Update/Audit NPM Dependencies for 6.4

[desrosj]

Previously:

• #57657 (6.3)
• #57535 (6.2)
• #56641 (6.1)
• #54727 (6.0)
• #53361 (5.9)
• #52624 (5.8)
• #51801 (5.7)
• #50769 (5.6)
• #49768 (5.5)
• #49547 (5.4)
• #48203 (5.3)
• #46039 (5.1)
• #45064 (5.0)
• #38199 (4.7)
• #36520 (4.6)
• #35104 (4.5)
• #34177 (4.4)
• #31700 (4.3)
• #31489 (4.2)
• #30141 (4.1)
• #27340 (4.0)
• #26073 (3.9)

[desrosj]

To carry over a few unaddressed items from #57657:

This ​pull request updates a few dependencies, but some overlap preexisting tickets such as #56731 for imagesloaded.

cssnano is also out of date, and several updates are blocked by raising the minimum version of NodeJS to >= 16.0. This will be addressed in #56658.

Props to @tanjimtc71 and @hareesh-pillai for calling these out.

[Hareesh Pillai]

cssnano updated

[rajinsharwar]

Updating framer-motion and @emotion/is-prop-valid

[rajinsharwar]

Related: #58936 #58930

[desrosj]

In 56390:

Build/Test Tools: Update all build tool related dependencies.

This updates the following dependencies to their latest versions:

• chalk
• cssnano
• dotenv
• grunt-contrib-cssmin
• grunt-contrib-qunit
• grunt-webpack
• jest-image-snapshot
• postcss
• sass
• sinon
• webpack

Additionally, npm audit fix has been run to automatically fix as many issues as possible.

See #58863.

[desrosj]

In 56533:

Bundled Themes: Update npm dependencies for Twenty Nineteen and Twenty Twenty.

This updates the npm dependencies for Twenty Nineteen and Twenty Twenty to their latest versions. This also includes the results of running npm audit fix.

There are no changes in any built files as a result.

See #58863.

This includes Webpack and React related updates to accompany WordPress/Gutenberg#54657.

Trac ticket: https://core.trac.wordpress.org/ticket/58863

[desrosj]

In 56647:

Build/Test Tools: Update build related dependencies to their latest versions.

This updates the following npm dependencies:

• autoprefixer to version 10.4.16.
• grunt-contrib-qunit to version 8.0.1.
• postcss to version 8.4.30.
• react-refresh to version 0.14.0.
• sass to version 1.68.0.
• sinon to version 16.0.0.
• uuid to version 9.0.1.
• tslib to version 2.6.2.

This change accompanies a similar one in the Gutenberg repository: ​https://github.com/WordPress/gutenberg/pull/54657.

Props gziolo, desrosj.
Fixes #58863.

[desrosj]

@rajinsharwar Sorry, I missed your patch above for framer-motion and @emotion/is-prop-valid.

I just opened an ​upstream issue on GitHub to update framer-motion in Gutenberg first to ensure there are no issues. @emotion/is-prop-valid also should be investigated there first.

Running npm list @emotion/is-prop-valid results in this:

├── @emotion/is-prop-valid@0.8.8
├─┬ @wordpress/block-editor@12.3.14
│ └─┬ @emotion/styled@11.10.6
│   └── @emotion/is-prop-valid@1.2.1
└─┬ framer-motion@10.11.6
  └── @emotion/is-prop-valid@0.8.8 d

I'm not that it's necessary to include this as a direct dependency.

Merged in https://core.trac.wordpress.org/changeset/56647.

Since ​version 20.0.0, puppeteer uses Chrome instead of Chromium for testing. The PUPPETEER_SKIP_CHROMIUM_DOWNLOAD environment variable was removed in favor of PUPPETEER_SKIP_DOWNLOAD.

puppeteer is a peer dependency of grunt-contrib-qunit, which was updated in [56647].

This changes PUPPETEER_SKIP_CHROMIUM_DOWNLOAD to PUPPETEER_SKIP_DOWNLOAD in order to restore the previous behavior of not downloading the desired binary in workflows where it's not required.

Trac ticket: https://core.trac.wordpress.org/ticket/58863

[desrosj]

In 56659:

Build/Test Tools: Update the environment variable for skipping browser binaries.

This changes the environment variable used in GitHub Action workflows to skip downloading the browser binary that’s a peer dependency when it’s not needed.

In [56647], the version of puppeteer peer-dependency was bumped to >= 20.0.0. Starting in version 20.0.0, puppeteer switched to using Chrome for testing instead of Chromium. With this release, the PUPPETEER_SKIP_CHROMIUM_DOWNLOAD environment variable was removed in favor of the more generic PUPPETEER_SKIP_DOWNLOAD.

All workflows that do not need a browser binary now contain the correct PUPPETEER_SKIP_CHROMIUM_DOWNLOAD variable.

Follow up to [56647].

See #58863.

Merged in https://core.trac.wordpress.org/changeset/56659.

[afercia]

I just wanted to note that one of the changes here (I think [56647]) in combination with gutenberg ​https://github.com/WordPress/gutenberg/pull/52993 suddenly made the gutenberg build fail on my local environment this morning. Very likely, I'm not the only one who faced this issue. For more details, please see this comment: ​https://github.com/WordPress/gutenberg/pull/52993#issuecomment-1735409085

Contributors may have very different local development environments. Cloning the gutenberg repository inside the core plugins directory is a legitimate way to set up a dev environment, in my opinion. Ideally, changes in core and gutenberg should never break the build process, whatever the development environment is. I do realize managing packages versions across two projects is complicated but I'd really like to see more coordination to avoid a frustrating development experience for many contributors.

[desrosj]

In 56944:

Build/Test Tools: Downgrade grunt-contrib-qunit dependency.

grunt-contrib-qunit was upgraded from version 7.0.1 to 8.0.1 in [56647]. However, this update causes a strange failure when running the build script for the Gutenberg plugin when checked out within a wordpress-develop checkout.

This reverts the related change in [56647] and downgrades the dependency back to 7.0.1 until the exact reason for the failure is narrowed down.

Props afercia, kevin940726, antonvlasenko, desrosj.
See #59634, #58863.

[desrosj]

In 56957:

Build/Test Tools: Update build related dependencies.

This updates the following development dependencies to their latest versions:

• postcss
• qunit
• sass
• webpack

Additionally, npm audit fix has been run.

Fixes #58863.

[desrosj]

In 56973:

Build/Test Tools: Skip Puppeteer download in build workflow.

This adds the PUPPETEER_SKIP_DOWNLOAD environment variable to the Build WordPress workflow to skip downloading Puppeteer browser binaries unnecessarily.

Follow up to [56958].

See #59416, #59517, #58863.