Skip to content

Update project dependencies #598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thelovekesh merged 2 commits into from
Jan 29, 2026
Merged

Update project dependencies #598

thelovekesh merged 2 commits into from
Jan 29, 2026

Conversation

@amitraj2203
Copy link
Contributor

@amitraj2203 amitraj2203 commented Jan 29, 2026
edited
Loading

Summary

  • Updated all npm dependencies to their latest versions, including major bumps for @wordpress/* packages (scripts, env, eslint-plugin, etc.), cross-env, lint-staged, and eslint-plugin-jest.
  • Updated @wordpress/interactivity to version (6.39.0).
  • Added overrides in package.json for webpack-dev-server (^5.2.1) to resolve dependency conflicts.
  • Updated composer.lock to pull in latest patch versions of PHP dependencies (e.g., phpunit/phpunit 9.6.22 -> 9.6.34, nikic/php-parser 5.4.0 -> 5.7.0).

Test plan

  • Verify npm install completes without errors or warnings.
  • Run npm run build:prod and confirm the build succeeds.
  • Run npm run lint:all and confirm no new linting issues.
  • Start wp-env (npm run wp-env start) and run npm run test to confirm all JS and PHP tests pass.

@thelovekesh
Copy link
Member

thelovekesh commented Jan 29, 2026

@amitraj2203 let's also bump Node.js to v24 in .nvmrc which is v20 at the moment.

also, seems like we don't need to add override for glob since it's fixable by npm audit fix command.

here are the commands i ran post bumping Node.js to v24 which limits the override to only webpack-dev-server

$ npm i
$ npm i $(npm outdated --parseable | cut -d':' -f 4 | tr '\n' ' ')
$ npm audit fix

# add override for `webpack-dev-server`

$ npm i

@amitraj2203
Copy link
Contributor Author

amitraj2203 commented Jan 29, 2026

Thanks @thelovekesh for the review, I've done it in ab60ce9

thelovekesh
thelovekesh reviewed Jan 29, 2026
View reviewed changes
@amitraj2203 amitraj2203 force-pushed the chore/update-dependencies branch from fb17eed to 73b11f2 Compare January 29, 2026 11:44
@amitraj2203
chore: update dependencies and devDependencies in package.json
b543e0d 
- Updated @wordpress/interactivity to version 6.39.0
- Upgraded various devDependencies:
  - @babel/core to 7.28.6
  - @wordpress/babel-preset-default to 8.39.0
  - @wordpress/browserslist-config to 6.39.0
  - @wordpress/env to 10.39.0
  - @wordpress/eslint-plugin to 24.1.0
  - @wordpress/jest-preset-default to 12.39.0
  - @wordpress/scripts to 31.4.0
  - browserslist to 4.28.1
  - cross-env to 10.1.0
  - css-minimizer-webpack-plugin to 7.0.4
  - eslint to 8.57.1
  - eslint-plugin-import to 2.32.0
  - eslint-plugin-jest to 29.12.1
  - eslint-plugin-react-hooks to 7.0.1
  - lint-staged to 16.2.7
  - webpack-remove-empty-scripts to 1.1.1
- Added overrides for webpack-dev-server to version ^5.2.1
@amitraj2203 amitraj2203 reopened this Jan 29, 2026
@thelovekesh thelovekesh changed the title Fix Security Vulnerabilities Update project dependencies Jan 29, 2026
@thelovekesh thelovekesh merged commit 76b1ebe into main Jan 29, 2026
11 checks passed
@thelovekesh thelovekesh deleted the chore/update-dependencies branch January 29, 2026 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thelovekesh thelovekesh thelovekesh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@amitraj2203 @thelovekesh