Audit-fix dependencies (#4534)

* Add auditfix and bump scripts

* Prune package-lock.json after auditfix/bump

* Run clean/bootstrap only for packages

* Use --legacy-peer-deps for audit fix

* Clean up package-lock.json by "lerna bootstrap"

* Audit fix for packages

* Add auditfix

* Add scripts

* Bump lerna

* Add lock file

* Audit fix for samples

* Add audit script

Author: compulim

package.json

@@ -18,13 +18,21 @@
   "keywords": [],
   "cldr-data-coverage": "full",
   "scripts": {
+    "audit": "npm run audit:packages && npm run audit:samples",
+    "audit:packages": "for i in `find packages -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Audit $i/package.json ---\u001b[0m; cd $i; npm audit --audit-level=critical; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while audit $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Audit completed ---\u001b[0m",
+    "audit:samples": "for i in `find samples -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Audit $i/package.json ---\u001b[0m; cd $i; npm audit --audit-level=critical; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while audit $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Audit completed ---\u001b[0m",
+    "auditfix": "npm run auditfix:packages && npm run auditfix:samples",
+    "auditfix:packages": "for i in `find packages -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Audit-fixing $i/package.json ---\u001b[0m; cd $i; npm run auditfix; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while audit-fixing $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Audit-fix completed ---\u001b[0m && lerna clean --yes && lerna bootstrap",
+    "auditfix:samples": "for i in `find samples -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Audit-fixing $i/package.json ---\u001b[0m; cd $i; npm run auditfix; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while audit-fixing $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Audit-fix completed ---\u001b[0m",
     "bootstrap": "lerna bootstrap --ci",
     "browser": "node ./packages/test/harness/src/host/dev/index http://localhost:5001/__tests__/html/",
     "browser:watch": "node-dev --no-notify --respawn ./packages/test/harness/src/host/dev/index http://localhost:5001/__tests__/html/",
     "build": "lerna run --ignore playground --stream build",
-    "bump": "npm run bump:prod && npm run bump:dev",
-    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
-    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump": "npm run bump:prod && npm run bump:dev && && npm run bump:packages && npm run bump:samples",
+    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:packages": "for i in `find packages -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Bumping $i/package.json ---\u001b[0m; cd $i; npm run bump; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while bumping $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Bump completed ---\u001b[0m && lerna clean --yes && lerna bootstrap",
+    "bump:samples": "for i in `find samples -name package.json ! -path */node_modules/* | xargs realpath | xargs dirname`; do echo \u001b[32m--- Bumping $i/package.json ---\u001b[0m; cd $i; npm run bump; if [ $? -ne 0 ]; then echo \u001b[31m--- Error while bumping $i/package.json ---\u001b[0m; break; fi; cd $OLDPWD; done; echo \u001b[32m--- Bump completed ---\u001b[0m",
     "docker": "npm run docker:up",
     "docker:down": "docker-compose -f docker-compose-wsl2.yml down --rmi all",
     "docker:up": "docker-compose -f docker-compose-wsl2.yml down && docker-compose -f docker-compose-wsl2.yml up --build --scale chrome=4",

