Upgrade dependency "trim" from 0.0.1 to 0.0.3 (#2474)

- Migrate pnpm config from rush.json to pnpm-config.json

.vscode/settings.json

@@ -87,6 +87,7 @@
     "rush.json": "jsonc",
     "common-versions.json": "jsonc",
     "command-line.json": "jsonc",
+    "pnpm-config.json": "jsonc",
     "version-policies.json": "jsonc"
   },
   "typescript.tsdk": "./packages/compiler/node_modules/typescript/lib",

common/config/rush/.pnpmfile.cjs

@@ -0,0 +1,37 @@
+"use strict";
+
+/**
+ * When using the PNPM package manager, you can use pnpmfile.js to workaround
+ * dependencies that have mistakes in their package.json file.  (This feature is
+ * functionally similar to Yarn's "resolutions".)
+ *
+ * For details, see the PNPM documentation:
+ * https://pnpm.js.org/docs/en/hooks.html
+ *
+ * IMPORTANT: SINCE THIS FILE CONTAINS EXECUTABLE CODE, MODIFYING IT IS LIKELY TO INVALIDATE
+ * ANY CACHED DEPENDENCY ANALYSIS.  After any modification to pnpmfile.js, it's recommended to run
+ * "rush update --full" so that PNPM will recalculate all version selections.
+ */
+module.exports = {
+  hooks: {
+    readPackage,
+  },
+};
+
+/**
+ * This hook is invoked during installation before a package's dependencies
+ * are selected.
+ * The `packageJson` parameter is the deserialized package.json
+ * contents for the package that is about to be installed.
+ * The `context` parameter provides a log() function.
+ * The return value is the updated object.
+ */
+function readPackage(packageJson, context) {
+  // // The karma types have a missing dependency on typings from the log4js package.
+  // if (packageJson.name === '@types/karma') {
+  //  context.log('Fixed up dependencies for @types/karma');
+  //  packageJson.dependencies['log4js'] = '0.6.38';
+  // }
+
+  return packageJson;
+}

