The `angular-marked` package is already listed in `package.json`,
which itself has a dependency on `marked`, so we don't need to list
it explicitly ourselves.
Packages have been updated as follows:
* `angular*`, `react*` and `enzyme`: Unchanged (latest patch version),
for the same reasons as in bug 1364010.
* all other packages have been bumped to their latest minor version.
* caret version ranges have been converted to exact versions, for
parity with the rest of the versions and to make it easier to
identify which version is being used without having to view the
lock file.
This was performed using:
```
sudo yarn global add npm-check-updates
ncu --upgrade --upgradeAll --semverLevel minor
ncu --upgrade --upgradeAll --semverLevel major --reject '/^(angular|react|enzyme).*/'
```
The lock file was then regenerated using:
```
rm -rf node_modules/ yarn.lock
yarn install --no-bin-links
```
Other bugs will handle the more involved `angular*`, `react*`,
`enzyme` and `neutrino*` updates (see deps of bug 1364010).
metrics-graphics is built over d3. So there is no need to add its pacakage separately.
Direct include of metrics-graphics is redundant with the angular fixture.
This replaces the old, "fake" JSON-e with the real JSON-e library.
The library is packaged as a service since the action spec will
eventually specify additional context values, and we want to apply those
values universally.
There were only two tiny issues that affected us:
* $.bind has been deprecated, so it is a switch to $.on
* Found a function that was dead code, so removed it
The webpack-md5-hash plugin attempts to make the generated hashes
less susceptible to churn when chunks haven't actually changed.
However it requires careful use and clearly wasn't set up correctly,
since the manifest file hashes were always the same regardless of
content, causing stale files and runtime errors in production.
Once Neutrino v6 is released, we can use its new in-built support
for caching to save having to implement this ourselves.
The only change is the move of `karma` from angular-toarrayfilter's
`dependencies` to `devDependencies`, which stops us unnecessarily
pulling in an ancient version of karma, and the resultant security
warnings.
Packages have been updated as follows:
* `angular*`: Latest patch version, since it doesn't follow semver.
* `react*`: Latest patch version, since in 15.5 some obtrusive
deprecation warnings were added, and `enzyme`'s peer-dependencies
need adjusting too.
* `enzyme`: Unchanged, since the newer minor version gives warnings.
* all other packages have been bumped to their latest minor version.
This was performed using:
```
sudo yarn global add npm-check-updates
ncu --upgrade --upgradeAll --semverLevel minor
ncu --upgrade --upgradeAll --semverLevel major --reject '/^(angular|react|enzyme).*/'
```
In addition, `karma-coverage-istanbul-reporter`, `taskcluster-client`
and `hawk` have been bumped to the latest major versions since their
changelogs don't show any breaking changes that impact us.
The lock file was then regenerated using:
```
rm -rf node_modules/ yarn.lock
yarn install --no-bin-links
```
At some point later we'll want to perform the more involved `angular*`,
`react*`, `enzyme`, `jquery` and `neutrino*` updates.
Since it's faster, deterministic and doesn't given obscure errors when
using `--no-bin-links` (which is required for both npm and yarn on
Windows hosts), and as such unblocks the work in bug 1343624.
Many of the commands are the same as with npm. See:
https://yarnpkg.com/en/docs/usage