[wp-trac] [WordPress Trac] #34177: Update package.json devDependencies for WordPress 4.4

WordPress Trac noreply at wordpress.org
Wed Oct 7 03:42:24 UTC 2015 

#34177: Update package.json devDependencies for WordPress 4.4
------------------------------+------------------
 Reporter:  jorbin            |       Owner:
     Type:  task (blessed)    |      Status:  new
 Priority:  normal            |   Milestone:  4.4
Component:  Build/Test Tools  |     Version:
 Severity:  normal            |  Resolution:
 Keywords:                    |     Focuses:
------------------------------+------------------

Old description:

> New versions of some of the devDependencies have been released.  Let's
> test and upgrade!
>
> {{{
> "autoprefixer-core" can be updated from ~5.2.1 to ~6.0.1 (Installed:
> 5.2.1, Latest: 6.0.1)
> "grunt-browserify" can be updated from ~4.0.0 to ~4.0.1 (Installed:
> 3.8.0, Latest: 4.0.1)
> "grunt-contrib-copy" can be updated from ~0.8.0 to ~0.8.1 (Installed:
> 0.8.0, Latest: 0.8.1)
> "grunt-contrib-cssmin" can be updated from ~0.12.3 to ~0.14.0 (Installed:
> 0.12.3, Latest: 0.14.0)
> "grunt-contrib-jshint" can be updated from ~0.11.2 to ~0.11.3 (Installed:
> 0.11.2, Latest: 0.11.3)
> "grunt-postcss" can be updated from ~0.5.4 to ~0.6.0 (Installed: 0.5.4,
> Latest: 0.6.0)
> "grunt-sass" can be updated from ~1.0.0 to ~1.1.0-beta (Installed: 1.0.0,
> Latest: 1.1.0-beta)
> "matchdep" can be updated from ~0.3.0 to ~1.0.0 (Installed: 0.3.0,
> Latest: 1.0.0)
> }}}

New description:

 New versions of some of the devDependencies have been released.  Let's
 test and upgrade!

 {{{
 "autoprefixer-core" can be updated from ~5.2.1 to ~6.0.1 (Installed:
 5.2.1, Latest: 6.0.1)
 "grunt-contrib-cssmin" can be updated from ~0.12.3 to ~0.14.0 (Installed:
 0.12.3, Latest: 0.14.0)
 "grunt-postcss" can be updated from ~0.5.4 to ~0.6.0 (Installed: 0.5.4,
 Latest: 0.6.0)
 "grunt-sass" can be updated from ~1.0.0 to ~1.1.0-beta (Installed: 1.0.0,
 Latest: 1.1.0-beta)
 "matchdep" can be updated from ~0.3.0 to ~1.0.0 (Installed: 0.3.0, Latest:
 1.0.0)
 }}}

--

Comment (by netweb):

 To clarify more on the semantic versioning of NodeJS packages:

 {{{
 The following dependencies are satisfied by their declared version range,
 but the installed versions are behind. You can install the latest versions
 without modifying your package.json by using npm update.

  grunt-browserify       ~4.0.0  →   ~4.0.1
  grunt-contrib-copy     ~0.8.0  →   ~0.8.1
  grunt-contrib-jshint  ~0.11.2  →  ~0.11.3
 }}}

 Example, because we use the tilde `~` character e.g. `"grunt-browserify":
 "~4.0.0",` then version `4.0.1` will be installed via either a fresh
 checkout of the develop repo follwed by `npm install` or updated without a
 change to `package.json` via `npm update`

 See http://semver.npmjs.com/ for further details.

 Example: From a fresh SVN checkout of the
 `devleop.svn.wordpress.org/trunk` repo and `npm install`:

 {{{
 $ npm list --depth=0
 WordPress at 4.4.0 /Users/netweb/dev/weatherbot/wp/trunk
 ├── autoprefixer-core at 5.2.1
 ├── grunt at 0.4.5
 ├── grunt-browserify at 4.0.1
 ├── grunt-contrib-clean at 0.6.0
 ├── grunt-contrib-compress at 0.13.0
 ├── grunt-contrib-concat at 0.5.1
 ├── grunt-contrib-copy at 0.8.1
 ├── grunt-contrib-cssmin at 0.12.3
 ├── grunt-contrib-imagemin at 0.9.4
 ├── grunt-contrib-jshint at 0.11.3
 ├── grunt-contrib-qunit at 0.7.0
 ├── grunt-contrib-uglify at 0.9.2
 ├── grunt-contrib-watch at 0.6.1
 ├── grunt-includes at 0.5.1
 ├── grunt-jsvalidate at 0.2.2
 ├── grunt-legacy-util at 0.2.0
 ├── grunt-patch-wordpress at 0.3.0
 ├── grunt-postcss at 0.5.5
 ├── grunt-rtlcss at 1.6.0
 ├── grunt-sass at 1.0.0
 └── matchdep at 0.3.0
 }}}

 Per the above I'm removing the following from the original list of
 dependancies to update in this ticket: `grunt-browserify`, `grunt-contrib-
 copy`, and `grunt-contrib-jshint`.

 If one of these dependancies are broken then we already have a problem
 without updating our `package.json` file as minor versions should not
 break anything per the semantic versioning of NodeJS package
 specifications. As such we no longer '''need''' to update minor versions
 of dependancies as long as we continue to use `~` to allow minor version
 updates in `package.json`.

 If we want to use explicit versions then we should revisit using `npm
 shrinkwrap` to achieve this.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34177#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list