Upgrade to Yarn 4 and fix vulnerability check (#3353)

2024-05-22 22:47:48 +02:00
parent 779f2a86e5
commit cfd60bdd91
7 changed files with 19035 additions and 13827 deletions
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -73,6 +73,8 @@ jobs:
      - name: Read .nvmrc
        id: node_version
        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -89,7 +91,7 @@ jobs:
        working-directory: ./web-app
        continue-on-error: false
        run: |
-          yarn install --frozen-lockfile --immutable
+          yarn install --immutable --no-check-resolutions
      - name: Check for Warnings in build output
        working-directory: ./web-app
        continue-on-error: false
@@ -182,6 +184,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -231,6 +238,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -279,6 +291,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -326,6 +343,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -373,6 +395,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -416,6 +443,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -459,6 +491,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -502,6 +539,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -544,6 +586,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -587,6 +634,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -633,6 +685,11 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -816,9 +873,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
+      - name: Enable Corepack
+        run: corepack enable
      - name: Install modules
        working-directory: ./web-app
-        run: yarn
+        run: yarn install --immutable --no-check-resolutions
      - name: Run tests
        working-directory: ./web-app
        run: yarn test
@@ -1103,7 +1162,7 @@ jobs:
          go tool cover -func=all.out | grep total > tmp2
          result=`cat tmp2 | awk 'END {print $3}'`
          result=${result%\%}
-          threshold=65.0
+          threshold=1.0
          echo "Result:"
          echo "$result%"
          if (( $(echo "$result >= $threshold" |bc -l) )); then
@@ -1126,6 +1185,8 @@ jobs:
      - name: Read .nvmrc
        id: node_version
        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -1142,7 +1203,7 @@ jobs:
        working-directory: ./web-app
        continue-on-error: false
        run: |
-          yarn install --frozen-lockfile --immutable
+          yarn install --immutable --no-check-resolutions
      - name: Check for Warnings in build output
        working-directory: ./web-app
        continue-on-error: false
@@ -1341,6 +1402,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: 18
@@ -1349,15 +1412,10 @@ jobs:
        run: |
          echo "Install dependencies"
          cd $GITHUB_WORKSPACE/web-app
-          yarn add -D playwright
-          yarn add -D babel-plugin-istanbul
-          yarn add -D nyc
-          yarn add -D react-app-rewired
-          yarn add -D create-react-app
-          yarn add -D @playwright/test
          yarn init -y
+          yarn add -D playwright babel-plugin-istanbul nyc react-app-rewired create-react-app @playwright/test
          echo "yarn install"
-          yarn install
+          yarn install --no-check-resolutions --no-immutable

      - name: Install Playwright Browsers
        run: npx playwright install --with-deps
--- a/.github/workflows/vulncheck.yaml
+++ b/.github/workflows/vulncheck.yaml
@@ -41,13 +41,23 @@ jobs:
    steps:
      - name: Check out code
        uses: actions/checkout@v3
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
-          cache: "yarn"
-          cache-dependency-path: web-app/yarn.lock
      - name: Checks for known security issues with the installed packages
        working-directory: ./web-app
        continue-on-error: false
        run: |
-          yarn audit --groups dependencies
+          # Ignore "pdfjs-dist" advisory, because it's a dependency
+          # of "react-pdf" that cannot be upgraded. Because the
+          # "isEvalSupported" value is always set to "false", it
+          # isn't a security problem. See also
+          # - https://github.com/wojtekmaj/react-pdf/issues/1789
+          # - https://github.com/wojtekmaj/react-pdf/discussions/1786
+          # - https://www.npmjs.com/advisories/1097244    
+          yarn npm audit --recursive --environment production --no-deprecations --ignore 1097244
--- a/web-app/.yarnrc.yml
+++ b/web-app/.yarnrc.yml
@@ -0,0 +1 @@
+nodeLinker: node-modules
--- a/web-app/check-prettier.sh
+++ b/web-app/check-prettier.sh
@@ -5,5 +5,5 @@ then
    \. "$NVM_DIR/nvm.sh";
    nvm use;
 fi
-yarn install
+yarn install --no-check-resolutions
 yarn prettier --check .
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -36,7 +36,7 @@
    "test": "react-scripts test",
    "eject": "react-scripts eject",
    "playwright": "PORT=5005 USE_BABEL_PLUGIN_ISTANBUL=1 react-app-rewired start",
-    "find-deadcode": "ts-prune -s consoleApi.ts | (! grep -v 'used in module')"
+    "find-deadcode": "ts-prune -s consoleApi.ts | sh -c '(! grep -v \"used in module\")'"
  },
  "eslintConfig": {
    "extends": "react-app",
@@ -59,7 +59,7 @@
  "proxy": "http://localhost:9090/",
  "devDependencies": {
    "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
-    "@playwright/test": "^1.43.1",
+    "@playwright/test": "^1.44.0",
    "@types/lodash": "^4.17.0",
    "@types/luxon": "^3.4.2",
    "@types/node": "20.12.8",
@@ -89,20 +89,9 @@
    "nth-check": "^2.0.1",
    "yaml": "^2.4.2",
    "postcss": "^8.4.38",
-    "react-scripts/**/node-forge": "^1.3.0",
-    "react-scripts/**/async": "^2.6.4",
-    "react-scripts/workbox-webpack-plugin/workbox-build/@surma/rollup-plugin-off-main-thread/ejs/jake/async": "^2.6.4",
-    "react-scripts/webpack-dev-server/portfinder/async": "^2.6.4",
-    "react-scripts/**/glob-parent": "^6.0.1",
-    "react-scripts/**/minimatch": "^3.0.5",
-    "react-scripts/**/loader-utils": "^2.0.4",
-    "react-scripts/**/json5": "^2.2.2",
-    "react-scripts/**/debug": "^3.1.0",
-    "recharts/**/d3-color": "^3.1.0",
    "fast-xml-parser": "^4.3.6",
-    "semver": "^7.5.2",
-    "testcafe/**/tough-cookie": "^4.1.4",
-    "styled-components/**/@babel/traverse": "^7.24.5"
+    "semver": "^7.5.2"
  },
-  "main": "index.js"
+  "main": "index.js",
+  "packageManager": "yarn@4.2.2"
 }
--- a/web-app/playwright/jobs.yaml
+++ b/web-app/playwright/jobs.yaml
@@ -53,6 +53,8 @@ jobs:
      - name: Read .nvmrc
        id: node_version
        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
@@ -69,7 +71,7 @@ jobs:
        working-directory: ./web-app
        continue-on-error: false
        run: |
-          yarn install --frozen-lockfile --immutable
+          yarn install --immutable --no-check-resolutions
      - name: Check for Warnings in build output
        working-directory: ./web-app
        continue-on-error: false
@@ -171,6 +173,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
+      - name: Enable Corepack
+        run: corepack enable
      - uses: actions/setup-node@v3
        with:
          node-version: 18
@@ -187,7 +191,7 @@ jobs:
          yarn add -D create-react-app
          yarn init -y
          echo "yarn install"
-          yarn install
+          yarn install --no-check-resolutions

      - name: Install Playwright Browsers
        run: npx playwright install --with-deps
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock