Update many package deps including babel, @types & more

[ghost]

devDeps including babel, @types/*, autocannon

deps react, react-dom and a few others

Note: @types/node requires code changes so leaving unchanged for the moment

What I've found with updating dependencies is that doing too many in one go sometimes results in tests failing.
Then you have absolutely no idea which dep version change was the problem so you have to start over and do them one by one with a tedious pnpm install/build/test cycle.

Anyway, if this PR is accepted then the state of stale versions according to pnpm -r outdated report will be as follows:

│ Package                                  │ Current      │ Latest        │ Dependents
│ @tsconfig/docusaurus (dev)               │ 1.0.2        │ 1.0.4         │ @verdaccio/website
│ @types/express (dev)                     │ 4.17.8       │ 4.17.13       │ verdaccio-dev
│ @changesets/cli (dev)                    │ 2.15.0       │ 2.16.0        │ verdaccio-dev
│ @material-ui/core (dev)                  │ 4.11.4       │ 4.12.3        │ @verdaccio/ui-theme
│ dompurify                                │ 2.0.8        │ 2.3.1         │ @verdaccio/readme
│ envinfo                                  │ 7.4.0        │ 7.8.1         │ @verdaccio/cli
│ esbuild-loader (dev)                     │ 2.13.1       │ 2.15.1        │ @verdaccio/website
│ express-rate-limit                       │ 5.2.3        │ 5.3.0         │ @verdaccio/server
│ fastify                                  │ 3.15.1       │ 3.20.2        │ @verdaccio/fastify-migration
│ handlebars                               │ 4.5.3        │ 4.7.7         │ @verdaccio/hooks
│ npm                                      │ 7.0.15       │ 7.21.1        │ @verdaccio/e2e-cli
│ request                                  │ 2.87.0       │ 2.88.2        │ @verdaccio/e2e-cli, @verdaccio/mock, @verdaccio/proxy
│ request (dev)                            │ 2.87.0       │ 2.88.2        │ @verdaccio/e2e-ui, @verdaccio/server
│ sass (dev)                               │ 1.35.2       │ 1.38.2        │ @verdaccio/website
│ webpack (dev)                            │ 5.33.2       │ 5.51.1        │ @verdaccio/cli-standalone, @verdaccio/ui-theme
│ @commitlint/cli (dev)                    │ 8.3.5        │ 13.1.0        │ verdaccio-dev
│ @commitlint/config-conventional (dev)    │ 8.2.0        │ 13.1.0        │ verdaccio-dev
│ @emotion/core (dev)                      │ 10.1.1       │ 11.0.0        │ @verdaccio/ui-theme
│ @emotion/styled (dev)                    │ 10.0.27      │ 11.3.0        │ @verdaccio/ui-theme
│ @emotion/styled-base (dev)               │ 10.0.31      │ 11.0.0        │ @verdaccio/ui-theme
│ @testing-library/dom (dev)               │ 7.31.2       │ 8.2.0         │ @verdaccio/ui-theme
│ @testing-library/react (dev)             │ 11.2.7       │ 12.0.0        │ @verdaccio/ui-theme
│ @types/node (dev)                        │ 14.6.0       │ 16.7.6        │ @verdaccio/types, verdaccio-dev
│ @types/webpack (dev)                     │ 4.41.26      │ 5.28.0        │ verdaccio-dev
│ activedirectory2                         │ 1.3.0        │ 2.1.0         │ @verdaccio/active-directory
│ babel-plugin-emotion (dev)               │ 10.0.33      │ 11.0.0        │ @verdaccio/ui-theme, verdaccio-dev
│ commander                                │ 6.2.0        │ 8.1.0         │ @verdaccio/cli
│ css-loader (dev)                         │ 5.2.1        │ 6.2.0         │ @verdaccio/ui-theme
│ emotion (dev)                            │ 10.0.27      │ 11.0.0        │ @verdaccio/ui-theme
│ emotion-theming (dev)                    │ 10.0.27      │ 11.0.0        │ @verdaccio/ui-theme
│ fast-crc32c (optional)                   │ 1.0.4        │ 2.0.0         │ verdaccio-google-cloud
│ file-loader (dev)                        │ 5.1.0        │ 6.2.0         │ @verdaccio/ui-theme
│ github-markdown-css (dev)                │ 3.0.1        │ 4.0.0         │ @verdaccio/ui-theme
