Skip to content

Update devDepencies for 7.0#10961

Closed
desrosj wants to merge 20 commits intoWordPress:trunkfrom
desrosj:update/npm-dependencies-7-0
Closed

Update devDepencies for 7.0#10961
desrosj wants to merge 20 commits intoWordPress:trunkfrom
desrosj:update/npm-dependencies-7-0

Conversation

@desrosj
Copy link
Member

@desrosj desrosj commented Feb 17, 2026
edited
Loading

This updates the following devDependencies for WP 7.0:

Package Previous Version New Version
@playwright/test 1.56.1 1.58.2
@pmmmwh/react-refresh-webpack-plugin 0.6.1 0.6.2
@types/jquery 3.5.33 3.5.34
@types/underscore 1.11.15 1.13.0
@wordpress/e2e-test-utils-playwright 1.33.2 1.41.0
@wordpress/prettier-config 4.33.1 4.41.0
@wordpress/scripts 30.26.2 31.6.0
autoprefixer 10.4.22 10.4.27
cssnano 7.1.2 7.1.3
dotenv 17.2.3 17.3.1
grunt-sass ~4.0.1 ~4.1.0
grunt-webpack 7.0.0 7.0.1
postcss 8.5.6 8.5.8
qunit ~2.24.2 ~2.25.0
sass 1.94.0 1.98.0
terser-webpack-plugin 5.3.14 5.4.0
wait-on 9.0.3 9.0.4
webpack 5.98.0 5.105.4

Trac ticket: Core-64230

Use of AI Tools

Claude was used to generate the list of updated packages in the PR description.

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@desrosj desrosj self-assigned this Feb 17, 2026
@github-actions
Copy link

github-actions bot commented Feb 18, 2026

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

@desrosj desrosj force-pushed the update/npm-dependencies-7-0 branch from 0d103a0 to efa842f Compare February 18, 2026 02:32
@desrosj desrosj force-pushed the update/npm-dependencies-7-0 branch 2 times, most recently from 8596862 to 27b4d43 Compare March 18, 2026 13:53
@desrosj desrosj force-pushed the update/npm-dependencies-7-0 branch from 0be6db6 to c6eee36 Compare March 18, 2026 17:39
@desrosj desrosj marked this pull request as ready for review March 18, 2026 17:39
@desrosj
Copy link
Member Author

desrosj commented Mar 18, 2026

I've been testing a workflow I created for Core-64878 while I worked on this. I have a PR on my fork that compares the changes to the build directory as a result of this (bot comment here).

Only the expected files are changing: files built with Webpack, and files that reference those files by hashes.

The exceptions are the contents of wp/includes/build/** (these are orphaned files seemingly due to ignore properties and the build server not cleaning up after itself), an unremoved icon, and the version.php file being updated (expected).

@github-actions
Copy link

github-actions bot commented Mar 18, 2026
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props desrosj, jonsurrell.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@sirreal
Copy link
Member

sirreal commented Mar 18, 2026

I reviewed the version changes in package.json and they appear correct.

I did not review all the changes in package-lock.json, but noticed that it's grown substantially. We could run npm dedupe to trim dependencies down some.

I notice that there's a dependency on underscore@1.13.7 while 1.13.8 is the latest. Shall we upgrade that here?

@desrosj
Copy link
Member Author

desrosj commented Mar 19, 2026

I reviewed the version changes in package.json and they appear correct.

Thanks!

I did not review all the changes in package-lock.json, but noticed that it's grown substantially. We could run npm dedupe to trim dependencies down some.

I've gone and run a final npm audit fix. This increased the size of package-lock.json by 200 additional lines. Running npm dedupe decreased the overall change to to +~1,000 instead of +~1,100.

I notice that there's a dependency on underscore@1.13.7 while 1.13.8 is the latest. Shall we upgrade that here?

underscore is a not a devDependency. Updates to dependencies that are included in the built source are handled as enhancements, so it needs to wait until 7.0.1 or 7.1.

@github-actions
Copy link

github-actions bot commented Mar 19, 2026

A commit was made that fixes the Trac ticket referenced in the description of this pull request.

SVN changeset: 62050
GitHub commit: e31900f

This PR will be closed, but please confirm the accuracy of this and reopen if there is more work to be done.

@github-actions github-actions bot closed this Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@westonruter westonruter Awaiting requested review from westonruter

@aaronjorbin aaronjorbin Awaiting requested review from aaronjorbin

@sirreal sirreal Awaiting requested review from sirreal

Assignees

@desrosj desrosj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@desrosj @sirreal