[wp-trac] [WordPress Trac] #38199: Update npm dependencies for 4.7

WordPress Trac noreply at wordpress.org
Tue Nov 1 09:24:25 UTC 2016 

#38199: Update npm dependencies for 4.7
------------------------------+-----------------------
 Reporter:  jorbin            |       Owner:  jorbin
     Type:  task (blessed)    |      Status:  assigned
 Priority:  normal            |   Milestone:  4.7
Component:  Build/Test Tools  |     Version:
 Severity:  normal            |  Resolution:
 Keywords:                    |     Focuses:
------------------------------+-----------------------

Comment (by netweb):

 Replying to [comment:4 swissspidy]:
 > Out of curiosity I ran `yarn` to create a lock file and got the
 following output which I think is worth considering:
 >
 > > warning grunt > minimatch at 0.2.14: Please update to minimatch 3.0.2 or
 higher to avoid a RegExp DoS issue
 > > warning grunt > glob > minimatch at 0.2.14: Please update to minimatch
 3.0.2 or higher to avoid a RegExp DoS issue
 > > warning grunt > findup-sync > glob > minimatch at 0.3.0: Please update to
 minimatch 3.0.2 or higher to avoid a RegExp DoS issue
 > > warning grunt > glob > graceful-fs at 1.2.3: graceful-fs v3.0.0 and
 before will fail on node releases >= v7.0. Please update to `graceful-
 fs@^4.0.0` as soon as possible. Use 'npm ls graceful-fs' to find it in the
 tree.
 > > warning grunt-patch-wordpress > request > tough-cookie at 2.2.2: ReDoS
 vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

 You'd should see the similar results from an `npm install`.

 And here's my fresh `npm install result` for reference:

 {{{
 #!bash
 $ npm install
 npm WARN deprecated minimatch at 0.2.14: Please update to minimatch 3.0.2 or
 higher to avoid a RegExp DoS issue
 npm WARN deprecated minimatch at 0.3.0: Please update to minimatch 3.0.2 or
 higher to avoid a RegExp DoS issue
 npm WARN deprecated graceful-fs at 1.2.3: graceful-fs v3.0.0 and before will
 fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon
 as possible. Use 'npm ls graceful-fs' to find it in the tree.
 npm WARN deprecated tough-cookie at 2.2.2: ReDoS vulnerability parsing Set-
 Cookie https://nodesecurity.io/advisories/130
 npm WARN prefer global jshint at 2.9.4 should be installed with -g
 npm WARN prefer global node-gyp at 3.4.0 should be installed with -g
 }}}

 Side Note: My initial testing of YARN has been all positive, I've created
 ticket #38603 to explore adding Yarn further.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38199#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list