WordPress.org

Make WordPress Core

#46039 closed task (blessed) (fixed)

Update package.json

Reported by: azaozz Owned by: pento
Milestone: 5.1 Priority: normal
Severity: normal Version: 5.1
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description

While working on #45645 had to (re)generate package.json and package-lock.json (on a Mac) and noticed quite a few packages and dependencies were updated. Also a lot of "optional": true, were added.

Not sure how critical that may be but would probably be better to use the newer packages.

Attachments (3)

46039.diff (146.2 KB) - added by azaozz 17 months ago.
46039.1.diff (144.9 KB) - added by wpscholar 16 months ago.
Ran npm update. Sets specific versions in package.json file.
46039.2.diff (151.9 KB) - added by wpscholar 16 months ago.
Explicitly match versions to what is in Gutenberg package-lock.json file. Note: Gutenberg is on underscore version 1.4.4 whereas WordPress is already running version 1.8.3. Also, whatwg-fetch in Gutenberg is at version 2.0.4 and WordPress is already running version 3.0.0. The version for moment in the package.json file appears to be downgraded, but it brings it in sync with the existing version already installed in both WordPress and Gutenberg.

Download all attachments as: .zip

Change History (12)

@azaozz
17 months ago

#1 @azaozz
17 months ago

In 46039.diff: updated (auto-generated) package.json and package-lock.json.

#2 @gziolo
17 months ago

https://github.com/WordPress/gutenberg/blob/master/packages/element/package.json#L27-L28

Gutenberg is still on React 16.6.x - it's probably fine to bump to 16.7, however it wasn't tested this way. I would suggest staying at whatever is in the lock file of g-master branch. I can double check tomorrow.

#3 @desrosj
17 months ago

  • Keywords has-patch added
  • Type changed from defect (bug) to task (blessed)
  • Version set to trunk

I am going to make this a task so that it can be explored after beta 2. I agree that package versions should stay in sync with those upstream in Gutenberg, though.

#4 @gziolo
17 months ago

In general, we should stop using ranges for dependencies listed in the main package.json file to limit the number of packages updated in the lock file whenever any change gets applied. This should bring more stability to the whole process.

We should also closely align with Gutenberg for vendor packages which are provided in PHP files. See:

https://github.com/WordPress/gutenberg/blob/master/lib/client-assets.php#L586-L633

All the versions used there should match in WordPress core:

  • @babel/polyfill
  • lodash
  • moment
  • react
  • reac-dom

and other polyfills

This ticket was mentioned in Slack in #core-js by desrosj. View the logs.


16 months ago

#6 @wpscholar
16 months ago

Running npm outdated after running npm install on a fresh checkout of master:

https://i.ibb.co/yWPYrtb/before.png

Running npm outdated after running npm update:

https://i.ibb.co/m5cfyH6/after.png

This brings most things up-to-date without a significant risk of breakage.

I didn't scan through every single package.json file in every package in the Gutenberg repo, but with some spot checking, I think the versions we end up with on update match what Gutenberg is expecting.

Does anyone see something that shouldn't be updated? Or that wasn't updated and should be?

Last edited 16 months ago by wpscholar (previous) (diff)

@wpscholar
16 months ago

Ran npm update. Sets specific versions in package.json file.

#7 @wpscholar
16 months ago

Sorry, just realized that the reason I didn't see a specific React version in the Gutenberg package-lock.json file is because the entire file can't be loaded in the browser on GitHub. Closer inspection does reveal that we are at exactly version 16.6.3 of React. Updated patch to come shortly with closer cross-checking of package-lock.json file on my local instead of in the browser. ;)

@wpscholar
16 months ago

Explicitly match versions to what is in Gutenberg package-lock.json file. Note: Gutenberg is on underscore version 1.4.4 whereas WordPress is already running version 1.8.3. Also, whatwg-fetch in Gutenberg is at version 2.0.4 and WordPress is already running version 3.0.0. The version for moment in the package.json file appears to be downgraded, but it brings it in sync with the existing version already installed in both WordPress and Gutenberg.

#8 @pento
16 months ago

  • Owner set to pento
  • Status changed from new to assigned

#9 @pento
16 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 44728:

Build: Update package.json dependencies to match Gutenberg.

Props wpscholar, azaozz, gziolo.
Fixes #46039.

Note: See TracTickets for help on using tickets.