chore: enforce pinned dependencies (#7238)

* chore: enforce pinned dependencies Because we don't check our `package-lock.json` in, we can end up with different versions installed locally vs CI, or even two devs having different versions. Let's pin and enforce we pin every version to avoid this.
puppeteer · May 14, 2021 · 4796382 · 4796382
1 parent 3204f27
commit 4796382
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 53 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -42,6 +42,7 @@ jobs:
 
       - name: Run code checks
         run: |
+          npm run ensure-pinned-deps
           npm run lint
           npm run generate-docs
           npm run ensure-correct-devtools-protocol-revision

diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "generate-d-ts": "api-extractor run --local --verbose",
     "generate-docs": "npm run generate-d-ts && api-documenter markdown -i temp -o new-docs",
     "ensure-correct-devtools-protocol-revision": "ts-node -s scripts/ensure-correct-devtools-protocol-package",
+    "ensure-pinned-deps": "ts-node -s scripts/ensure-pinned-deps",
     "test-types-file": "ts-node -s scripts/test-ts-definition-files.ts",
     "release": "node utils/remove_version_suffix.js && standard-version --commit-all"
   },
@@ -55,65 +56,66 @@
   "author": "The Chromium Authors",
   "license": "Apache-2.0",
   "dependencies": {
-    "debug": "^4.1.0",
+    "debug": "4.3.1",
     "devtools-protocol": "0.0.869402",
-    "extract-zip": "^2.0.0",
-    "https-proxy-agent": "^5.0.0",
-    "node-fetch": "^2.6.1",
-    "pkg-dir": "^4.2.0",
-    "progress": "^2.0.1",
-    "proxy-from-env": "^1.1.0",
-    "rimraf": "^3.0.2",
-    "tar-fs": "^2.0.0",
-    "unbzip2-stream": "^1.3.3",
-    "ws": "^7.2.3"
+    "extract-zip": "2.0.1",
+    "https-proxy-agent": "5.0.0",
+    "node-fetch": "2.6.1",
+    "pkg-dir": "4.2.0",
+    "progress": "2.0.1",
+    "proxy-from-env": "1.1.0",
+    "rimraf": "3.0.2",
+    "tar-fs": "2.0.0",
+    "unbzip2-stream": "1.3.3",
+    "ws": "7.4.5"
   },
   "devDependencies": {
-    "@commitlint/cli": "^11.0.0",
-    "@commitlint/config-conventional": "^11.0.0",
-    "@microsoft/api-documenter": "^7.12.7",
+    "@commitlint/cli": "11.0.0",
+    "@commitlint/config-conventional": "11.0.0",
+    "@microsoft/api-documenter": "7.13.8",
     "@microsoft/api-extractor": "7.15.1",
     "@types/debug": "0.0.31",
-    "@types/mime": "^2.0.0",
-    "@types/mocha": "^7.0.2",
-    "@types/node": "^14.0.13",
-    "@types/proxy-from-env": "^1.0.1",
-    "@types/rimraf": "^2.0.2",
-    "@types/sinon": "^9.0.4",
-    "@types/tar-fs": "^1.16.2",
-    "@types/ws": "^7.2.4",
+    "@types/mime": "2.0.3",
+    "@types/mocha": "7.0.2",
+    "@types/node": "14.14.45",
+    "@types/proxy-from-env": "1.0.1",
+    "@types/rimraf": "2.0.2",
+    "@types/sinon": "9.0.11",
+    "@types/tar-fs": "1.16.2",
+    "@types/ws": "7.4.4",
     "@typescript-eslint/eslint-plugin": "4.23.0",
     "@typescript-eslint/parser": "4.23.0",
-    "@web/test-runner": "^0.12.15",
-    "commonmark": "^0.28.1",
-    "cross-env": "^7.0.2",
-    "eslint": "^7.10.0",
+    "@web/test-runner": "0.12.20",
+    "commonmark": "0.29.3",
+    "cross-env": "7.0.3",
+    "eslint": "7.26.0",
     "eslint-config-prettier": "8.3.0",
-    "eslint-plugin-import": "^2.22.0",
-    "eslint-plugin-mocha": "^8.0.0",
+    "eslint-plugin-import": "2.22.1",
+    "eslint-plugin-mocha": "8.1.0",
