)
Commits
f738c786.1.3a164a85update deps4635ba7update deps509c53flimit ci workflow permissions68ce04fformatting37680c5add warning to not pass untrusted input to this method ever786563dremove contributing doc, already covered by .github repodbeef73contributing84d27afupdate workflows and standard project junkcd454986.1.2Maintainer changes
This version was pushed to npm by isaacs, a new releaser for rimraf since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Note
Medium Risk
Major dev-dependency jump on build-time file deletion with no accompanying import/API updates in the diff; verify production builds and postinstall still succeed.
Overview
Bumps the root devDependency
rimraffrom 3.0.2 to 6.1.3 and refreshesyarn.lockso the direct install resolves to rimraf 6 (with glob ^13 and package-json-from-dist). Older rimraf@3 can still appear in the lockfile for other packages.There are no application or script edits in this diff. Existing callers (
scripts/prebuild.js,DeleteSourceMaps.js,DeleteDistWeb.js,configs/webpack.config.main.prod.ts,redisinsight/ui/vite.config.mjs) still rely onrimraf.syncand glob-style paths for dist / source-map cleanup. The repo already requires Node >=24.x, which aligns with rimraf 6’s Node 20+ support.Reviewers should watch CI/build and
yarn install: rimraf 5+ dropped the default export (Vite uses a default import), and v6 may run apreparescript on install per upstream release notes.Reviewed by Cursor Bugbot for commit 9f54f65. Bugbot is set up for automated code reviews on this repo. Configure here.