Scripts: Update lighthouse dependency
#65488
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
Changed to draft until greater insight into if this can be done or if a complete e2e overhaul via #60357 is in the works. |
gziolo
added
[Type] Security
|
I'm working on #67708, which contains the same changes regarding the |
|
@gziolo Sounds great. I'm closing this PR since it's already being covered. |
What?
Updates the
lighthousedependency in thee2e-test-utils-playwrightpackage.Why?
This fixes the issue with high-severity vulnerabilities introduced with an older version of the
puppeteer-coredependency, as mentioned in #64597. Lighthouse uses puppeteer-core and needs to be updated to use the latest version to remove the old dependencies with vulnerabilities.How?
package.jsonlighthouse dependency to the latest version.lighthouse+10.4.0.patchfile the old version depended on.Testing Instructions
Same as #64597:
npm i --save-dev @wordpress/scriptsnpm auditand you'll see a warning for high-severity vulnerabilities.npm ito update the packages.Other Notes
I'm not sure this package can be updated with a simple change in this PR. Someone with more familiarity can chime in. Issue Scripts: Deprecated or remove Puppeteer as e2e test handler #60357 mentions puppeteer and its removal, so if that's in progress and includes the
e2e-test-utils-playwrightpackage, we can disregard this PR.The core package.json and package-lock.json may need to be updated to include lighthouse as a dev dependency as was the case for Scripts: Update
puppeteer-coredependency #64597.