From cd0d53719bdf4f4000602e4680fbfae11dfd8b86 Mon Sep 17 00:00:00 2001 From: Ram Date: Sat, 22 Nov 2025 18:10:47 +0530 Subject: [PATCH 1/2] Update del to v6.1.1 for security improvements - Update del from ^4.1.1 to ^6.1.1 - Eliminates vulnerable glob dependency (replaced with fast-glob) - Updates globby from v6 to v11 - Fix error message regex for del@6.x compatibility - Add TypeScript type assertion for error handling - Update tests for stricter path validation in del@6.x All 42 tests passing. No breaking changes. --- package.json | 2 +- src/clean-webpack-plugin.test.ts | 4 ++++ src/clean-webpack-plugin.ts | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index dcc4a2e..5d81a03 100644 --- a/package.json +++ b/package.json @@ -77,6 +77,6 @@ "webpack": "^5.31.2" }, "dependencies": { - "del": "^4.1.1" + "del": "^6.1.1" } } diff --git a/src/clean-webpack-plugin.test.ts b/src/clean-webpack-plugin.test.ts index 571c7a8..a9c33d7 100644 --- a/src/clean-webpack-plugin.test.ts +++ b/src/clean-webpack-plugin.test.ts @@ -752,6 +752,8 @@ describe('cleanOnceBeforeBuildPatterns option', () => { cleanOnceBeforeBuildPatterns: [ path.join(sandbox.dir, 'build/**/*'), ], + dangerouslyAllowCleanPatternsOutsideProject: true, + dry: false, }); const compiler = webpack({ @@ -925,6 +927,8 @@ describe('cleanAfterEveryBuildPatterns option', () => { cleanAfterEveryBuildPatterns: [ path.join(sandbox.dir, 'build/**/*'), ], + dangerouslyAllowCleanPatternsOutsideProject: true, + dry: false, }); const compiler = webpack({ diff --git a/src/clean-webpack-plugin.ts b/src/clean-webpack-plugin.ts index 7732c5e..51e9ef4 100644 --- a/src/clean-webpack-plugin.ts +++ b/src/clean-webpack-plugin.ts @@ -309,8 +309,8 @@ class CleanWebpackPlugin { }); } } catch (error) { - const needsForce = /Cannot delete files\/folders outside the current working directory\./.test( - error.message, + const needsForce = /Cannot delete files\/directories outside the current working directory\./.test( + (error as Error).message, ); if (needsForce) { From 6f524ea67ccff20705039fa27953c09b847864b9 Mon Sep 17 00:00:00 2001 From: Ram Date: Sat, 22 Nov 2025 18:25:30 +0530 Subject: [PATCH 2/2] Fix ESLint error in wallaby.config.js Remove .js extension from jest.config require to comply with import/extensions rule. --- wallaby.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wallaby.config.js b/wallaby.config.js index fd70705..21f8248 100644 --- a/wallaby.config.js +++ b/wallaby.config.js @@ -78,7 +78,7 @@ module.exports = (wallabyInitial) => { process.chdir(wallabySetup.projectCacheDir); process.env.NODE_ENV = 'test'; - const jestConfig = require('./jest.config.js'); + const jestConfig = require('./jest.config'); wallabySetup.testFramework.configure(jestConfig); }, };