Update/Audit NPM Dependencies for 7.0

[desrosj]

Previously:

• #63171 (6.9)
• #62220 (6.8)
• #62137 (6.7)
• #61498 (6.6)
• #59658 (6.5)
• #58863 (6.4)
• #57657 (6.3)
• #57535 (6.2)
• #56641 (6.1)
• #54727 (6.0)
• #53361 (5.9)
• #52624 (5.8)
• #51801 (5.7)
• #50769 (5.6)
• #49768 (5.5)
• #49547 (5.4)
• #48203 (5.3)
• #46039 (5.1)
• #45064 (5.0)
• #38199 (4.7)
• #36520 (4.6)
• #35104 (4.5)
• #34177 (4.4)
• #31700 (4.3)
• #31489 (4.2)
• #30141 (4.1)
• #27340 (4.0)
• #26073 (3.9)

Trac ticket: Core-64230

## Use of AI Tools

[sabernhardt]

@aakashverma1 called attention to updating cssnano and svgo on #64833 (involves multiple default themes).

[sabernhardt]

#64833 was marked as a duplicate.

I've been testing a workflow I created for Core-64878 while I worked on this. I have a PR on my fork that compares the changes to the build directory as a result of this (​bot comment here).

Only the expected files are changing: files built with Webpack, and files that reference those files by hashes.

The exceptions are the contents of wp/includes/build/** (these are orphaned files seemingly due to ignore properties and the build server not cleaning up after itself), an unremoved icon, and the version.php file being updated (expected).

I reviewed the version changes in package.json and they appear correct.

I did not review all the changes in package-lock.json, but noticed that it's grown substantially. We could run npm dedupe to trim dependencies down some.

I notice that there's a dependency on underscore@1.13.7 while ​`1.13.8` is the latest. Shall we upgrade that here?

I reviewed the version changes in package.json and they appear correct.

Thanks!

I did not review all the changes in package-lock.json, but noticed that it's grown substantially. We could run npm dedupe to trim dependencies down some.

I've gone and run a final npm audit fix. This increased the size of package-lock.json by 200 additional lines. Running npm dedupe decreased the overall change to to +~1,000 instead of +~1,100.

I notice that there's a dependency on underscore@1.13.7 while ​`1.13.8` is the latest. Shall we upgrade that here?

underscore is a not a devDependency. Updates to dependencies that are included in the built source are handled as enhancements, so it needs to wait until 7.0.1 or 7.1.

[desrosj]

In 62050:

Build/Test Tools: Update npm devDependencies.

This updates the following devDependencies:

• @playwright/test from 1.56.1 to 1.58.2
• @pmmmwh/react-refresh-webpack-plugin from 0.6.1 to 0.6.2
• @types/jquery from 3.5.33 to 3.5.34
• @types/underscore from 1.11.15 to 1.13.0
• @wordpress/e2e-test-utils-playwright from 1.33.2 to 1.41.0
• @wordpress/prettier-config from 4.33.1 to 4.41.0
• @wordpress/scripts from 30.26.2 to 31.6.0
• autoprefixer from 10.4.22 to 10.4.27
• cssnano from 7.1.2 to 7.1.3
• dotenv from 17.2.3 to 17.3.1
• grunt-sass from ~4.0.1 to ~4.1.0
• grunt-webpack from 7.0.0 to 7.0.1
• postcss from 8.5.6 to 8.5.8
• qunit from ~2.24.2 to ~2.25.0
• sass from 1.94.0 to 1.98.0
• terser-webpack-plugin from 5.3.14 to 5.4.0
• wait-on from 9.0.3 to 9.0.4
• webpack from 5.98.0 to 5.105.4

Props westonruter, jonsurrell, desrosj.
Fixes #64230.

[desrosj]

Reopening to look at the theme dependencies.

[desrosj]

I did not have a chance to look at theme dependencies. Going to close this out.

Opened #64968 for the 7.1 cycle.