Make WordPress Core

#57535 closed enhancement (fixed)

Update/Audit NPM Dependencies for 6.2

Reported by: desrosj's profile desrosj Owned by: desrosj's profile desrosj
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description

Previously:

Attachments (1)

57535.diff (128.3 KB) - added by naeemhaque 23 months ago.
Updated NPM Dependencies for 6.2

Download all attachments as: .zip

Change History (22)

@naeemhaque
23 months ago

Updated NPM Dependencies for 6.2

#1 @naeemhaque
23 months ago

  • Keywords has-patch added

Updated NPM Dependencies for 6.2

#2 @desrosj
23 months ago

  • Keywords changes-requested added
  • Milestone changed from Awaiting Review to 6.2

Hi @naeemhaque,

Thanks for this patch! I have a few items of feedback.

  • Could you create a GitHub pull request for this? Because this affects the various build processes, it's a good way to confirm there will be no unintended side effects. You can find some documentation about this in the Core Handbook.
  • It seems that the version qualifiers (~, ^, etc.) were removed from the dependencies. If they were present previously, could you re-add them?

This ticket was mentioned in PR #3913 on WordPress/wordpress-develop by NaeemHaque.


23 months ago
#3

In 53113:
Updated some NPM dependencies to the latest versions.

This updates several NPM dependencies to the latest versions, including:

  • grunt-contrib-qunit from ~6.2.0 to ~6.2.1
  • qunit from ~2.19.1 to ~2.19.4
  • sass from ^1.55.0 to ^1.57.1
  • sinon from ~14.0.1 to ~14.0.2
  • sinon-test from ~3.1.4 to ~3.1.5
  • uglify-js from ^3.17.3" to ^3.17.4

Trac ticket: https://core.trac.wordpress.org/ticket/57535

#4 @naeemhaque
23 months ago

Hi @desrosj
Thanks for your feedback.
Now I have created a GitHub pull request for this and also added version qualifiers(~, ^)

@mukesh27 commented on PR #3913:


23 months ago
#5

@desrosj Can you review when you get a moment?

@desrosj commented on PR #3913:


23 months ago
#6

Thanks @NaeemHaque. The changes look good in the individual commits, but it seems the last commit on this PR created some problems. I'm not sure what's happening, but could you take a look and try to fix?

There's also now a merge conflict after https://core.trac.wordpress.org/changeset/55150.

NaeemHaque commented on PR #3913:


22 months ago
#7

Hello @desrosj, sorry for this created problem. I've tried to resolve it but didn't. This branch has some conflicts I think you can resolve when merging with the branch trunk. On the other hand, I can create e new branch and update all dependencies again.
Thank you.

This ticket was mentioned in PR #3968 on WordPress/wordpress-develop by @desrosj.


22 months ago
#8

A version of #3913 with a few tweaks and conflicts resolved.

Trac ticket: https://core.trac.wordpress.org/ticket/57535

@desrosj commented on PR #3913:


22 months ago
#9

No worries @NaeemHaque! Thanks for working on this so far.

I've created #3968 to resolve those conflicts and push. In the future when you create a PR, there is an option to allow repository maintainers to push to you pull request branch. If you check that, then Core committers can push changes to your pull request!

#10 @desrosj
22 months ago

In 55191:

Build/Test Tools: Update npm dependencies.

This updates the following npm dependencies to their latest versions:

  • chalk from 5.1.0 to 5.2.0.
  • dotenv-expand from 9.0.0 to 10.0.0.
  • grunt-contrib-qunit from 6.2.0 to 6.2.1.
  • prettier from 2.0.5 to 2.6.2.
  • qunit from 2.19.1 to 2.19.4.
  • sass from 1.55.0 to 1.58.0.
  • sinon from 14.0.1 to 15.0.1.
  • sinon-test from 3.1.4 to 3.1.5.
  • source-map-loader from 4.0.0 to 4.0.1.
  • uglify-js from 3.17.3 to 3.17.4.
  • wait-on from 6.0.1 to 7.0.1.
  • webpack from 5.74.0 to 5.75.0.

Additionally, npm audit fix has been run to further update packages that may contain vulnerabilities.

Props naeemhaque, mukesh27, desrosj.
See #57535.

NaeemHaque commented on PR #3913:


22 months ago
#14

Noted with thanks.

#15 @desrosj
22 months ago

  • Owner set to desrosj
  • Status changed from new to assigned

#17 @desrosj
22 months ago

In 55232:

Build/Test Tools: Update json2php package.

This updates the json2php package to the latest version, which is currently 0.0.7.

See #57535.

#18 @desrosj
22 months ago

In 55233:

Build/Test Tools: Update npm dependencies for bundled themes.

This applies several dependency version updates to Twenty Nineteen, Twenty Twenty, and Twenty Twenty-One.

npm audit fix has also been run to automatically fix any packages with reported vulnerabilities.

See #57535.

#20 @costdev
22 months ago

  • Keywords dev-feedback added

@desrosj Myself and @mukesh27 are scrubbing these tickets ahead of 6.2 Beta 1 later today.

Is there anything left for this ticket in 6.2, or are you ready to close it and open the 6.3 version for next cycle? Thanks!

#21 @desrosj
22 months ago

  • Keywords changes-requested dev-feedback removed
  • Resolution set to fixed
  • Status changed from assigned to closed

As of today, all of the related items for this ticket have been addressed. I'm going to close this out, but if there's a need to update dependencies before RC we can reopen.

Note: See TracTickets for help on using tickets.