@wordpress/scripts vulnerability

  • KJ Roelke

    (@kjroelke)


    8 months ago

    Hi!

    This is a continuation of a previous support topic because it has been marked “Closed to replies” but the issue still persists.

    I’ve been running @wordpress/scripts v27.9.0 for a while (had to wait until WP 6.6 was released to update because of the missing jsx-runtime-react dependency. At that version, terminal responds with “5 high severity issues” that appear to stemming from ws,puppeteer-core, lighthouse, and @wordpress/e2e-test-utils-playwright peer dependencies. I had hoped/assumed this would be fixed in @wordpress/scripts v28, but it has not.

    What I’ve tried:

    • Running npm audit fix --force downgrades @wordpress/scripts to v19.2.4, unsurprisingly causing 47 vulnerabilities.
    • Upgrading to 28.0, .1, and .2 individually did not resolve the issues.

    I’m happy to break apart the package and do things myself, but I’m not familiar enough with webpack, prettier and eslint to recreate the core of what my team needs (start/build commands that “just work” and config files).

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Tags