Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump rimraf version to ^5.05 #9438

Merged
merged 8 commits into from
Dec 14, 2023
Merged

Bump rimraf version to ^5.05 #9438

merged 8 commits into from
Dec 14, 2023

Conversation

adelchan07
Copy link
Contributor

Bump rimraff version in response to a security vulnerability within Atlassian products

↪️ Pull Request

💻 Examples

🚨 Test instructions

✔️ PR Todo

  • Added/updated unit tests for this change
  • Filled out test instructions (In case there aren't any unit tests)
  • Included links to related issues/PRs

@mischnic
Copy link
Member

  • We might as well upgrade to the latest version then (v5)
  • A breaking change of v4 was the the methods return promises now, so the promisify in packages/utils/create-react-app/src/cli.js shouldn't be done anymore
  • (There is still a dependency on the old version in the monorepo root)

@adelchan07 adelchan07 changed the title Bump rimraf version in @create-react-app Bump rimraf version to ^5.05 Dec 14, 2023
@adelchan07 adelchan07 force-pushed the achan3/VULN-1129102-update-rimraf-create-react-app branch from 4005017 to fff85f7 Compare December 14, 2023 17:43
@mischnic
Copy link
Member

The flow types in flow-typed/npm/rimraf_v2.x.x.js are wrong now, it should be something like this now

  declare module.exports: {
    (f: string, opts?: Options): Promise<boolean>,

And the gulpfile has to be changed:

diff --git gulpfile.js gulpfile.js
index 4b524e694..61d885410 100644
--- gulpfile.js
+++ gulpfile.js
@@ -59,7 +59,10 @@ class TapStream extends Transform {
 }
 
 exports.clean = function clean(cb) {
-  rimraf('packages/*/*/lib/**', cb);
+  rimraf('packages/*/*/lib/**').then(
+    () => cb,
+    err => cb(err),
+  );
 };

@mischnic mischnic merged commit 13e6cfd into v2 Dec 14, 2023
11 of 15 checks passed
@mischnic mischnic deleted the achan3/VULN-1129102-update-rimraf-create-react-app branch December 14, 2023 20:37
@apiiro-snyk apiiro-snyk mentioned this pull request Jul 2, 2024
Open
@Codimow Codimow mentioned this pull request Oct 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mischnic mischnic mischnic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adelchan07 @mischnic