Enforce dependency version be pinned in all packages (#17161)

Author: fisker

scripts/check-deps.js

@@ -3,21 +3,55 @@
 import fs from "node:fs/promises";
 import styleText from "node-style-text";
 
-const packageJson = JSON.parse(
-  await fs.readFile(new URL("../package.json", import.meta.url)),
-);
-
-validateDependencyObject(packageJson.dependencies);
-validateDependencyObject(packageJson.devDependencies);
-
-function validateDependencyObject(object) {
-  for (const [name, version] of Object.entries(object)) {
-    if (version[0] === "^" || version[0] === "~") {
-      console.error(
-        styleText.bgRed.black(" ERROR "),
-        `Dependency "${styleText.bold.blue(name)}" should be pinned.`,
-      );
-      process.exitCode = 1;
+const PROJECT_ROOT = new URL("../", import.meta.url);
+const ERROR = styleText.bgRed.black(" ERROR ");
+const PASS = "✅ All dependency versions are pinned.";
+
+for (const [index, directory] of [
+  "./",
+  "./website/",
+  "./scripts/release/",
+  "./scripts/tools/bundle-test/",
+  "./scripts/tools/eslint-plugin-prettier-internal-rules/",
+].entries()) {
+  const file = new URL(`${directory}package.json`, PROJECT_ROOT);
+
+  if (index > 0) {
+    console.log();
+  }
+
+  console.log(
+    `Checking '${styleText.gray(file.href.slice(PROJECT_ROOT.href.length - 1))}'...`,
+  );
+  const ok = await validatePackageJson(file);
+  if (ok) {
+    console.log(PASS);
+  }
+}
+
+async function validatePackageJson(packageJsonFile) {
+  const packageJson = JSON.parse(await fs.readFile(packageJsonFile));
+
+  let ok = true;
+  for (const property of ["dependencies", "devDependencies", "resolutions"]) {
+    const value = packageJson[property];
+
+    if (!value) {
+      continue;
+    }
+
+    for (const [name, version] of Object.entries(value)) {
+      if (version[0] === "^" || version[0] === "~") {
+        console.error(
+          ERROR,
+          `Dependency "${styleText.bold.blue(name)}" in "${styleText.gray.underline(property)}" should be pinned.`,
+        );
+
+        ok = false;
+        process.exitCode = 1;
+      }
     }
   }
+
+  return ok;
 }

website/package.json

@@ -17,15 +17,15 @@
   "dependencies": {
     "@docusaurus/core": "3.7.0",
     "@docusaurus/preset-classic": "3.7.0",
-    "@mdx-js/react": "^3.0.0",
+    "@mdx-js/react": "3.1.0",
     "@sandhose/prettier-animated-logo": "1.0.3",
     "clipboard": "2.0.11",
-    "clsx": "^2.0.0",
+    "clsx": "2.1.1",
     "codemirror-graphql": "2.2.0",
     "lz-string": "1.5.0",
-    "prism-react-renderer": "^2.3.0",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
+    "prism-react-renderer": "2.4.1",
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
     "react-markdown": "10.0.0",
     "react-tweet": "3.2.1"
   },

