Reduces whitesource scan time

[NSeydoux]

This PR fixes a whitesource CI bug, when whitesource takes up to 18minutes to run, mostly doing nothing/not showing what it does.

• I've added a unit test to test for potential regressions of this bug. (not applicable)
• The changelog has been updated, if applicable.
• Commits in this PR are minimal and have descriptive commit messages.

Preventing Whitesource to resolve the dependencies through what they call 'the npm cycle', and enforcing to use our package-lock instead, reduces the build time. However, there seems to have bugs in the found dependencies (currently submitted to the support).

[pmcb55]

LGTM

[Vinnl]

@NSeydoux What was the solution to the bugs in the found dependencies?

[NSeydoux]

That's an excellent question. It seems that the push setting, which updates the online dashboard, does not suffer from the bug, because the PR (which uses a slightly different config fules) was displaying the medkey dependency for instance, as shown in https://github.com/inrupt/lit-solid/runs/705942213?check_suite_focus=true.

I'll update the support ticket.

[Vinnl]

Hmm, so you haven't heard back from Whitesource yet? Now that this is merged, it's blocking my other PR: https://github.com/inrupt/lit-solid/pull/81/checks?check_run_id=706413188

Shall we back this out until we have a fix?

[NSeydoux]

No, not yet. And I updated the branch protection rules so that the Whitesource CI check is not required anymore, so I don't think it should block other PRs. When I visit #81, I see the Whitesource scan fail, but it doesn't prevent merging. Do you have the same result ?

[Vinnl]

Ah, right. Still feels kind sloppy to me that we have enabled a check that always fails - builds a culture of merging despite failures and overlooking warnings :/

[NSeydoux]

I agree that this should be fixed as soon as possible: when the fix is in, I will re-enable this CI check to be mandatory.