Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update various JS dependencies (#20890)
Clean up JS dependencies, mainly those complained about by `pnpm audit`. * Remove unneeded pnpm.overrides. * `@automattic/calypso-build` no longer depends on `node-sass`. * Nothing we depend on depends on `terser-webpack-plugin` 2.3.1 anymore. And fix syntax for a few others. Looks like pnpm 6.10.2 broke the syntax we were using before. * Update browserslist. Add an override for `react-dev-utils` which unnecessarily depends on a specific version instead of allowing updates. * Update cheerio. New version fixes dep on vulnerable `css-what`. * Update tar. * Update postcss. Only the 7.0.35 deps needed updating for vulnerabilities, but may as well do the 8.2.15 too. * Update path-parse. * Add override for [email protected]. `@storybook/csf-tools` depends on `@mdx-js/mdx`, which is [refusing to fix the old dep in its 1.x branch][1] and hasn't released 2.0 yet. * Upgrade copy-webpack-plugin. Depends on a vulnerable version of glob-parent. * Update glob-parent where we can. Unfortunately we can't do them all. * storybook still has some deps. One they [removed in "next"][2]. Another is still there. Plus it has some webpack 4 deps it seemingly doesn't actually use. * `gulp` devs [actively refuse to update dependencies][3] when they believe they're not hitting the vulnerability, apparently as protest against `npm audit` which they consider "broken". [1]: mdx-js/mdx#1553 [2]: storybookjs/storybook#15174 [3]: gulpjs/glob-stream#108
- Loading branch information