website/yarn.lock

@@ -2722,7 +2722,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@mdx-js/react@npm:^3.0.0":
+"@mdx-js/react@npm:3.1.0, @mdx-js/react@npm:^3.0.0":
   version: 3.1.0
   resolution: "@mdx-js/react@npm:3.1.0"
   dependencies:
@@ -4597,7 +4597,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"clsx@npm:^2.0.0":
+"clsx@npm:2.1.1, clsx@npm:^2.0.0":
   version: 2.1.1
   resolution: "clsx@npm:2.1.1"
   checksum: 10/cdfb57fa6c7649bbff98d9028c2f0de2f91c86f551179541cf784b1cfdc1562dcb951955f46d54d930a3879931a980e32a46b598acaea274728dbe068deca919
@@ -10461,7 +10461,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"prism-react-renderer@npm:^2.3.0":
+"prism-react-renderer@npm:2.4.1, prism-react-renderer@npm:^2.3.0":
   version: 2.4.1
   resolution: "prism-react-renderer@npm:2.4.1"
   dependencies:
@@ -10678,6 +10678,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"react-dom@npm:18.3.1":
+  version: 18.3.1
+  resolution: "react-dom@npm:18.3.1"
+  dependencies:
+    loose-envify: "npm:^1.1.0"
+    scheduler: "npm:^0.23.2"
+  peerDependencies:
+    react: ^18.3.1
+  checksum: 10/3f4b73a3aa083091173b29812b10394dd06f4ac06aff410b74702cfb3aa29d7b0ced208aab92d5272919b612e5cda21aeb1d54191848cf6e46e9e354f3541f81
+  languageName: node
+  linkType: hard
+
 "react-dom@npm:^16.2.0":
   version: 16.14.0
   resolution: "react-dom@npm:16.14.0"
@@ -10692,18 +10704,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react-dom@npm:^18.3.1":
-  version: 18.3.1
-  resolution: "react-dom@npm:18.3.1"
-  dependencies:
-    loose-envify: "npm:^1.1.0"
-    scheduler: "npm:^0.23.2"
-  peerDependencies:
-    react: ^18.3.1
-  checksum: 10/3f4b73a3aa083091173b29812b10394dd06f4ac06aff410b74702cfb3aa29d7b0ced208aab92d5272919b612e5cda21aeb1d54191848cf6e46e9e354f3541f81
-  languageName: node
-  linkType: hard
-
 "react-error-overlay@npm:^6.0.11":
   version: 6.0.11
   resolution: "react-error-overlay@npm:6.0.11"
@@ -10857,6 +10857,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"react@npm:18.3.1":
+  version: 18.3.1
+  resolution: "react@npm:18.3.1"
+  dependencies:
+    loose-envify: "npm:^1.1.0"
+  checksum: 10/261137d3f3993eaa2368a83110466fc0e558bc2c7f7ae7ca52d94f03aac945f45146bd85e5f481044db1758a1dbb57879e2fcdd33924e2dde1bdc550ce73f7bf
+  languageName: node
+  linkType: hard
+
 "react@npm:^16.2.0":
   version: 16.14.0
   resolution: "react@npm:16.14.0"
@@ -10868,15 +10877,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react@npm:^18.3.1":
-  version: 18.3.1
-  resolution: "react@npm:18.3.1"
-  dependencies:
-    loose-envify: "npm:^1.1.0"
-  checksum: 10/261137d3f3993eaa2368a83110466fc0e558bc2c7f7ae7ca52d94f03aac945f45146bd85e5f481044db1758a1dbb57879e2fcdd33924e2dde1bdc550ce73f7bf
-  languageName: node
-  linkType: hard
-
 "readable-stream@npm:^2.0.1":
   version: 2.3.8
   resolution: "readable-stream@npm:2.3.8"
@@ -11375,19 +11375,19 @@ __metadata:
     "@docusaurus/module-type-aliases": "npm:3.7.0"
     "@docusaurus/preset-classic": "npm:3.7.0"
     "@docusaurus/types": "npm:3.7.0"
-    "@mdx-js/react": "npm:^3.0.0"
+    "@mdx-js/react": "npm:3.1.0"
     "@sandhose/prettier-animated-logo": "npm:1.0.3"
     "@types/js-yaml": "npm:4.0.9"
     babel-loader: "npm:9.2.1"
     clipboard: "npm:2.0.11"
-    clsx: "npm:^2.0.0"
+    clsx: "npm:2.1.1"
     codemirror-graphql: "npm:2.2.0"
     concurrently: "npm:9.1.2"
     js-yaml: "npm:4.1.0"
     lz-string: "npm:1.5.0"
-    prism-react-renderer: "npm:^2.3.0"
-    react: "npm:^18.3.1"
-    react-dom: "npm:^18.3.1"
+    prism-react-renderer: "npm:2.4.1"
+    react: "npm:18.3.1"
+    react-dom: "npm:18.3.1"
     react-markdown: "npm:10.0.0"
     react-tweet: "npm:3.2.1"
     webpack: "npm:5.98.0"