Update/Audit NPM Dependencies for 6.8

[desrosj]

Previously:

• #62137 (6.7)
• #61498 (6.6)
• #59658 (6.5)
• #58863 (6.4)
• #57657 (6.3)
• #57535 (6.2)
• #56641 (6.1)
• #54727 (6.0)
• #53361 (5.9)
• #52624 (5.8)
• #51801 (5.7)
• #50769 (5.6)
• #49768 (5.5)
• #49547 (5.4)
• #48203 (5.3)
• #46039 (5.1)
• #45064 (5.0)
• #38199 (4.7)
• #36520 (4.6)
• #35104 (4.5)
• #34177 (4.4)
• #31700 (4.3)
• #31489 (4.2)
• #30141 (4.1)
• #27340 (4.0)
• #26073 (3.9)

Trac ticket: https://core.trac.wordpress.org/ticket/62220

👋 @desrosj Are you planning to land this in the near future (i.e. well before WP 6.8 Beta 1)?

(FWIW, I'd love that, as I have a ​janitorial PR that requires a package update 😊)

@ockham I plan to merge this sometime next week! But it's not a high priority.

Is the concern a merge conflict? Or something else? Don't feel blocked to commit your PR if it's ready and I'll adjust. 😄

@ockham I plan to merge this sometime next week! But it's not a high priority.

Is the concern a merge conflict? Or something else? Don't feel blocked to commit your PR if it's ready and I'll adjust. 😄

Thank you, but I really can't land mine before a package update 😅 A while ago, I removed some now-obsolete functions from the Navigation block's PHP in Gutenberg. My PR moves -- or rather copies -- them to deprecated.php. But that means that they're colliding with the function declarations that still exist in Core's navigation.php -- until that file is updated by a package sync.

I hope that made sense. But again, not urgent at all -- any time before Beta 1 is fine 😄

[desrosj]

In 59509:

Build/Test Tools: Update devDependencies.

This updates the following devDependencies:

• dotenv from 16.4.5 to 16.4.7
• dotenv-expand from 11.0.6 to 12.0.1
• postcss from 8.4.47 to 8.4.49
• qunit from 2.22.0 to 2.23.1
• sass from 1.79.4 to 1.79.6
• terser-webpack-plugin from 5.3.10 to 5.3.11
• uglify-js from 3.17.4 to 3.19.3
• uuid from 9.0.1 to 11.0.3
• webpack from 5.90.2 to 5.97.1

Additionally, npm audit fix has been run.

Follow up to [58585].

See #62220.

@ockham Merged in https://core.trac.wordpress.org/changeset/59509!

There are a few other dependencies with updates that need more work in order to be usable (sinon's update causes test failures, for example). But won't get to those for a bit.

Aaand this is where I realize that this PR was about updating 3rd party dependencies, rather than @wordpress/ packages. In my head, I totally equated "Update NPM packages" with "Sync @wordpress/ NPM packages".
Bonus points for me for never actually checking the diff 🤦‍♂️

Anyway. Sorry for the noise. Nothing to see here. Carry on.

Unprops @ockham.

Sorry! I should have been more specific that it was only devDependencies! No worries!

Trac ticket: https://core.trac.wordpress.org/ticket/62220

[desrosj]

In 59530:

Build/Test Tools: Update Default Theme devDependencies.

The devDependencies for all default themes with package.json files (Twenty Nineteen, Twenty Twenty, and Twenty Twenty-One) are now updated to their latest versions with a few exceptions in Twenty Twenty-One:

• Upgrading stylelint/@wordpress/stylelint-config requires some work to address rule deprecations.
• @wordpress/eslint-plugin does not yet support eslint 9.x.

Additionally, npm audit fix has been run for each theme.
See #62220.

Merged in https://core.trac.wordpress.org/changeset/59530.

[desrosj]

In 59768:

Build/Test Tools: Configure UglifyJS to preserve previous behavior.

As of UglifyJS >= 3.18.0, the default behavior is to process input as an ES module. This updates the relevant configurations to ensure the build process continues to use the previous behavior to avoid JavaScript errors in the minified versions of files.

Follow up to [58563], [58586], and [59509].

Props siliconforks, nataliat2004, poena, mai21, SergeyBiryukov.
Fixes #62767. See #61519, #62220.

Trac ticket: https://core.trac.wordpress.org/ticket/62220

[desrosj]

In 59929:

Build/Test Tools: Update devDependencies.

This updates the following devDependencies to their latest versions:

• @playwright/test from 1.49.1 to 1.50.1
• chalk from 5.3.0 to 5.4.1
• copy-webpack-plugin from 12.0.2 to 13.0.0
• grunt-sass from 3.1.0 to 4.0.0
• postcss from 8.4.49 to 8.5.3
• sass from 1.83.4 to 1.85.1
• terser-webpack-plugin from 5.3.11 to 5.3.12
• uuid from 11.0.3 to 11.1.0
• wait-on from 8.0.1 to 8.0.2
• wepback from 5.97.1 to 5.98.0

Additionally, npm dedupe and npm audit fix have been run.

Fixes #62220.

[desrosj]

If there are any further updates required before 6.8, this can be reopened!

[desrosj]

Opened #63171 for the 6.9 cycle.

[poena]

#63229 was marked as a duplicate.

Trac Ticket: Core-62220

### Summary
This pull request addresses the security vulnerability alert flagged by Dependabot in the npm packages used by the Twenty Twenty theme.

### Changes

• Updated vulnerable npm packages to the latest secure versions

[debarghyabanerjee]

Hi @poena, I have changed the PR's ticket to this, The reason for raising the PR is that it updates the packages to their latest versions and addresses the vulnerabilities in axios and tar-fs.

cc: @desrosj