Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update trash from 5.2.0 to 7.2.0 in packages/file-service #4286

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore(deps): update trash from 5.2.0 to 7.2.0 in packages/file-service #4286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0554b5d
chore(deps): update trash from 5.2.0 to 7.2.0 in packages/file-service
nxps Dec 31, 2024
a511004
Merge branch 'main' into main
nxps Jan 3, 2025
bd7deea
Merge branch 'opensumi:main' into main
nxps Jan 6, 2025
491b362
Merge branch 'opensumi:main' into main
nxps Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/file-service/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"@parcel/watcher": "2.1.0",
"file-type": "16.5.4",
"nsfw": "2.2.0",
"trash": "^5.2.0",
"trash": "7.2.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

建议更新到最新的稳定版本 8.1.1

根据验证结果,我们发现:

  1. 当前使用的 7.2.0 版本已经过时,最新的稳定版本是 8.1.1(9.0.0 需要 Node.js 18)
  2. trash v8.0.0 有以下重要变更:
    • 包已转换为纯 ESM 格式
    • 要求 Node.js 12.20 或更高版本
  3. 在项目中,trash 仅在 file-service 包中使用,且使用了标准的 import 语法

建议:

  • 升级到 v8.1.1 版本以获得性能改进和 bug 修复
  • 添加 caret (^) 以允许补丁版本更新:"trash": "^8.1.1"
  • 确保项目的 Node.js 版本满足 v12.20 的要求
🔗 Analysis chain

请注意依赖项的重大版本更新

^5.2.0 更新到 7.2.0 是一个重大版本升级,同时移除了 caret (^) 符号。这可能会带来以下影响:

  1. 失去了自动更新小版本的灵活性
  2. 可能包含破坏性更改

让我们验证一下这个版本:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# 检查 trash 包的最新版本和更新日志

# 获取最新版本信息
echo "检查最新版本:"
npm view trash versions --json | jq -r '.[-3:]'

# 检查是否存在已知的安全问题
echo -e "\n检查安全问题:"
npm audit --package-lock-only --audit-level=low --json <<EOF
{
  "dependencies": {
    "trash": "7.2.0"
  }
}
EOF

# 获取更新日志以检查破坏性更改
echo -e "\n检查破坏性更改:"
gh api repos/sindresorhus/trash/releases | jq -r '.[].body' | grep -i "breaking"

Length of output: 1042

Script:

#!/bin/bash
# 检查 trash 包的版本 7.2.0 和 9.0.0 之间的变更日志
echo "检查版本 7.2.0 到 9.0.0 的变更:"
gh api repos/sindresorhus/trash/releases | jq -r '.[] | select(.tag_name | test("v[7-9]")) | "版本:\(.tag_name)\n\(.body)\n"'

# 检查项目中是否有其他包依赖 trash
echo -e "\n检查项目中的 trash 依赖:"
fd package.json --type f --exec grep -l "trash" {} \;

# 检查代码中 trash 的使用方式
echo -e "\n检查代码中的 trash 使用:"
rg "require.*trash|import.*trash" -A 2

Length of output: 1813

"vscode-languageserver-types": "^3.16.0",
"write-file-atomic": "^5.0.1"
},
Expand Down
Loading
Loading