common/config/rush/pnpm-config.json

@@ -0,0 +1,205 @@
+/**
+ * This configuration file provides settings specific to the PNPM package manager.
+ * More documentation is available on the Rush website: https://rushjs.io
+ */
+{
+  "$schema": "https://developer.microsoft.com/json-schemas/rush/v5/pnpm-config.schema.json",
+
+  /**
+   * If true, then `rush install` and `rush update` will use the PNPM workspaces feature
+   * to perform the install, instead of the old model where Rush generated the symlinks
+   * for each projects's node_modules folder.
+   *
+   * When using workspaces, Rush will generate a `common/temp/pnpm-workspace.yaml` file referencing
+   * all local projects to install. Rush will also generate a `.pnpmfile.cjs` shim which implements
+   * Rush-specific features such as preferred versions.  The user's `common/config/rush/.pnpmfile.cjs`
+   * is invoked by the shim.
+   *
+   * This option is strongly recommended. The default value is false.
+   */
+  "useWorkspaces": true,
+
+  /**
+   * If true, then Rush will add the `--strict-peer-dependencies` command-line parameter when
+   * invoking PNPM.  This causes `rush update` to fail if there are unsatisfied peer dependencies,
+   * which is an invalid state that can cause build failures or incompatible dependency versions.
+   * (For historical reasons, JavaScript package managers generally do not treat this invalid
+   * state as an error.)
+   *
+   * PNPM documentation: https://pnpm.io/npmrc#strict-peer-dependencies
+   *
+   * The default value is false to avoid legacy compatibility issues.
+   * It is strongly recommended to set `strictPeerDependencies=true`.
+   */
+  // "strictPeerDependencies": true,
+
+  /**
+   * Environment variables that will be provided to PNPM.
+   */
+  // "environmentVariables": {
+  //   "NODE_OPTIONS": {
+  //     "value": "--max-old-space-size=4096",
+  //     "override": false
+  //   }
+  // },
+
+  /**
+   * Specifies the location of the PNPM store.  There are two possible values:
+   *
+   * - `local` - use the `pnpm-store` folder in the current configured temp folder:
+   *   `common/temp/pnpm-store` by default.
+   * - `global` - use PNPM's global store, which has the benefit of being shared
+   *    across multiple repo folders, but the disadvantage of less isolation for builds
+   *    (for example, bugs or incompatibilities when two repos use different releases of PNPM)
+   *
+   * In both cases, the store path can be overridden by the environment variable `RUSH_PNPM_STORE_PATH`.
+   *
+   * The default value is `local`.
+   */
+  // "pnpmStore": "global",
+
+  /**
+   * If true, then `rush install` will report an error if manual modifications
+   * were made to the PNPM shrinkwrap file without running `rush update` afterwards.
+   *
+   * This feature protects against accidental inconsistencies that may be introduced
+   * if the PNPM shrinkwrap file (`pnpm-lock.yaml`) is manually edited.  When this
+   * feature is enabled, `rush update` will append a hash to the file as a YAML comment,
+   * and then `rush update` and `rush install` will validate the hash.  Note that this
+   * does not prohibit manual modifications, but merely requires `rush update` be run
+   * afterwards, ensuring that PNPM can report or repair any potential inconsistencies.
+   *
+   * To temporarily disable this validation when invoking `rush install`, use the
+   * `--bypass-policy` command-line parameter.
+   *
+   * The default value is false.
+   */
+  // "preventManualShrinkwrapChanges": true,
+
+  /**
+   * The "globalOverrides" setting provides a simple mechanism for overriding version selections
+   * for all dependencies of all projects in the monorepo workspace.  The settings are copied
+   * into the `pnpm.overrides` field of the `common/temp/package.json` file that is generated
+   * by Rush during installation.
+   *
+   * Order of precedence: `.pnpmfile.cjs` has the highest precedence, followed by
+   * `unsupportedPackageJsonSettings`, `globalPeerDependencyRules`, `globalPackageExtensions`,
+   * and `globalOverrides` has lowest precedence.
+   *
+   * PNPM documentation: https://pnpm.io/package_json#pnpmoverrides
+   */
+  "globalOverrides": {
+    "trim@0.0.1": "0.0.3"
+    // "example1": "^1.0.0",
+    // "example2": "npm:@company/example2@^1.0.0"
+  },
+
+  /**
+   * The `globalPeerDependencyRules` setting provides various settings for suppressing validation errors
+   * that are reported during installation with `strictPeerDependencies=true`.  The settings are copied
+   * into the `pnpm.peerDependencyRules` field of the `common/temp/package.json` file that is generated
+   * by Rush during installation.
+   *
+   * Order of precedence: `.pnpmfile.cjs` has the highest precedence, followed by
+   * `unsupportedPackageJsonSettings`, `globalPeerDependencyRules`, `globalPackageExtensions`,
+   * and `globalOverrides` has lowest precedence.
+   *
+   * https://pnpm.io/package_json#pnpmpeerdependencyrules
+   */
+  "globalPeerDependencyRules": {
+    // "ignoreMissing": ["@eslint/*"],
+    // "allowedVersions": { "react": "17" },
+    // "allowAny": ["@babel/*"]
+  },
+
+  /**
+   * The `globalPackageExtension` setting provides a way to patch arbitrary package.json fields
+   * for any PNPM dependency of the monorepo.  The settings are copied into the `pnpm.packageExtensions`
+   * field of the `common/temp/package.json` file that is generated by Rush during installation.
+   * The `globalPackageExtension` setting has similar capabilities as `.pnpmfile.cjs` but without
+   * the downsides of an executable script (nondeterminism, unreliable caching, performance concerns).
+   *
+   * Order of precedence: `.pnpmfile.cjs` has the highest precedence, followed by
+   * `unsupportedPackageJsonSettings`, `globalPeerDependencyRules`, `globalPackageExtensions`,
+   * and `globalOverrides` has lowest precedence.
+   *
+   * PNPM documentation: https://pnpm.io/package_json#pnpmpackageextensions
+   */
+  "globalPackageExtensions": {
+    // "fork-ts-checker-webpack-plugin": {
+    //   "dependencies": {
+    //     "@babel/core": "1"
+    //   },
+    //   "peerDependencies": {
+    //     "eslint": ">= 6"
+    //   },
+    //   "peerDependenciesMeta": {
+    //     "eslint": {
+    //       "optional": true
+    //     }
+    //   }
+    // }
+  },
+
+  /**
+   * The `globalNeverBuiltDependencies` setting suppresses the `preinstall`, `install`, and `postinstall`
+   * lifecycle events for the specified NPM dependencies.  This is useful for scripts with poor practices
+   * such as downloading large binaries without retries or attempting to invoke OS tools such as
+   * a C++ compiler.  (PNPM's terminology refers to these lifecycle events as "building" a package;
+   * it has nothing to do with build system operations such as `rush build` or `rushx build`.)
+   * The settings are copied into the `pnpm.neverBuiltDependencies` field of the `common/temp/package.json`
+   * file that is generated by Rush during installation.
+   *
+   * PNPM documentation: https://pnpm.io/package_json#pnpmneverbuiltdependencies
+   */
+  "globalNeverBuiltDependencies": [
+    // "fsevents"
+  ],
+
+  /**
+   * The `globalAllowedDeprecatedVersions` setting suppresses installation warnings for package
+   * versions that the NPM registry reports as being deprecated.  This is useful if the
+   * deprecated package is an indirect dependency of an external package that has not released a fix.
+   * The settings are copied into the `pnpm.allowedDeprecatedVersions` field of the `common/temp/package.json`
+   * file that is generated by Rush during installation.
+   *
+   * PNPM documentation: https://pnpm.io/package_json#pnpmalloweddeprecatedversions
+   *
+   * If you are working to eliminate a deprecated version, it's better to specify `allowedDeprecatedVersions`
+   * in the package.json file for individual Rush projects.
+   */
+  "globalAllowedDeprecatedVersions": {
+    // "request": "*"
+  },
+
+  /**
+   * (THIS FIELD IS MACHINE GENERATED)  The "globalPatchedDependencies" field is updated automatically
+   * by the `rush-pnpm patch-commit` command.  It is a dictionary, where the key is an NPM package name
+   * and exact version, and the value is a relative path to the associated patch file.
+   *
+   * PNPM documentation: https://pnpm.io/package_json#pnpmpatcheddependencies
+   */
+  "globalPatchedDependencies": {},
+
+  /**
+   * (USE AT YOUR OWN RISK)  This is a free-form property bag that will be copied into
+   * the `common/temp/package.json` file that is generated by Rush during installation.
+   * This provides a way to experiment with new PNPM features.  These settings will override
+   * any other Rush configuration associated with a given JSON field except for `.pnpmfile.cjs`.
+   *
+   * USAGE OF THIS SETTING IS NOT SUPPORTED BY THE RUSH MAINTAINERS AND MAY CAUSE RUSH
+   * TO MALFUNCTION.  If you encounter a missing PNPM setting that you believe should
+   * be supported, please create a GitHub issue or PR.  Note that Rush does not aim to
+   * support every possible PNPM setting, but rather to promote a battle-tested installation
+   * strategy that is known to provide a good experience for large teams with lots of projects.
+   */
+  "unsupportedPackageJsonSettings": {
+    // "dependencies": {
+    //   "not-a-good-practice": "*"
+    // },
+    // "scripts": {
+    //   "do-something": "echo Also not a good practice"
+    // },
+    // "pnpm": { "futurePnpmFeature": true }
+  }
+}

