WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#36498 closed task (blessed) (fixed)

Shrinkwrap npm dependencies for 4.5

Reported by: jorbin Owned by: jorbin
Milestone: 4.5.1 Priority: normal
Severity: normal Version: 4.5
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:
PR Number:

Description


Attachments (1)

36498.diff (1.2 MB) - added by jorbin 4 years ago.

Download all attachments as: .zip

Change History (7)

@jorbin
4 years ago

#1 @jorbin
4 years ago

  • Keywords has-patch added

#2 @jorbin
4 years ago

  • Owner set to jorbin
  • Resolution set to fixed
  • Status changed from new to closed

In 37186:

Add npm-shrinkwrap.json to 4.5

By shrinkwraping our dependencies, the same versions of everything will be installed no matter what rules the dependency package.json has specificed.

See #30787.
Fixes #36498.

#3 @netweb
4 years ago

The npm-shrinkwrap.json contains newer versions than the versions in our package.json file.

e.g. Autoprefixer is ~6.3.3 in package.json and 6.3.6 in npm-shrinkwrap.json

This is expected though because of semantic versioning and our use of patch level ~ for versions in package.json

npm modulenpm-shrinkwrap.jsonpackage.json
autoprefixer@6.3.6~6.3.3
git-or-svn@0.1.1~0.1.0
grunt@0.4.5~0.4.5
grunt-browserify@5.0.0~5.0.0
grunt-contrib-clean@1.0.0~1.0.0
grunt-contrib-compress@1.1.1~1.1.0
grunt-contrib-concat@1.0.0~1.0.0
grunt-contrib-copy@1.0.0~1.0.0
grunt-contrib-cssmin@1.0.1~1.0.0
grunt-contrib-imagemin@1.0.0~1.0.0
grunt-contrib-jshint@1.0.0~1.0.0
grunt-contrib-qunit@1.1.0~1.1.0
grunt-contrib-uglify@0.10.1~0.10.0
grunt-contrib-watch@1.0.0~1.0.0
grunt-includes@0.5.4~0.5.1
grunt-jsvalidate@0.2.2~0.2.2
grunt-legacy-util@0.2.00.2.0
grunt-patch-wordpress@0.3.0~0.3.0
grunt-postcss@0.7.2~0.7.1
grunt-rtlcss@2.0.1~2.0.1
grunt-sass@1.1.0~1.1.0
matchdep@1.0.1~1.0.0

git-or-svn@0.1.1 may be of concern, it's in 4.5, but removed in in 4.6, @ericlewis can you ensure that the package is not removed/unpublished from NPM for a while please? Or maybe backport r37185 to the 4.5 branch?

#4 @ericlewis
4 years ago

I would never unpublish ;)

#5 @netweb
4 years ago

Just noting grunt prerelease ran as expected inside branches/4.5 after npm install installed the npm-shrinkwrap.json versions :)

#6 @swissspidy
4 years ago

  • Version set to 4.5
Note: See TracTickets for help on using tickets.