     "eslint-plugin-prettier": "3.4.0",
-    "eslint-plugin-unicorn": "^22.0.0",
-    "esprima": "^4.0.0",
-    "expect": "^25.2.7",
-    "husky": "^4.3.0",
-    "jpeg-js": "^0.3.7",
-    "mime": "^2.0.3",
-    "minimist": "^1.2.0",
-    "mocha": "^8.2.0",
-    "ncp": "^2.0.0",
-    "pixelmatch": "^4.0.2",
-    "pngjs": "^5.0.0",
+    "eslint-plugin-unicorn": "22.0.0",
+    "esprima": "4.0.0",
+    "expect": "25.2.7",
+    "husky": "4.3.8",
+    "jpeg-js": "0.3.7",
+    "mime": "2.5.2",
+    "minimist": "1.2.0",
+    "mocha": "8.4.0",
+    "ncp": "2.0.0",
+    "pixelmatch": "4.0.2",
+    "pngjs": "5.0.0",
     "prettier": "2.3.0",
-    "sinon": "^9.0.2",
-    "source-map-support": "^0.5.19",
-    "standard-version": "^9.0.0",
-    "text-diff": "^1.0.1",
-    "ts-node": "^9.0.0",
+    "sinon": "9.2.4",
+    "source-map-support": "0.5.19",
+    "standard-version": "9.3.0",
+    "text-diff": "1.0.1",
+    "ts-node": "9.1.1",
     "typescript": "4.2.4"
   },
   "husky": {
     "hooks": {
-      "commit-msg": "commitlint --env HUSKY_GIT_PARAMS"
+      "commit-msg": "commitlint --env HUSKY_GIT_PARAMS",
+      "pre-push": "npm run ensure-pinned-deps"
     }
   }
 }
diff --git a/scripts/ensure-pinned-deps.ts b/scripts/ensure-pinned-deps.ts
@@ -0,0 +1,37 @@
+/**
+ * Copyright 2021 Google Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import packageJson from '../package.json';
+
+const allDeps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+
+const invalidDeps = new Map<string, string>();
+
+for (const [depKey, depValue] of Object.entries(allDeps)) {
+  if (/[0-9]/.test(depValue[0])) {
+    continue;
+  }
+
+  invalidDeps.set(depKey, depValue);
+}
+
+if (invalidDeps.size > 0) {
+  console.error('Found non-pinned dependencies in package.json:');
+  console.log([...invalidDeps.keys()].map((k) => `  ${k}`).join('\n'));
+  process.exit(1);
+}
+
+process.exit(0);
diff --git a/test/waittask.spec.ts b/test/waittask.spec.ts
@@ -358,11 +358,10 @@ describe('waittask specs', function () {
       const endTime = Date.now();
       /* In a perfect world endTime - startTime would be exactly 1000 but we
        * expect some fluctuations and for it to be off by a little bit. So to
-       * avoid a flaky test we'll make sure it waited for roughly 1 second by
-       * ensuring 900 < endTime - startTime < 1100
+       * avoid a flaky test we'll make sure it waited for roughly 1 second.
        */
-      expect(endTime - startTime).toBeGreaterThan(900);
-      expect(endTime - startTime).toBeLessThan(1100);
+      expect(endTime - startTime).toBeGreaterThan(700);
+      expect(endTime - startTime).toBeLessThan(1300);
     });
   });
 
@@ -376,11 +375,10 @@ describe('waittask specs', function () {
       const endTime = Date.now();
       /* In a perfect world endTime - startTime would be exactly 1000 but we
        * expect some fluctuations and for it to be off by a little bit. So to
-       * avoid a flaky test we'll make sure it waited for roughly 1 second by
-       * ensuring 900 < endTime - startTime < 1100
+       * avoid a flaky test we'll make sure it waited for roughly 1 second
        */
-      expect(endTime - startTime).toBeGreaterThan(900);
-      expect(endTime - startTime).toBeLessThan(1100);
+      expect(endTime - startTime).toBeGreaterThan(700);
+      expect(endTime - startTime).toBeLessThan(1300);
     });
   });