#49768 closed defect (bug) (fixed)
Update/Audit NPM dependencies for 5.5
Reported by: | whyisjake | Owned by: | whyisjake |
---|---|---|---|
Milestone: | 5.5 | Priority: | normal |
Severity: | normal | Version: | 5.5 |
Component: | Build/Test Tools | Keywords: | has-patch |
Focuses: | Cc: |
Description
Carrying some of the work out of #49547, we were able to push some upstream dependencies to update.
Attachments (4)
Change History (29)
This ticket was mentioned in PR #212 on WordPress/wordpress-develop by whyisjake.
5 years ago
#3
Dependency bump coming out of a security audit.
Trac ticket: https://core.trac.wordpress.org/ticket/49768
#4
@
5 years ago
- Keywords has-patch added
With grunt-contrib-qunit
bumped to 3.1.0 and now requiring puppeteer
, PUPPETEER_SKIP_CHROMIUM_DOWNLOAD
apparently needs to be reset for JS tests to pass, otherwise they produce a fatal error as seen in this build:
>> There was an error with headless chrome Fatal error: Chromium revision is not downloaded. Run "npm install" or "yarn install"
49768.2.diff handles that, and also keeps tilde and caret ranges for grunt
, grunt-contrib-imagemin
, and grunt-contrib-qunit
versions in package.json
.
#5
@
4 years ago
There are still like 20k warnings, but I want to get this committed, and then work on paring down the rest.
#8
@
4 years ago
- Keywords needs-patch added; has-patch removed
- Resolution fixed deleted
- Status changed from closed to reopened
#9
@
4 years ago
For reference, the build failed with:
npm ERR! Invalid dependency type requested: alias
npm can handle dependency aliases since version 6.9.0, WordPress is still using 6.1.0. It seems like bumping the version should fix the failures.
#10
@
4 years ago
Per comment 5 on #meta4974:
Version 12.16.3 of node.js and version 6.14.4 of NPM have been deployed to the build infrastructure
It should therefore be possible to use these newer versions in core.
#11
@
4 years ago
With 49768.3.diff, the build passes.
I've left out the @wordpress/scripts
version bump, as it's generally up to the Editor team to bump those dependencies in tickets like [47106] / #49204.
#16
@
4 years ago
49768-themes.diff updates a few packages in Twenty Twenty and Twenty Nineteen to the latest versions and addresses a few issues flagged by npm audit
. I ran tests, and everything seemed to work correctly to me. The only difference in behavior as a result of these changes is the consolidation of a single CSS rule.
#49707 was marked as a duplicate.