common/config/rush/pnpm-lock.yaml

@@ -4,6 +4,9 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+overrides:
+  trim@0.0.1: 0.0.3
+
 importers:
 
   .: {}
@@ -6423,6 +6426,7 @@ packages:
 
   /@types/debug@4.1.8:
     resolution: {integrity: sha512-/vPO1EPOs306Cvhwv7KfVfYvOJqA/S/AXjaHQiJboCZzcNDb+TIJFN9/2C9DZ//ijSKWioNyUxD792QmDJ+HKQ==}
+    requiresBuild: true
     dependencies:
       '@types/ms': 0.7.31
     dev: true
@@ -6540,6 +6544,7 @@ packages:
 
   /@types/ms@0.7.31:
     resolution: {integrity: sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA==}
+    requiresBuild: true
     dev: true
 
   /@types/mustache@4.2.2:
@@ -7847,6 +7852,7 @@ packages:
 
   /character-entities@2.0.2:
     resolution: {integrity: sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==}
+    requiresBuild: true
     dev: true
 
   /character-reference-invalid@1.1.4:
@@ -8989,6 +8995,7 @@ packages:
 
   /decode-named-character-reference@1.0.2:
     resolution: {integrity: sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==}
+    requiresBuild: true
     dependencies:
       character-entities: 2.0.2
     dev: true
@@ -9122,6 +9129,7 @@ packages:
   /dequal@2.0.3:
     resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==}
     engines: {node: '>=6'}
+    requiresBuild: true
     dev: true
 
   /destroy@1.2.0:
@@ -11487,6 +11495,7 @@ packages:
   /kleur@4.1.5:
     resolution: {integrity: sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==}
     engines: {node: '>=6'}
+    requiresBuild: true
     dev: true
 
   /latest-version@5.1.0:
@@ -11894,6 +11903,7 @@ packages:
 
   /mdast-util-to-string@3.2.0:
     resolution: {integrity: sha512-V4Zn/ncyN1QNSqSBxTrMOLpjr+IKdHl2v3KVLoWmDPscP4r9GcCi71gjgvUV1SFSKh92AjAG4peFuBl2/YgCJg==}
+    requiresBuild: true
     dependencies:
       '@types/mdast': 3.0.12
     dev: true
@@ -12009,6 +12019,7 @@ packages:
 
