Update fast-xml-parser to fix Dependabot issue#2860
Conversation
fredrikekelund
left a comment
fredrikekelund
left a comment
There was a problem hiding this comment.
It's actually not entirely sufficient to address these issues by updating the lockfile, because when we package the CLI, we use only apps/cli/package.json to install a node_modules directory to be copied to the output (without devDependencies).
In this case, because of how the version constraints work, we should still ship the latest version of fast-xml-parser with the packaged CLI, but that always depends on the dependency tree and the version constraints "along the way".
In this case, I would complement this PR with another PR in the Playground repo that updates the fast-xml-parser dependency version.
| "os": [ | ||
| "darwin" | ||
| ], | ||
| "peer": true, |
There was a problem hiding this comment.
I thought that would make it so we didn't have this flip-flopping of peer props in the lockfile, but it doesn't really matter either way…
📊 Performance Test ResultsComparing fd8665f vs trunk app-size
site-editor
site-startup
Results are median values from multiple test runs. Legend: 🟢 Improvement (faster) | 🔴 Regression (slower) | ⚪ No change (<50ms diff) |
|
@fredrikekelund good point. In this case, it makes sense to close this one, update it in the Playground repo, and then update Playground in Studio when new version is released. |
|
Updating the lockfile will make it so we have a newer version while developing Studio, so I still think it makes sense to land this PR. It won't make a difference when we package the CLI, though. Then, we should get the latest version that fits the constraint specified by Playground ( |
|
@fredrikekelund sounds good, opened WordPress/wordpress-playground#3422 |
3 participants
Related issues
How AI was used in this PR
I made a change myself.
Proposed Changes
Testing Instructions
Pre-merge Checklist