Make WordPress Core

#57657 closed task (blessed) (fixed)

Update/Audit NPM Dependencies for 6.3

Reported by: desrosj's profile desrosj Owned by:
Milestone: 6.3 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch needs-refresh
Focuses: Cc:

Description

Previously:

Change History (11)

#1 @desrosj
22 months ago

Even though the 6.3 cycle has not yet begun, I created this so that it's not forgotten for the next release cycle since #57535 was closed as fixed with no more required updates.

If a dependency needs updating before 6.2 is branched, please reopen #57535 and include the fix there.

This ticket was mentioned in PR #4040 on WordPress/wordpress-develop by @tanjimtc71.


22 months ago
#2

  • Keywords has-patch added

Hi there! I've updated npm dependencies for 6.3.

The following dependencies are being updated:
jest-image-snapshot from 3.0.1 to 6.1.0
react-refresh from 0.10.0 to 0.14.0
imagesloaded from 4.1.4 to 5.0.0

Note that: grunt latest version is 1.6.1 but it is not compatible with our version of node/npm. It wanted: {"node":">=16"} but wordpress core wanted: {"node": "14.x"}. So it's not updated.

Thank You.

Trac ticket: https://core.trac.wordpress.org/ticket/57657

#3 follow-up: @Hareesh Pillai
20 months ago

  • Type changed from defect (bug) to enhancement

There's been a new major release of cssnano (v6.0.0).
Changes: https://github.com/cssnano/cssnano/compare/cssnano@5.1.14...cssnano@6.0.0

Also, I'm changing the ticket type to enhancement, as this is not a bug.

#4 in reply to: ↑ 3 ; follow-up: @azaozz
18 months ago

Replying to Hareesh Pillai:

I'm changing the ticket type to enhancement, as this is not a bug.

Hmm, not so sure? Updates usually include bugfixes, so technically this is both enhancement and bugfix. The best ticket type is probably "task" :)

#5 @azaozz
18 months ago

  • Keywords needs-refresh added

The PR needs a refresh. This can be committed during beta as it is for the build/test tools, not production code.

This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.


18 months ago

#7 @oglekler
18 months ago

  • Type changed from enhancement to task (blessed)

#8 in reply to: ↑ 4 @Hareesh Pillai
18 months ago

Replying to azaozz:

Hmm, not so sure? Updates usually include bugfixes, so technically this is both enhancement and bugfix. The best ticket type is probably "task" :)

Totally agree with you, @azaozz. I was trying just to keep up with the convention based on the previous tickets mentioned in the description.

Anyway, the current blessed task status gives us more time to land stuff into the upcoming release!

This ticket was mentioned in Slack in #core by desrosj. View the logs.


18 months ago

#10 @joemcgill
18 months ago

In 56097:

Build/Test Tools: Update terser-webpack-plugin.

This bumps the terser-webpack-plugin dependency to version 5.3.9, which fixes an error during the minification process of the @wordpress/block-library package during builds.

Props clorith, azaozz, desrosj.
Fixes #58660, See #57657.

#11 @desrosj
17 months ago

  • Resolution set to fixed
  • Status changed from new to closed

@tanjimtc71 Apologies that your pull request did not get the attention it needed for 6.3. There are still some outdated dependencies in the 6.3 branch (including the ones addressed in the PR and mentioned above), but looking at what they are, I don't feel strongly enough to update them during RC. I'm going to close this out and we can circle back to them in #58863.

One rule of thumb to keep in mind for the future. There are currently two types of dependencies for WordPress: ones that are used in the build processes and development tools (cssnano, dotenv, grunt-contrib-clean, etc.), and ones that include an external library that is processed within the build process (polyfills such as imagesloaded, moment, jquery, etc.).

Updates for the former are usually handled here because their impact on the built software that's eventually released to the world is typically minimal to zero. Updates to the latter are usually handled in either individual separate tickets (such as #58083 for jquery or #56731 for imagesloaded), or a separate overarching ticket for updating lesser used ones (such as #56670 or #57646). External library updates like these usually require more visibility since updates could potentially impact 3rd-party code.

#56658 will also be addressing the problems with NodeJS version constraints (requiring 16.x+) in the next few weeks, so dependencies can be updated more comprehensively after that.

Note: See TracTickets for help on using tickets.