Make WordPress Core

#58936 closed defect (bug) (wontfix)

Update @nodelib/fs.scandir and @nodelib/fs.walkto the latest version (3.0.0, and 2.0.0)

Reported by: rajinsharwar's profile rajinsharwar Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description

Version 3.0.0 of fs.scandir library is available See ReadMe: https://www.npmjs.com/package/@nodelib/fs.scandir/v/3.0.0

Change History (4)

#1 @rajinsharwar
11 months ago

  • Summary changed from Update @nodelib/fs.scandir to the latest version (3.0.0) to Update @nodelib/fs.scandir and @nodelib/fs.walkto the latest version (3.0.0, and 2.0.0)

This ticket was mentioned in PR #4931 on WordPress/wordpress-develop by @rajinsharwar.


11 months ago
#2

  • Keywords has-patch added

Update @nodelib/fs.scandir and @nodelib/fs.walkto the latest version (3.0.0, and 2.0.0)

Trac ticket: https://core.trac.wordpress.org/ticket/58936

#3 @rajinsharwar
11 months ago

Updating the @nodelib/fs.walk and @nodelib/fs.scandir to the latest version

#4 @desrosj
11 months ago

  • Component changed from External Libraries to Build/Test Tools
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Thanks for this one, @rajinsharwar!

Looking at this further, I am of the opinion that we should not be updating this independent of @wordpress/scripts, which is the only dependency listing these packages. The only exception is when performing npm audit fix to correct dependencies with known vulnerabilities.

For example, when running npm list @nodelib/fs.walk@1.2.8, the following tree is output:

└─┬ @wordpress/scripts@26.6.3
  ├─┬ eslint@8.45.0
  │ └── @nodelib/fs.walk@1.2.8
  └─┬ fast-glob@3.3.0
    └── @nodelib/fs.walk@1.2.8

While the update may be within the version constraints, if every possible available update was applied, it would create a fair amount of noise. Updating them within the package directly including these packages as dependencies will also result in better testing.

Going to close this out, but if another committer feels strongly otherwise it can be reopened and reconsidered.

Note: See TracTickets for help on using tickets.