   /micromark-core-commonmark@1.1.0:
     resolution: {integrity: sha512-BgHO1aRbolh2hcrzL2d1La37V0Aoz73ymF8rAcKnohLy93titmv62E0gP8Hrx9PKcKrqCZ1BbLGbP3bEhoXYlw==}
+    requiresBuild: true
     dependencies:
       decode-named-character-reference: 1.0.2
       micromark-factory-destination: 1.1.0
@@ -12135,6 +12146,7 @@ packages:
 
   /micromark-factory-space@1.1.0:
     resolution: {integrity: sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ==}
+    requiresBuild: true
     dependencies:
       micromark-util-character: 1.2.0
       micromark-util-types: 1.1.0
@@ -12162,6 +12174,7 @@ packages:
 
   /micromark-util-character@1.2.0:
     resolution: {integrity: sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg==}
+    requiresBuild: true
     dependencies:
       micromark-util-symbol: 1.1.0
       micromark-util-types: 1.1.0
@@ -12169,6 +12182,7 @@ packages:
 
   /micromark-util-chunked@1.1.0:
     resolution: {integrity: sha512-Ye01HXpkZPNcV6FiyoW2fGZDUw4Yc7vT0E9Sad83+bEDiCJ1uXu0S3mr8WLpsz3HaG3x2q0HM6CTuPdcZcluFQ==}
+    requiresBuild: true
     dependencies:
       micromark-util-symbol: 1.1.0
     dev: true
@@ -12184,6 +12198,7 @@ packages:
 
   /micromark-util-combine-extensions@1.1.0:
     resolution: {integrity: sha512-Q20sp4mfNf9yEqDL50WwuWZHUrCO4fEyeDCnMGmG5Pr0Cz15Uo7KBs6jq+dq0EgX4DPwwrh9m0X+zPV1ypFvUA==}
+    requiresBuild: true
     dependencies:
       micromark-util-chunked: 1.1.0
       micromark-util-types: 1.1.0
@@ -12191,12 +12206,14 @@ packages:
 
   /micromark-util-decode-numeric-character-reference@1.1.0:
     resolution: {integrity: sha512-m9V0ExGv0jB1OT21mrWcuf4QhP46pH1KkfWy9ZEezqHKAxkj4mPCy3nIH1rkbdMlChLHX531eOrymlwyZIf2iw==}
+    requiresBuild: true
     dependencies:
       micromark-util-symbol: 1.1.0
     dev: true
 
   /micromark-util-decode-string@1.1.0:
     resolution: {integrity: sha512-YphLGCK8gM1tG1bd54azwyrQRjCFcmgj2S2GoJDNnh4vYtnL38JS8M4gpxzOPNyHdNEpheyWXCTnnTDY3N+NVQ==}
+    requiresBuild: true
     dependencies:
       decode-named-character-reference: 1.0.2
       micromark-util-character: 1.2.0
@@ -12206,6 +12223,7 @@ packages:
 
   /micromark-util-encode@1.1.0:
     resolution: {integrity: sha512-EuEzTWSTAj9PA5GOAs992GzNh2dGQO52UvAbtSOMvXTxv3Criqb6IOzJUBCmEqrrXSblJIJBbFFv6zPxpreiJw==}
+    requiresBuild: true
     dev: true
 
   /micromark-util-events-to-acorn@1.2.3:
@@ -12230,18 +12248,21 @@ packages:
 
   /micromark-util-normalize-identifier@1.1.0:
     resolution: {integrity: sha512-N+w5vhqrBihhjdpM8+5Xsxy71QWqGn7HYNUvch71iV2PM7+E3uWGox1Qp90loa1ephtCxG2ftRV/Conitc6P2Q==}
+    requiresBuild: true
     dependencies:
       micromark-util-symbol: 1.1.0
     dev: true
 
   /micromark-util-resolve-all@1.1.0:
     resolution: {integrity: sha512-b/G6BTMSg+bX+xVCshPTPyAu2tmA0E4X98NSR7eIbeC6ycCqCeE7wjfDIgzEbkzdEVJXRtOG4FbEm/uGbCRouA==}
+    requiresBuild: true
     dependencies:
       micromark-util-types: 1.1.0
     dev: true
 
   /micromark-util-sanitize-uri@1.2.0:
     resolution: {integrity: sha512-QO4GXv0XZfWey4pYFndLUKEAktKkG5kZTdUNaTAkzbuJxn2tNBOr+QtxR2XpWaMhbImT2dPzyLrPXLlPhph34A==}
+    requiresBuild: true
     dependencies:
       micromark-util-character: 1.2.0
       micromark-util-encode: 1.1.0
@@ -12250,6 +12271,7 @@ packages:
 
