Upgrade glob@7 to glob@10 to resolve deprecation warnings#48875
Upgrade glob@7 to glob@10 to resolve deprecation warnings#48875byCedric wants to merge 1 commit into
glob@7 to glob@10 to resolve deprecation warnings#48875Conversation
facebook-github-bot
added
CLA Signed
|
Looks like just Flow errors. Will import and resolve. |
|
@huntie has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
Will see if I have time to test this today (need to secure a Windows device from around the office). |
|
Hey @huntie! I just got back from my Lunar new year tour. If there is any way I can help test the Glob changes on Windows, lmk. I literally have 2 desktops ready to go for that. |
Summary: This is a long overdue follow-up from facebook/react-native#46724, and upgrades the deprecated `glob@7` to `glob@10`. When creating any React Native project today, you are greeted by a wall of deprecation warnings when installing with `npm` -- with the most frequent offender being `glob@7.2.3`. This hurts UX and diminishes developers' trust, even before starting their project. <img width="1005" alt="image" src="https://github.com/user-attachments/assets/a5661470-98df-4f3f-8be2-7b0baa9711b6" /> Unfortunately, no [flow types are available for `glob@9+`](https://github.com/flow-typed/flow-typed/tree/main/definitions/npm). I've tried creating a flow definition, but it turns out that the `glob@10` types use `path-scurry@^1.11.1`, `minimatch@^9.0.4`, and `minipass@^7.1.2` -- all without flow type definitions. Writing the flow definitions for glob@9+ is non-trivial work, I'd be happy to help but I can't fix that on my own. > [!IMPORTANT] > `glob@11` has already been released, but it's only supporting Node 20+. I believe React Native still supports Node 18 until the EOL in April 2025, that's why I used `glob@10`. ## Changelog: [GENERAL] [CHANGED] - Upgrade from deprecated `glob@7` to supported `glob@10` <!-- Help reviewers and the release process by writing your own changelog entry. Pick one each for the category and type tags: [GENERAL] [CHANGED] - Upgrade from deprecated `glob@7` to supported `glob@10` For more details, see: https://reactnative.dev/contributing/changelogs-in-pull-requests X-link: facebook/react-native#48875 Reviewed By: robhogan, cortinico Differential Revision: D69594539 Pulled By: huntie
|
This PR is stale because it has been open for 180 days with no activity. It will be closed in 7 days unless you comment on it or remove the "Stale" label. |
react-native-bot
added
the
Stale
|
This PR was closed because it has been stalled for 7 days with no activity. |
react-native-bot
removed
the
Stale
|
Any status update on this |
|
|
Blocked by internal infra / dep alignment; gave up on this for now and needs a fresh reattempt. |
|
Is there another PR or issue where it is also being tracked or is this an actual tracker of the issue? |
|
Nope that's the latest we have on this effort @Lionhunt3r |
|
@cortinico Can you please follow up on this issue? This would be great to get it solved. |
|
With the new security notices going out for glob we probably want to get this unblocked and updated to v12 asap. |
|
This is a security vulnerability flagged by Checkmarx, bumping on this issue |
Summary: This replaces `glob@^7.0.0` with `tinyglobby@^0.2.15`. `glob@7` has been deprecated for a while and some versions after had security notices released for them. The plan is to backport this PR to `0.81.x` and onwards. > [!NOTE] > This is a stopgap solution until `fs.glob` becomes generally available with the EOL of Node v20 Succeeds: - #54669 - #48875 ## Changelog: [GENERAL] [SECURITY] - Replace `glob@^7.0.0` with `tinyglobby@^0.2.15` Pull Request resolved: #54737 Test Plan: - Ran all modified commands manually and `pod install in `rn-tester` - NOTE: `ios-prebuild`-related scripts haven't been run manually yet Reviewed By: robhogan Differential Revision: D88069145 Pulled By: huntie fbshipit-source-id: 0c455342a4c6d1d6605fd09fe47b418e5d751491
|
This PR is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
react-native-bot
added
the
Stale
|
Resolved in #54737. |
9 participants
Summary:
This is a long overdue follow-up from #46724, and upgrades the deprecated
glob@7toglob@10.When creating any React Native project today, you are greeted by a wall of deprecation warnings when installing with
npm-- with the most frequent offender beingglob@7.2.3. This hurts UX and diminishes developers' trust, even before starting their project.Unfortunately, no flow types are available for
glob@9+. I've tried creating a flow definition, but it turns out that theglob@10types usepath-scurry@^1.11.1,minimatch@^9.0.4, andminipass@^7.1.2-- all without flow type definitions. Writing the flow definitions for glob@9+ is non-trivial work, I'd be happy to help but I can't fix that on my own.Important
glob@11has already been released, but it's only supporting Node 20+. I believe React Native still supports Node 18 until the EOL in April 2025, that's why I usedglob@10.Changelog:
[GENERAL] [CHANGED] - Upgrade from deprecated
glob@7to supportedglob@10Test Plan:
npm create expo@latest ./test-install-warningscd ./test-install-warningsrm -rf node_modulesnpm installnpm list glob@7.2.3Most of the offending packages come from React Native packages, with some from
jest/jest-expo.