Skip to content

Update Build Infrastructure and Dependencies #228

Description

@iamdharmesh

Problem & Expected Outcome

  • The Problem: This extension has accumulated dependency drift over time, including outdated npm packages, unresolved Dependabot security alerts, and an outdated Node.js version. This creates friction for every developer working on the extension by causing unpredictable CI builds, increasing security exposure, and introducing inconsistent build tool behavior across repositories.
  • The Fix: Modernize the extension's build tooling and dependency stack to align with the latest supported versions. This includes upgrading the project to Node.js 24, updating npm and Composer dependencies to their supported major versions, resolving Dependabot security alerts, and updating CI workflows accordingly.

Scope of Work

  • Upgrade Node.js to version 24, consistent with WooCommerce core standard, including updates to GitHub Actions workflows.
  • Update all npm dependencies to their current major versions, resolving incompatibilities introduced by the upgrade.
  • Resolve all high/critical Dependabot security alerts by running npm audit fix and addressing any remaining vulnerabilities manually if possible.
  • Update all Composer dependencies to their current major versions, respecting the extension’s declared minimum PHP version.
  • Document all tool versions (npm, Node, Composer), important npm scripts, and any known caveats in the extension’s README.md for developers, and AI agents.
  • Validate that all existing E2E tests checks pass following the upgrade.
  • Merge the work to develop and tag it for inclusion in the next scheduled feature release.

Acceptance Criteria

  • Node.js version is set to 24 in the project root (e.g., .nvmrc) and is consistent with WooCommerce core.
  • GitHub Actions workflows use Node 24 and succeed without modification after the upgrade.
  • All npm dependencies are updated to their current major versions. No outdated packages remain that have a non-breaking upgrade path available.
  • npm audit reports zero high or critical severity vulnerabilities following npm audit fix and any possible manual remediation.
  • All Composer dependencies are updated to their current major versions. Minimum PHP version compatibility declared by the extension is respected throughout.
  •  README.md documents: Node version, npm version, Composer version, all important npm scripts with descriptions, and any known caveats or environment-specific notes.
  • The extension builds successfully using the defined build scripts with no errors.
  • All existing E2E tests pass following the upgrade. No regressions introduced.
  • PR(s) are merged to develop. A release ZIP is created and tagged for bundling with the next feature release.

Out of Scope

  • Writing new tests or modifying test coverage. The goal is to confirm existing tests pass, not expand them.
  • Feature development of any kind. This is a build tooling maintenance project.
  • Resolving test failures that pre-date this upgrade and are unrelated to the dependency changes.
  • Major refactors to build configuration beyond what is required to achieve a passing build with the new tools.
  • Standalone patch or maintenance releases. This work ships bundled within the next feature release for each extension.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions