WordPress.org

Make WordPress Core

Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#49547 closed defect (bug) (fixed)

Update/Audit npm Dependencies for 5.4

Reported by: garrett-eclipse Owned by: SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: needs-patch
Focuses: Cc:

Description

In 5.3 the security team did an audit/update to the NPM dependencies. This was done in #48203 by @whyisjake and @jorbin.

If it's not too late for 5.4 we should try to get in the habit for major releases to run through these and address as much as we can.

As of writing these running an npm install on trunk gives a warning for 16 vulnerabilities (1 low, 6 moderate, 9 high).

Attachments (2)

npm-audit.txt (34.9 KB) - added by garrett-eclipse 2 months ago.
Result of running npm audit
49547.1.patch (630 bytes) - added by ayeshrajans 2 months ago.
Here is a patch with the possible automated fixes.

Download all attachments as: .zip

Change History (6)

@garrett-eclipse
2 months ago

Result of running npm audit

#1 @SergeyBiryukov
2 months ago

  • Milestone changed from Awaiting Review to 5.4

@ayeshrajans
2 months ago

Here is a patch with the possible automated fixes.

#2 @SergeyBiryukov
2 months ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#3 @SergeyBiryukov
2 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 47404:

Build/Test Tools: Bump devDependencies for WordPress 5.4.

Props ayeshrajans, garrett-eclipse.
Fixes #49547.

#4 @whyisjake
2 months ago

Adding an upstream PR here: https://github.com/gruntjs/grunt-contrib-imagemin/pull/392.

There are a few issues we can fix and sneak into 5.4.

Note: See TracTickets for help on using tickets.