fix: Updated dependencies to resolve vulnerabilities #701
+21,761
−7,707
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There were a number of outdated packages, as well as many that had either been depricated or moved. Some packages are no longer needed, as they were polyfilling functionality that now exists later versions of JS or React. I have replaced the use of 'react-loadable' with Lazy and Suspense from React. I've also migrated to the new Babel Mono-repo package structure. I've updated the webpack config to resolve some issues with changes in the config parameter as well and switching out 'extract-text-webpack-plugin' for 'mini-css-extract-plugin' and 'eslint-loader' for 'eslint-webpack-plugin' I haven't currently resolve all issue with the build process, however, the packages will now all install.
GaryJones
reviewed
Jan 30, 2025
| @@ -1542,6 +1542,7 @@ public static function handle_query_vars_for_post_filtering( $query ) { | |||
| * @return bool | |||
| */ | |||
| public static function current_user_can_edit_liveblog() { | |||
| $user = wp_get_current_user(); | |||
There was a problem hiding this comment.
Where is this new assigned variable being used?
|
Thanks for this @peter-stewart-thg. In terms of reviewing these changes, there's obviously a lot of work gone in here, but it's also bundled into a single PR / not many commits, which means it's harder to see what package updates were needed for security reasons, what for compatibility reasons, and what changes in the rest of the code relate to those package changes, and why some packages are no longer needed.
There's nothing to say the plugin was working perfectly before you started (😉), but our lack of substantial test coverage here (particularly on the JS side) will make these updates hard to merge confidently in. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There were a number of outdated packages,
as well as many that had either been depricated or moved.
Some packages are no longer needed, as they were polyfilling
functionality that now exists later versions of JS or React.
I have replaced the use of 'react-loadable' with
Lazy and Suspense from React.
I've also migrated to the new Babel Mono-repo package structure.
I've updated the webpack config to resolve some issues with changes
in the config parameter as well and switching out
'extract-text-webpack-plugin' for 'mini-css-extract-plugin'
and 'eslint-loader' for 'eslint-webpack-plugin'
The issues related to this PR can be seen here: #700
UPDATE
I have just made a few more changes to this after testing the package in our WordPress install.
Unfortunately the changes are not quite functioning as intended.
I have just update how "react-select/async" and ajax from "rxjs" are used to bring them inline with the latests packages, however, it's still not working perfectly.
I might not have any more time to work on this, so if anyone else is able to take this on, please let me know.