Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#49547 closed defect (bug) (fixed)

Update/Audit npm Dependencies for 5.4

Reported by: garrett-eclipse's profile garrett-eclipse Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: needs-patch
Focuses: Cc:

Description

In 5.3 the security team did an audit/update to the NPM dependencies. This was done in #48203 by @whyisjake and @jorbin.

If it's not too late for 5.4 we should try to get in the habit for major releases to run through these and address as much as we can.

As of writing these running an npm install on trunk gives a warning for 16 vulnerabilities (1 low, 6 moderate, 9 high).

Attachments (2)

npm-audit.txt (34.9 KB) - added by garrett-eclipse 5 years ago.
Result of running npm audit
49547.1.patch (630 bytes) - added by ayeshrajans 5 years ago.
Here is a patch with the possible automated fixes.

Download all attachments as: .zip

Change History (6)

@garrett-eclipse
5 years ago

Result of running npm audit

#1 @SergeyBiryukov
5 years ago

  • Milestone changed from Awaiting Review to 5.4

@ayeshrajans
5 years ago

Here is a patch with the possible automated fixes.

#2 @SergeyBiryukov
5 years ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#3 @SergeyBiryukov
5 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 47404:

Build/Test Tools: Bump devDependencies for WordPress 5.4.

Props ayeshrajans, garrett-eclipse.
Fixes #49547.

#4 @whyisjake
5 years ago

Adding an upstream PR here: https://github.com/gruntjs/grunt-contrib-imagemin/pull/392.

There are a few issues we can fix and sneak into 5.4.

Note: See TracTickets for help on using tickets.