packages/api/package.json

@@ -22,14 +22,19 @@
   ],
   "homepage": "https://github.com/microsoft/BotFramework-WebChat/tree/main/packages/component#readme",
   "scripts": {
+    "auditfix": "npm audit fix --legacy-peer-deps || exit 0",
     "build": "npm run build:globalize && npm run build:typescript && npm run build:babel",
     "build:babel": "babel src --copy-files --extensions .js,.ts,.tsx --ignore **/*.spec.js,**/*.spec.ts,**/*.spec.tsx,**/*.test.js,**/*.test.ts,**/*.test.tsx,__tests__/**/*.js,__tests__/**/*.ts,__tests__/**/*.tsx --no-copy-ignored --out-dir lib --verbose",
     "build:globalize": "node scripts/createPrecompiledGlobalize.mjs",
     "build:typescript": "tsc --project src/tsconfig.json",
     "bump": "npm run bump:prod && npm run bump:dev",
-    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
-    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
     "eslint": "npm run precommit",
+    "postauditfix": "npm run postbump",
+    "postbump": "cat package.json | jq '. + (.dependencies = ((.dependencies + (.localPeerDependencies // {})) | to_entries | sort_by(.key) | from_entries)) | (.devDependencies = ((.devDependencies + (.localPeerDevDependencies // {})) | to_entries | sort_by(.key) | from_entries))' > package-temp.json && mv package-temp.json package.json",
+    "preauditfix": "npm run prebump",
+    "prebump": "cat package.json | jq '(((.localPeerDependencies // {}) | keys | map([\"dependencies\", .])) + ((.localPeerDevDependencies // {}) | keys | map([\"devDependencies\", .]))) as $localPeerPaths | delpaths($localPeerPaths)' > package-temp.json && mv package-temp.json package.json",
     "precommit": "npm run precommit:eslint -- src && npm run precommit:typecheck",
     "precommit:eslint": "../../node_modules/.bin/eslint --report-unused-disable-directives --max-warnings 0",
     "precommit:typecheck": "tsc --project ./src --emitDeclarationOnly false --esModuleInterop true --noEmit --pretty false",
@@ -75,5 +80,11 @@
   "peerDependencies": {
     "react": ">= 16.8.6",
     "react-dom": ">= 16.8.6"
+  },
+  "localPeerDependencies": {
+    "botframework-webchat-core": "0.0.0-0"
+  },
+  "localPeerDevDependencies": {
+    "cldr-data": "36.0.0-0"
   }
 }

packages/bundle/package-lock.json

@@ -24,14 +24,19 @@
     "src/**/*"
   ],
   "scripts": {
+    "auditfix": "npm audit fix --legacy-peer-deps || exit 0",
     "build": "npm run build:typescript && npm run build:babel && npm run build:webpack",
     "build:babel": "babel src --extensions .js,.ts,.tsx --ignore **/*.spec.js,**/*.spec.ts,**/*.spec.tsx,**/*.test.js,**/*.test.ts,**/*.test.tsx,__tests__/**/*.js,__tests__/**/*.ts,__tests__/**/*.tsx --out-dir lib --verbose",
     "build:typescript": "tsc --project src/tsconfig.json",
     "build:webpack": "webpack-cli",
     "bump": "npm run bump:prod && npm run bump:dev",
-    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
-    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - (.skipBump | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:dev": "npm install --legacy-peer-deps $(cat package.json | jq -r '(.devDependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
+    "bump:prod": "npm install --legacy-peer-deps --save-exact $(cat package.json | jq -r '(.dependencies | keys) - ((.skipBump // {}) | keys) | .[]' | awk '{print $1 \"@latest\"}')",
     "eslint": "npm run precommit",
+    "postauditfix": "npm run postbump",
+    "postbump": "cat package.json | jq '. + (.dependencies = ((.dependencies + (.localPeerDependencies // {})) | to_entries | sort_by(.key) | from_entries)) | (.devDependencies = ((.devDependencies + (.localPeerDevDependencies // {})) | to_entries | sort_by(.key) | from_entries))' > package-temp.json && mv package-temp.json package.json",
+    "preauditfix": "npm run prebump",
+    "prebump": "cat package.json | jq '(((.localPeerDependencies // {}) | keys | map([\"dependencies\", .])) + ((.localPeerDevDependencies // {}) | keys | map([\"devDependencies\", .]))) as $localPeerPaths | delpaths($localPeerPaths)' > package-temp.json && mv package-temp.json package.json",
     "precommit": "npm run precommit:eslint -- src && npm run precommit:typecheck",
     "precommit:eslint": "../../node_modules/.bin/eslint --report-unused-disable-directives --max-warnings 0",
     "precommit:typecheck": "tsc --project ./src --emitDeclarationOnly false --esModuleInterop true --noEmit --pretty false",
@@ -97,5 +102,15 @@
   "peerDependencies": {
     "react": ">= 16.8.6",
     "react-dom": ">= 16.8.6"
+  },
+  "localPeerDependencies": {
+    "botframework-directlinespeech-sdk": "0.0.0-0",
+    "botframework-webchat-api": "0.0.0-0",
+    "botframework-webchat-component": "0.0.0-0",
+    "botframework-webchat-core": "0.0.0-0"
+  },
+  "localPeerDevDependencies": {
+    "isomorphic-react": "^0.0.0-0",
+    "isomorphic-react-dom": "^0.0.0-0"
   }
 }