Skip to content

Commit

Permalink
Update various JS dependencies (#20890)
Browse files Browse the repository at this point in the history
Clean up JS dependencies, mainly those complained about by `pnpm audit`.

* Remove unneeded pnpm.overrides.
  
  * `@automattic/calypso-build` no longer depends on `node-sass`.
  * Nothing we depend on depends on `terser-webpack-plugin` 2.3.1 anymore.
  
  And fix syntax for a few others. Looks like pnpm 6.10.2 broke the syntax
  we were using before.

* Update browserslist.
  
  Add an override for `react-dev-utils` which unnecessarily depends on a
  specific version instead of allowing updates.

* Update cheerio.
  
  New version fixes dep on vulnerable `css-what`.

* Update tar.

* Update postcss.
  
  Only the 7.0.35 deps needed updating for vulnerabilities, but may as
  well do the 8.2.15 too.

* Update path-parse.

* Add override for [email protected].
  
  `@storybook/csf-tools` depends on `@mdx-js/mdx`, which is [refusing to
  fix the old dep in its 1.x branch][1] and hasn't released 2.0 yet.

* Upgrade copy-webpack-plugin.
  
  Depends on a vulnerable version of glob-parent.

* Update glob-parent where we can.
  
  Unfortunately we can't do them all.
  
  * storybook still has some deps. One they [removed in "next"][2].
    Another is still there. Plus it has some webpack 4 deps it seemingly
    doesn't actually use.
  * `gulp` devs [actively refuse to update dependencies][3] when they
    believe they're not hitting the vulnerability, apparently as protest
    against `npm audit` which they consider "broken".
  
[1]: mdx-js/mdx#1553
[2]: storybookjs/storybook#15174
[3]: gulpjs/glob-stream#108
  • Loading branch information
anomiex authored Sep 1, 2021
1 parent 1bfe6f5 commit 3952b6c
Show file tree
Hide file tree
Showing 5 changed files with 176 additions and 248 deletions.
12 changes: 6 additions & 6 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,12 @@
"pnpm": {
"overrides": {
"@automattic/calypso-build>enzyme-adapter-react-16@*": "npm:@wojtekmaj/[email protected]",
"@automattic/calypso-build>node-[email protected]": "^4.13.0",
"yargs@^7.1.0>yargs-parser": "^20.0.0",
"isomorphic-fetch@^2.1.1>node-fetch": "^2.6.1",
"terser-webpack-plugin@^1.4.3>serialize-javascript": "^5.0.0",
"[email protected]>serialize-javascript": "^5.0.0",
"jest-environment-jsdom@^24.0.0": "^26.0.1"
"isomorphic-fetch>node-fetch@^1.0.1": "^2.6.1",
"jest-environment-jsdom@^24.0.0": "^26.0.1",
"react-dev-utils>browserslist@^4": "^4",
"terser-webpack-plugin>serialize-javascript@^4.0.0": "^5.0.0",
"[email protected]": "^0.0.3",
"yargs>yargs-parser@^5.0.1": "^20.0.0"
}
}
}
Loading

0 comments on commit 3952b6c

Please sign in to comment.