│ history (dev)                            │ 4.10.1       │ 5.0.1         │ @verdaccio/ui-theme
│ http-status-codes                        │ 1.4.0        │ 2.1.4         │ @verdaccio/commons-api
│ husky (dev)                              │ 2.7.0        │ 7.0.2         │ verdaccio-dev
│ i18next (dev)                            │ 19.9.2       │ 20.4.0        │ @verdaccio/ui-theme
│ js-yaml                                  │ 3.14.0       │ 4.1.0         │ @verdaccio/config
│ js-yaml (dev)                            │ 3.14.0       │ 4.1.0         │ @verdaccio/ui-theme
│ jsdom                                    │ 15.2.1       │ 17.0.0        │ @verdaccio/readme
│ kleur                                    │ 3.0.3        │ 4.1.4         │ @verdaccio/cli, @verdaccio/logger-prettify
│ kleur (dev)                              │ 3.0.3        │ 4.1.4         │ @verdaccio/e2e-ui, verdaccio-dev
│ lint-staged (dev)                        │ 9.5.0        │ 11.1.2        │ @verdaccio/ui-theme, verdaccio-dev
│ lowdb                                    │ 1.0.0        │ 2.1.0         │ @verdaccio/local-storage
│ marked                                   │ 1.1.1        │ 3.0.2         │ @verdaccio/readme
│ mini-css-extract-plugin (dev)            │ 1.6.0        │ 2.2.0         │ @verdaccio/ui-theme
│ nock (dev)                               │ 12.0.3       │ 13.1.3        │ @verdaccio/proxy, verdaccio-audit, verdaccio-dev
│ node-html-parser (dev)                   │ 2.2.1        │ 4.1.4         │ @verdaccio/web
│ optimize-css-assets-webpack-plugin (dev) │ 5.0.8        │ 6.0.1         │ @verdaccio/ui-theme
│ ora (dev)                                │ 4.0.4        │ 6.0.0         │ @verdaccio/ui-theme
│ pnpm                                     │ 5.13.5       │ 6.14.5        │ @verdaccio/e2e-cli
│ pretty-ms                                │ 5.1.0        │ 7.0.1         │ @verdaccio/logger-prettify
│ puppeteer (dev)                          │ 9.1.1        │ 10.2.0        │ @verdaccio/e2e-ui
│ resolve-url-loader (dev)                 │ 3.1.1        │ 4.0.0         │ @verdaccio/ui-theme
│ source-map-loader (dev)                  │ 1.1.0        │ 3.0.0         │ @verdaccio/ui-theme
│ style-loader (dev)                       │ 1.2.1        │ 3.2.1         │ @verdaccio/ui-theme
│ stylelint-config-recommended (dev)       │ 3.0.0        │ 5.0.0         │ @verdaccio/ui-theme
│ stylelint-webpack-plugin (dev)           │ 2.2.1        │ 3.0.1         │ @verdaccio/ui-theme
│ wait-on (dev)                            │ 5.2.0        │ 6.0.0         │ @verdaccio/ui-theme
│ webpack-bundle-analyzer (dev)            │ 3.8.0        │ 4.4.2         │ @verdaccio/cli-standalone, @verdaccio/ui-theme
│ webpack-dev-server (dev)                 │ 3.11.2       │ 4.0.0         │ @verdaccio/ui-theme
│ webpack-manifest-plugin (dev)            │ 3.1.1        │ 4.0.2         │ @verdaccio/ui-theme
│ @changesets/changelog-github (dev)       │ 0.2.8        │ 0.4.0         │ verdaccio-dev
│ @docusaurus/core                         │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ @docusaurus/module-type-aliases (dev)    │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ @docusaurus/plugin-google-analytics      │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ @docusaurus/preset-classic               │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ @docusaurus/remark-plugin-npm2yarn       │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ @docusaurus/theme-search-algolia         │ 2.0.0-beta.4 │ 2.0.0-beta.5  │ @verdaccio/website
│ express                                  │ 4.17.1       │ 5.0.0-alpha.7 │ @verdaccio/api, @verdaccio/auth, @verdaccio/server, verdaccio/web, verdaccio-audit
│ express (dev)                            │ 4.17.1       │ 5.0.0-alpha.7 │ @verdaccio/tarball
│ pino                                     │ 6.11.3       │ 7.0.0-rc.1    │ @verdaccio/logger
│ pino (dev)                               │ 6.11.3       │ 7.0.0-rc.1    │ @verdaccio/logger-prettify

