[wp-trac] [WordPress Trac] #58936: Update @nodelib/fs.scandir and @nodelib/fs.walkto the latest version (3.0.0, and 2.0.0)
WordPress Trac
noreply at wordpress.org
Fri Aug 11 18:56:25 UTC 2023
#58936: Update @nodelib/fs.scandir and @nodelib/fs.walkto the latest version
(3.0.0, and 2.0.0)
------------------------------+----------------------
Reporter: rajinsharwar | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Build/Test Tools | Version:
Severity: normal | Resolution: wontfix
Keywords: has-patch | Focuses:
------------------------------+----------------------
Changes (by desrosj):
* status: new => closed
* resolution: => wontfix
* component: External Libraries => Build/Test Tools
* milestone: Awaiting Review =>
Comment:
Thanks for this one, @rajinsharwar!
Looking at this further, I am of the opinion that we should not be
updating this independent of `@wordpress/scripts`, which is the only
dependency listing these packages. The only exception is when performing
`npm audit fix` to correct dependencies with known vulnerabilities.
For example, when running `npm list @nodelib/fs.walk at 1.2.8`, the following
tree is output:
{{{
└─┬ @wordpress/scripts at 26.6.3
├─┬ eslint at 8.45.0
│ └── @nodelib/fs.walk at 1.2.8
└─┬ fast-glob at 3.3.0
└── @nodelib/fs.walk at 1.2.8
}}}
While the update may be within the version constraints, if every possible
available update was applied, it would create a fair amount of noise.
Updating them within the package directly including these packages as
dependencies will also result in better testing.
Going to close this out, but if another committer feels strongly otherwise
it can be reopened and reconsidered.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58936#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list