Replace awesome-typescript-loader with ts-loader, update package-lock.json

[easbar]

As I wrote here #148 (comment), I could not run

rm -rf node_modules/ && rm -f package-lock.json && npm i && npm run serve

without errors.

awesome-typescript-loader has not been updated in three years, so I decided to replace it with a recent version of ts-loader. This actually fixed the problem.

A few more changes were necessary to make this work:

• I wanted to do a clean update so I removed package-lock.json before doing the change, but this also meant a minor version update of react-map-gl. This in turn resulted in a few type errors that I had to fix (see changes in Map.tsx).
• More type errors were due to missing types for jest, so I added @types/jest
• The old package-lock.json was using some non-default formatting, so there are lots of whitespace changes. We already discussed this here: Fix infinite loop when back button is pressed #125 (comment) (and following comments), but never actually updated the file. The new file is the one that I got directly from npm i using npm 6.14.15.

[easbar]

With this PR I can also do a clean update (delete node_modules and package-lock.json and then run npm i again) using the latest node LTS (gallium, npm=8.1.0). This does not work in master (see here: #148 (comment)). Using npm=8.1.0 the package-lock.json file will change again. Not a big issue I think but if we decided to use gallium we could just as well update to this newer node/npm version already here.

[karussell]

What a seemingly simple but involved task. Thank you!

Using npm=8.1.0 the package-lock.json file will change again

Let's do this as fast as possible (be it in a separate PR or just separate commit, don't care much :) ).

I just tried it with this LTS and the app runs and the tests are green :) (using node 16.13.0 and npm 8.1.0)

[easbar]

Ok, I just upgraded the package-lock file to 8.1.0. I also dded a note in README.md that we recommend using node LTS gallium.

I agree let's merge this, because it is working and something is broken in master. If we ever want to go back to awesome-typescript-loader we can still figure out how to do it properly and do this.

[easbar]

Just remember that when switching branches we either need to update package-lock.json or downgrade the npm version, because the 'lockfileVersion' changes from 1 to 2 between npm 6 and 8. Future PRs should use npm 8 and lockfileVersion=2 of course.

[easbar]

For travis we also use npm 8.1.0 (latest LTS) already by the way.

[Janekdererste]

I had the chance to try it now. Unfortunately this doesn't work for me yet.

I have tried with Windows 11 and npm 8.1.0. I get the following error. Something seems to be off with the height graph. If I delete the package.lock.json file, The build executes without errors.

npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN tarball tarball data for leaflet.heightgraph@git+ssh://[email protected]/easbar/Leaflet.Heightgraph.git#82cff7b3013dd73d7221521c5b404ded6439e050 (sha512-tLP00wuPdjJnHr8eCvZFIir5yOD7b9Anb3TrfbWDlji925iS5oN3TU9p8exnsn1jtxjO4TXc2X/3LaeznSxP3w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for leaflet.heightgraph@git+ssh://[email protected]/easbar/Leaflet.Heightgraph.git#82cff7b3013dd73d7221521c5b404ded6439e050 (sha512-tLP00wuPdjJnHr8eCvZFIir5yOD7b9Anb3TrfbWDlji925iS5oN3TU9p8exnsn1jtxjO4TXc2X/3LaeznSxP3w==) seems to be corrupted. Trying again.
npm ERR! code EINTEGRITY
npm ERR! sha512-tLP00wuPdjJnHr8eCvZFIir5yOD7b9Anb3TrfbWDlji925iS5oN3TU9p8exnsn1jtxjO4TXc2X/3LaeznSxP3w== integrity checksum failed when using sha512: wanted sha512-tLP00wuPdjJnHr8eCvZFIir5yOD7b9Anb3TrfbWDlji925iS5oN3TU9p8exnsn1jtxjO4TXc2X/3LaeznSxP3w== but got sha512-GXjNO98aQN3B0Md+Hf3OrKgkVmy4idVNbDcoMhE/EZwZqpZxxhHSyFxw2k8hD0bnb/Jscsbmpdf9BA/ya2XyJg==. (187792 bytes)

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\Janekdererste\AppData\Local\npm-cache\_logs\2021-11-16T13_13_34_843Z-debug.log

[easbar]

How does the package-lock.json created by your setup differ from the one I commited? Can you push your file to some branch so I can try it on my machine?

[easbar]

And just to be sure, did you try deleting the node_modules folder and run npm i again (without deleting the package-lock.json file)? I also noticed that the package-lock.json changes if I create it again, because some dependencies were already updated in the meantime. I therefore just updated the file again.

[Janekdererste]

I had to do the following:

• Delete node_modules
• run npm update
• run npm install

This updated a lot of dependencies in the packte-lock.json file. You can find it here

Now, there are vulnerabilities again, when running npm install

[easbar]

Using your branch I deleted node_modules and ran npm i again. I then get the same error as you did with mine. The package-lock.json files actually differ in the integrity value of the heightgraph dependency's entry.

I also just updated package-lock.json again and many of the changes in your file seem to be due to updated dependency versions between now and yesterday?!

So our setups produce different package-lock.json files for some reason and in both cases we get an error :( I'll try to find out what else can cause this (maybe some npm modules cache?)

[easbar]

Can you please try this: npm/npm#16938 (comment) ?
I still get this error (using your package-lock.json file):

npm WARN tarball tarball data for leaflet.heightgraph@git+ssh://[email protected]/easbar/Leaflet.Heightgraph.git#82cff7b3013dd73d7221521c5b404ded6439e050 (sha512-GXjNO98aQN3B0Md+Hf3OrKgkVmy4idVNbDcoMhE/EZwZqpZxxhHSyFxw2k8hD0bnb/Jscsbmpdf9BA/ya2XyJg==) seems to be corrupted. Trying again.

but maybe you can reproduce my package-lock.json file after running npm cache clean --force as recommended in above github comment?

My npm and node versions:

$ node -v
v16.13.0
$ npm -v
8.1.0

[Janekdererste]

clearing the cashe didn't solve the problem. I still get the same error message. The node and npm versions are identical to yours.

[easbar]

clearing the cashe didn't solve the problem. I still get the same error message. The node and npm versions are identical to yours.

dang... but thanks for testing. no idea what we should do tbh.

[Janekdererste]

Did you clear your cashe? :-)

[easbar]

Yes :) And @karussell tried it as well and saw the same behavior that I see (works with my package-lock.json but not with yours). But he also uses Linux.

[easbar]

Should we try downgrading to the previous node LTS version (fermium)?

[easbar]

I just went back to node fermium (not gallium as i wrote in the commit message):

$ nvm use --lts=fermium
$ node -v
v14.18.1
$ npm -v
6.14.15

Can you please try if this works?

[easbar]

Luckily at least the Fermium LTS seems to work for everybody.