WordPress.org

Make WordPress Core

Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#49547 closed defect (bug) (fixed)

Update/Audit npm Dependencies for 5.4

Reported by: garrett-eclipse Owned by: SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: needs-patch
Focuses: Cc:

Description

In 5.3 the security team did an audit/update to the NPM dependencies. This was done in #48203 by @whyisjake and @jorbin.

If it's not too late for 5.4 we should try to get in the habit for major releases to run through these and address as much as we can.

As of writing these running an npm install on trunk gives a warning for 16 vulnerabilities (1 low, 6 moderate, 9 high).

Attachments (2)

npm-audit.txt (34.9 KB) - added by garrett-eclipse 15 months ago.
Result of running npm audit
49547.1.patch (630 bytes) - added by ayeshrajans 15 months ago.
Here is a patch with the possible automated fixes.

Download all attachments as: .zip

Change History (6)

@garrett-eclipse
15 months ago

Result of running npm audit

#1 @SergeyBiryukov
15 months ago

  • Milestone changed from Awaiting Review to 5.4

@ayeshrajans
15 months ago

Here is a patch with the possible automated fixes.

#2 @SergeyBiryukov
15 months ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#3 @SergeyBiryukov
15 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 47404:

Build/Test Tools: Bump devDependencies for WordPress 5.4.

Props ayeshrajans, garrett-eclipse.
Fixes #49547.

#4 @whyisjake
15 months ago

Adding an upstream PR here: https://github.com/gruntjs/grunt-contrib-imagemin/pull/392.

There are a few issues we can fix and sneak into 5.4.

Note: See TracTickets for help on using tickets.