WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#46039 closed task (blessed) (fixed)

Update package.json

Reported by: azaozz Owned by: pento
Milestone: 5.1 Priority: normal
Severity: normal Version: 5.1
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description

While working on #45645 had to (re)generate package.json and package-lock.json (on a Mac) and noticed quite a few packages and dependencies were updated. Also a lot of "optional": true, were added.

Not sure how critical that may be but would probably be better to use the newer packages.

Attachments (3)

46039.diff (146.2 KB) - added by azaozz 3 years ago.
46039.1.diff (144.9 KB) - added by wpscholar 3 years ago.
Ran npm update. Sets specific versions in package.json file.
46039.2.diff (151.9 KB) - added by wpscholar 3 years ago.
Explicitly match versions to what is in Gutenberg package-lock.json file. Note: Gutenberg is on underscore version 1.4.4 whereas WordPress is already running version 1.8.3. Also, whatwg-fetch in Gutenberg is at version 2.0.4 and WordPress is already running version 3.0.0. The version for moment in the package.json file appears to be downgraded, but it brings it in sync with the existing version already installed in both WordPress and Gutenberg.

Download all attachments as: .zip

Change History (12)

@azaozz
3 years ago

#1 @azaozz
3 years ago

In 46039.diff: updated (auto-generated) package.json and package-lock.json.

#2 @gziolo
3 years ago

https://github.com/WordPress/gutenberg/blob/master/packages/element/package.json#L27-L28

Gutenberg is still on React 16.6.x - it's probably fine to bump to 16.7, however it wasn't tested this way. I would suggest staying at whatever is in the lock file of g-master branch. I can double check tomorrow.

#3 @desrosj
3 years ago

  • Keywords has-patch added
  • Type changed from defect (bug) to task (blessed)
  • Version set to trunk

I am going to make this a task so that it can be explored after beta 2. I agree that package versions should stay in sync with those upstream in Gutenberg, though.

#4 @gziolo
3 years ago

In general, we should stop using ranges for dependencies listed in the main package.json file to limit the number of packages updated in the lock file whenever any change gets applied. This should bring more stability to the whole process.

We should also closely align with Gutenberg for vendor packages which are provided in PHP files. See:

https://github.com/WordPress/gutenberg/blob/master/lib/client-assets.php#L586-L633

All the versions used there should match in WordPress core:

  • @babel/polyfill
  • lodash
  • moment
  • react
  • reac-dom

and other polyfills

This ticket was mentioned in Slack in #core-js by desrosj. View the logs.


3 years ago

#6 @wpscholar
3 years ago

Running npm outdated after running npm install on a fresh checkout of master:

https://i.ibb.co/yWPYrtb/before.png

Running npm outdated after running npm update:

https://i.ibb.co/m5cfyH6/after.png

This brings most things up-to-date without a significant risk of breakage.

I didn't scan through every single package.json file in every package in the Gutenberg repo, but with some spot checking, I think the versions we end up with on update match what Gutenberg is expecting.

Does anyone see something that shouldn't be updated? Or that wasn't updated and should be?

Last edited 3 years ago by wpscholar (previous) (diff)

@wpscholar
3 years ago

Ran npm update. Sets specific versions in package.json file.

#7 @wpscholar
3 years ago

Sorry, just realized that the reason I didn't see a specific React version in the Gutenberg package-lock.json file is because the entire file can't be loaded in the browser on GitHub. Closer inspection does reveal that we are at exactly version 16.6.3 of React. Updated patch to come shortly with closer cross-checking of package-lock.json file on my local instead of in the browser. ;)

@wpscholar
3 years ago

Explicitly match versions to what is in Gutenberg package-lock.json file. Note: Gutenberg is on underscore version 1.4.4 whereas WordPress is already running version 1.8.3. Also, whatwg-fetch in Gutenberg is at version 2.0.4 and WordPress is already running version 3.0.0. The version for moment in the package.json file appears to be downgraded, but it brings it in sync with the existing version already installed in both WordPress and Gutenberg.

#8 @pento
3 years ago

  • Owner set to pento
  • Status changed from new to assigned

#9 @pento
3 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 44728:

Build: Update package.json dependencies to match Gutenberg.

Props wpscholar, azaozz, gziolo.
Fixes #46039.

Note: See TracTickets for help on using tickets.