chore(deps): lock file maintenance

[renovate]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: "before 3am on the first day of the month" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[edalex-ian]

Interesting, this failed on CodeBuild with the kind of errors we have been seeing from renovate regarding the REST Module:

[edalex-ian]

GHA was stuck in 'starting' due to overnight issues, so will wait and see how that goes, but need to pull down and have a closer look. (I think it's a continuation of the Node/NPM upgrade....)

[edalex-ian]

Interesting, GHA has the same situation:

npm ERR! code 127
npm ERR! path /home/runner/work/openEQUELLA/openEQUELLA/oeq-ts-rest-api
npm ERR! command failed
npm ERR! command sh -c npm run build
npm ERR! > @openequella/[email protected] build
npm ERR! > rollup --config
npm ERR! sh: 1: rollup: not found

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2021-08-06T00_01_01_936Z-debug.log

Seems something is indeed out of wack since the Node upgrade. Will look closer at.

[ChristianMurphy]

huh, renovate just updated rollup at #3263 and it seemed to work? 🤔
requesting renovate rebases this PR to see if that somehow fixed it. 🤔

[ChristianMurphy]

Nope it did not 🤔

[PenghaiZhang]

Why does RenovateBot want to revert the version to 1 ?

[PenghaiZhang]

Do we need to tell renovateBot to use NPM7 ?

{
  "constraints": {
    "npm": "> 7"
  }
}

[PenghaiZhang]

Perhaps renovateBot is confused because we use "lockfileVersion": 2 in react-front and oeq-rest-api, but "lockfileVersion": 1 in others ??

[ChristianMurphy]

not sure why different packages have different lockfile versions 🤔
one idea on how to solve that, use workspaces to keep a single lockfile for the monorepo #3275

[edalex-ian]

not sure why different packages have different lockfile versions thinking

That'd be an oversight by me. I just updated the everyday lock files, forgot we had several other nest ones.

Maybe having a central one would be the go. I'll read the other PR and see how it aligns with long term goal.

[edalex-ian]

hmmm, what now.. What's happened here renovate. 🤯

[ChristianMurphy]

Maybe the new major impacted things? https://github.com/renovatebot/renovate/releases/tag/26.0.0

[edalex-ian]

Ummm, renovate has gone and reset all the lockfiles to version 1:

$ find . -name package-lock.json -not -path "*/node_modules/*" -and -not -path "*/.psc-package/*" -exec grep -H lockfileVersion {} \;
./react-front-end/package-lock.json:  "lockfileVersion": 1,
./package-lock.json:  "lockfileVersion": 1,
./autotest/IntegTester/ps/package-lock.json:  "lockfileVersion": 1,
./oeq-ts-rest-api/package-lock.json:  "lockfileVersion": 1,
./Source/Plugins/Core/com.equella.core/swaggerui/package-lock.json:  "lockfileVersion": 1,
./Source/Plugins/Core/com.equella.core/test/javascript/package-lock.json:  "lockfileVersion": 1,

[edalex-ian]

Gah, I probably should've have force pushed that. Ah well, will see how the build goes first after this and then address.

[edalex-ian]

Wow, this is crazy. Now I've got this:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://[email protected]/apereo/openEQUELLA-cloudprovidersdk.git
npm ERR! 
npm ERR! Warning: Permanently added the RSA host key for IP address '192.30.255.113' to the list of known hosts.
npm ERR! [email protected]: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR! 
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR! 
npm ERR! exited with error code: 128

No idea why it's decided to use SSH rather than HTTPS when the package.json definition is git+https://github.com/apereo/openEQUELLA-cloudprovidersdk.git#32d958ddfff64ca748e7e1b2eae0f0487946a487

[edalex-ian]

Gah, it's an NPM issue issue first reported way back in February: npm/cli#2610

What a horrible mess all this is. 😞

[HonkingGoose]

This older Renovate discussion seems related to your problems with npm 7 and the lockfile: renovatebot/renovate#9224

I recommend that you open a new config help discussion over at the Renovate repository to get proper help from the maintainers. Your config and repository setup is way too complex for me to help you with. 😉

Link to renovate discussions: https://github.com/renovatebot/renovate/discussions

[edalex-ian]

Ah, excellent, thanks for the suggestion on a way forward @HonkingGoose . I wasn't aware of the use of the discussion feature for seeking assistance. Excellent! 👍

[edalex-ian]

Okay, we've done a lot of manual work on this, and it should culminate with the fixes coming #3386.

There was even a manual update of lock files, so I think for now we'll close this off and await the one next month. 🤞

[HonkingGoose]

@edalex-ian You can always click on the button chore(deps): lock file maintenance on the Dependency Dashboard to get a new lockfile update ahead of schedule, after you've merged #3386. 😉 So you don't need to wait for the schedule. 😉

[edalex-ian]

Ah of course. I'm going to do that right now. Thank you. 😁