Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(commonjs)!: bump glob's version #1695

Merged
merged 2 commits into from
Jun 5, 2024
Merged

Conversation

younggglcy
Copy link
Contributor

@younggglcy younggglcy commented Mar 17, 2024

Rollup Plugin Name: @rollup/plugin-commonjs

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

If yes, then include "BREAKING CHANGES:" in the first commit message body, followed by a description of what is breaking.

List any relevant issue numbers: resolves #1691

Description

BREAKING CHANGES: Requires Node.js version >=16.0.0 or >= 14.17, this is the same as glob's need.

both glob and shx have inflight in their deps, so this PR bumps glob to the latest and removes shx, since it's not been used.

@younggglcy younggglcy requested a review from shellscape as a code owner March 17, 2024 12:08
@akashennn
Copy link

Hi any update on this? There is a vulnerability introduced thought this

Copy link
Member

@lukastaegert lukastaegert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems this update is breaking tests that rely on glob, so we need to figure out what the breaking changes were.

@mehdibo
Copy link

mehdibo commented May 27, 2024

Hello, any updates on this? or is there a workaround
Facing this issue:

warning nuxt > nitropack > @rollup/plugin-commonjs > glob > [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.91

@younggglcy
Copy link
Contributor Author

CI tests failed due to wrong order returned by glob.sync() here.
That's because, since glob v9, results will not be sorted.
FYI: isaacs/node-glob#576

@younggglcy younggglcy requested a review from lukastaegert May 27, 2024 13:38
@shellscape
Copy link
Collaborator

@younggglcy I think this is good to merge, but please rebase/merge from master again. CI isn't happy.

BREAKING CHANGES: Requires Node.js version >=16.0.0 or >= 14.17
@younggglcy
Copy link
Contributor Author

@younggglcy I think this is good to merge, but please rebase/merge from master again. CI isn't happy.

fixed.

@shellscape shellscape changed the title chore(commonjs): bump glob's version chore(commonjs)!: bump glob's version Jun 5, 2024
@shellscape shellscape merged commit 2447548 into rollup:master Jun 5, 2024
10 checks passed
younggglcy added a commit to younggglcy/plugins that referenced this pull request Jun 6, 2024
* chore: bump glob's version

BREAKING CHANGES: Requires Node.js version >=16.0.0 or >= 14.17

* fix: let glob match alphabetical order
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[@rollup/plugin-commonjs]: vulnerability in inflight
5 participants