   /micromark-util-subtokenize@1.1.0:
     resolution: {integrity: sha512-kUQHyzRoxvZO2PuLzMt2P/dwVsTiivCK8icYTeR+3WgbuPqfHgPPy7nFKbeqRivBvn/3N3GBiNC+JRTMSxEC7A==}
+    requiresBuild: true
     dependencies:
       micromark-util-chunked: 1.1.0
       micromark-util-symbol: 1.1.0
@@ -12259,14 +12281,17 @@ packages:
 
   /micromark-util-symbol@1.1.0:
     resolution: {integrity: sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag==}
+    requiresBuild: true
     dev: true
 
   /micromark-util-types@1.1.0:
     resolution: {integrity: sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==}
+    requiresBuild: true
     dev: true
 
   /micromark@3.2.0:
     resolution: {integrity: sha512-uD66tJj54JLYq0De10AhWycZWGQNUvDI55xPgk2sQM5kn1JYlhbCMTtEeT27+vAhW2FBQxLlOmS3pmA7/2z4aA==}
+    requiresBuild: true
     dependencies:
       '@types/debug': 4.1.8
       debug: 4.3.4(supports-color@8.1.1)
@@ -12478,6 +12503,7 @@ packages:
   /mri@1.2.0:
     resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==}
     engines: {node: '>=4'}
+    requiresBuild: true
     dev: true
 
   /mrmime@1.0.1:
@@ -14450,7 +14476,7 @@ packages:
       parse-entities: 2.0.0
       repeat-string: 1.6.1
       state-toggle: 1.0.3
-      trim: 0.0.1
+      trim: 0.0.3
       trim-trailing-lines: 1.1.4
       unherit: 1.1.3
       unist-util-remove-position: 2.0.1
@@ -14646,6 +14672,7 @@ packages:
   /sade@1.8.1:
     resolution: {integrity: sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==}
     engines: {node: '>=6'}
+    requiresBuild: true
     dependencies:
       mri: 1.2.0
     dev: true
@@ -15610,8 +15637,8 @@ packages:
     resolution: {integrity: sha512-rjUWSqnfTNrjbB9NQWfPMH/xRK1deHeGsHoVfpxJ++XeYXE0d6B1En37AHfw3jtfTU7dzMzZL2jjpe8Qb5gLIQ==}
     dev: false
 
-  /trim@0.0.1:
-    resolution: {integrity: sha512-YzQV+TZg4AxpKxaTHK3c3D+kRDCGVEE7LemdlQZoQXn0iennk10RsIoY6ikzAqJTc9Xjl9C1/waHom/J86ziAQ==}
+  /trim@0.0.3:
+    resolution: {integrity: sha512-h82ywcYhHK7veeelXrCScdH7HkWfbIT1D/CgYO+nmDarz3SGNssVBMws6jU16Ga60AJCRAvPV6w6RLuNerQqjg==}
     deprecated: Use String.prototype.trim() instead
     dev: false
 
@@ -15898,6 +15925,7 @@ packages:
 
   /unist-util-stringify-position@3.0.3:
     resolution: {integrity: sha512-k5GzIBZ/QatR8N5X2y+drfpWG8IDBzdnVj6OInRNWm1oXrzydiaAT2OQiA8DPRRZyAKb9b6I2a6PxYklZD0gKg==}
+    requiresBuild: true
     dependencies:
       '@types/unist': 2.0.8
     dev: true
@@ -16125,6 +16153,7 @@ packages:
     resolution: {integrity: sha512-+g8ENReyr8YsOc6fv/NVJs2vFdHBnBNdfE49rshrTzDWOlUx4Gq7KOS2GD8eqhy2j+Ejq29+SbKH8yjkAqXqoA==}
     engines: {node: '>=8'}
     hasBin: true
+    requiresBuild: true
     dependencies:
       dequal: 2.0.3
       diff: 5.1.0

rush.json

@@ -7,13 +7,6 @@
   "rushVersion": "5.100.1",
   "pnpmVersion": "8.6.12",
   "ensureConsistentVersions": true,
-  /**
-   * Options that are only used when the PNPM package manager is selected
-   */
-  "pnpmOptions": {
-    "strictPeerDependencies": false,
-    "useWorkspaces": true
-  },
   "nodeSupportedVersionRange": ">=16.0.0",
   "suppressNodeLtsWarning": true,
   "projectFolderMinDepth": 1,