WordPress.org

Make WordPress Core

Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#49547 closed defect (bug) (fixed)

Update/Audit npm Dependencies for 5.4

Reported by: garrett-eclipse Owned by: SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: needs-patch
Focuses: Cc:

Description

In 5.3 the security team did an audit/update to the NPM dependencies. This was done in #48203 by @whyisjake and @jorbin.

If it's not too late for 5.4 we should try to get in the habit for major releases to run through these and address as much as we can.

As of writing these running an npm install on trunk gives a warning for 16 vulnerabilities (1 low, 6 moderate, 9 high).

Attachments (2)

npm-audit.txt (34.9 KB) - added by garrett-eclipse 19 months ago.
Result of running npm audit
49547.1.patch (630 bytes) - added by ayeshrajans 19 months ago.
Here is a patch with the possible automated fixes.

Download all attachments as: .zip

Change History (6)

@garrett-eclipse
19 months ago

Result of running npm audit

#1 @SergeyBiryukov
19 months ago

  • Milestone changed from Awaiting Review to 5.4

@ayeshrajans
19 months ago

Here is a patch with the possible automated fixes.

#2 @SergeyBiryukov
19 months ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#3 @SergeyBiryukov
19 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 47404:

Build/Test Tools: Bump devDependencies for WordPress 5.4.

Props ayeshrajans, garrett-eclipse.
Fixes #49547.

#4 @whyisjake
19 months ago

Adding an upstream PR here: https://github.com/gruntjs/grunt-contrib-imagemin/pull/392.

There are a few issues we can fix and sneak into 5.4.

Note: See TracTickets for help on using tickets.