Skip to content

fix(deps-dev): bump the npm-dev-minor-patch group with 2 updates#606

Merged
dkotter merged 3 commits into
developfrom
dependabot/npm_and_yarn/npm-dev-minor-patch-19a937d8c7
May 26, 2026
Merged

fix(deps-dev): bump the npm-dev-minor-patch group with 2 updates#606
dkotter merged 3 commits into
developfrom
dependabot/npm_and_yarn/npm-dev-minor-patch-19a937d8c7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited by github-actions Bot
Loading

Bumps the npm-dev-minor-patch group with 2 updates: @wordpress/build and @wordpress/scripts.

Updates @wordpress/build from 0.13.0 to 0.14.0

Changelog

Sourced from @​wordpress/build's changelog.

0.14.0 (2026-05-14)

Bug Fixes

  • Register generated CSS module styles with @wordpress/style-runtime so they can be injected into registered documents, such as editor iframes (#77965).
Commits
  • 51264e3 chore(release): publish
  • a8d4b30 Update changelog files
  • f75812b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • ac75d25 Update changelog files
  • 3e8943b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • 9656be0 Update changelog files
  • 4313ac2 Merge changes published in the Gutenberg plugin "release/23.2" branch
  • a5cc28f Update changelog files
  • 30dff6b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • 6445ede chore(release): publish
  • Additional commits viewable in compare view

Updates @wordpress/scripts from 32.1.0 to 32.2.0

Changelog

Sourced from @​wordpress/scripts's changelog.

32.2.0 (2026-05-14)

Commits
  • 51264e3 chore(release): publish
  • a8d4b30 Update changelog files
  • f75812b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • ac75d25 Update changelog files
  • 3e8943b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • 9656be0 Update changelog files
  • 4313ac2 Merge changes published in the Gutenberg plugin "release/23.2" branch
  • a5cc28f Update changelog files
  • 30dff6b Merge changes published in the Gutenberg plugin "release/23.2" branch
  • 6445ede chore(release): publish
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Open WordPress Playground Preview

@dependabot
fix(deps-dev): bump the npm-dev-minor-patch group with 2 updates
d7e7207 
Bumps the npm-dev-minor-patch group with 2 updates: [@wordpress/build](https://github.com/WordPress/gutenberg/tree/HEAD/packages/wp-build) and [@wordpress/scripts](https://github.com/WordPress/gutenberg/tree/HEAD/packages/scripts).


Updates `@wordpress/build` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/WordPress/gutenberg/releases)
- [Changelog](https://github.com/WordPress/gutenberg/blob/trunk/packages/wp-build/CHANGELOG.md)
- [Commits](https://github.com/WordPress/gutenberg/commits/@wordpress/build@0.14.0/packages/wp-build)

Updates `@wordpress/scripts` from 32.1.0 to 32.2.0
- [Release notes](https://github.com/WordPress/gutenberg/releases)
- [Changelog](https://github.com/WordPress/gutenberg/blob/trunk/packages/scripts/CHANGELOG.md)
- [Commits](https://github.com/WordPress/gutenberg/commits/@wordpress/scripts@32.2.0/packages/scripts)

---
updated-dependencies:
- dependency-name: "@wordpress/build"
  dependency-version: 0.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dev-minor-patch
- dependency-name: "@wordpress/scripts"
  dependency-version: 32.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dev-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 22, 2026
@jeffpaul jeffpaul requested a review from dkotter May 26, 2026 14:13
@jeffpaul jeffpaul added this to the 1.1.0 milestone May 26, 2026
@jeffpaul jeffpaul moved this from Triage to Needs review in WordPress AI Planning & Roadmap May 26, 2026
@dkotter
Copy link
Copy Markdown
Collaborator

dkotter commented May 26, 2026

@justlevine Curious for your thoughts here. Seems like these Dependabot updates that bump NPM dependencies are always failing now with:

npm error npm ci can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with npm install before continuing

I can easily fix that myself by pulling this PR down, running npm i and committing the resulting lock file but I guess I would have assumed Dependabot would take care of this. Anything we need to adjust here to get this working again?

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: dkotter <dkotter@git.wordpress.org>
Co-authored-by: justlevine <justlevine@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@justlevine
Copy link
Copy Markdown
Contributor

justlevine commented May 26, 2026
edited
Loading

I can easily fix that myself by pulling this PR down, running npm i and committing the resulting lock file

@dkotter I believe 👆 is the issue, and more broadly my suggestion here:

Dependabot is running using npm@10 since that's what gets bundled by nvm use, however since you're running npm@11 locally, when you manually regenerate(d) the lockfile, this transitive dependency gets stripped out.

In the immediate term, you should be able to fix this by temporarily downgrading npm and regenerating the lockfile.

Longer term:

  • I'm still wary about bumping to node24 as long as we're using 0.x experimental Gutenberg libraries like @wordpress/build, but considering that our use of node22' hasn't caused any issues yet, maybe I'm being overcautious? It's definitely worth revisiting now that we have a clearer picture of the friction involved in allowing for npm11 (and the extra supply chain benefits it brings)

  • Alternatively, we could try explicitly adding date-fns as an override > peer > dev > regular dep, and seeing if that's enough to stop the lockfile discrepancy between npm versions.

@dkotter dkotter modified the milestones: 1.0.1, 1.1.0 May 26, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 26, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.00%. Comparing base (05766ce) to head (7fe2e3e).

Additional details and impacted files 
@@            Coverage Diff             @@
##             develop     #606   +/-   ##
==========================================
  Coverage      74.00%   74.00%           
  Complexity      1738     1738           
==========================================
  Files             85       85           
  Lines           7490     7490           
==========================================
  Hits            5543     5543           
  Misses          1947     1947
Flag Coverage Δ
unit 74.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dkotter dkotter modified the milestones: 1.1.0, 1.0.1 May 26, 2026
@dkotter dkotter merged commit dcb1a90 into develop May 26, 2026
18 checks passed
@dkotter dkotter deleted the dependabot/npm_and_yarn/npm-dev-minor-patch-19a937d8c7 branch May 26, 2026 21:50
@github-project-automation github-project-automation Bot moved this from Needs review to Done in WordPress AI Planning & Roadmap May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkotter dkotter dkotter approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

WordPress AI Planning & Roadmap
Status: Done

Milestone

1.0.1

Development

Successfully merging this pull request may close these issues.

3 participants

@dkotter @justlevine @jeffpaul