[ghost]

@juanpicado If you let me know which is the low hanging fruit for further dep updates from the pnpm -r outdated report above, I'm happy to do some more.

Possible suggestions might include:

@tsconfig/docusaurus:  1.0.2 => 1.0.4
@docusaurus/*:                2.0.0-beta.4 => 2.0.0-beta.5
dompurify:                          2.0.8 =>  2.3.1
envinfo:                                7.4.0 => 7.8.1
esbuild-loader:                  2.13.1 => 2.15.1
express-rate-limit:            5.2.3 => 5.3.0
fastify:                                  3.15.1 => 3.20.2
handlebars:                         4.5.3 => 4.7.7
npm:                                      7.0.15 => 7.21.1
sass:                                       1.35.2 => 1.38.2
pnpm:                                    5.13.5 => 6.14.5
anything else you might like to suggest that is not too dangerous

Note: the following are problematic (tried already and either build or test failed):

request:                               2.87.0  => 2.88.2
webpack:                             5.33.2 => 5.51.1 (suspect & webpack is always a moving target; you might know more)
@types/webpack:            ditto
@commitlint/*:                 8.3.5 => 13.1.0 (have to suck it and see; you might know more)
@emotion/*:                      10.x => 11.x (you need to dig in on this one per discussion issue I started)
@testing-library/*:           various major version changes and I'm not familiar enough with these packages
kleur:                                     3.0.3 => 4.1.4 (you need to dig in on this one per discussion issue I started)

[ghost]

@juanpicado I've figured out how to upgrade @types/node from 14.6.0 to latest 16.7.6 with only one change in the code base required in /verdaccio-dev/packages/auth/src/legacy-token.ts

Also there seems to be a benefit in upgrading to @types/[email protected] as quite a few @ts-ignores can seemingly be removed from a number of source files.

Typing improvements are always a good idea but I hesitate to do this in this PR. May I suggest an issue be created to update @types/node as generally I prefer to supply a PR against an issue number. If I create an issue for this should it be "bugs" or "discussion" category?

[juanpicado]

I'd not touch @docusaurus/*: or anything from the website folder, since cannot be tested on this PR, maybe a separated PR so we are sure not other dependencies affect the build and for that has to be a branch within this repo to be able to deploy the preview, your fork won't work as we noticed in the previous PR.

Typing improvements are always a good idea but I hesitate to do this in this PR

Yes, maybe a new PR, just maybe if you haven't noticed, the Node.js 16 is not enabled on CI because months ago tests were failing, so maybe make sense double-check in a separated PR.

I haven't check the whole PR, just quick reply :) about the questions above.

[ghost]

I think best let things settle down for a while after this PR gets in.
Agree mostly I didn't want to go near website folder (except there may be an inadvertent but innocuous version sync on something which differed with version in packages/*).
Agree, next time on a branch would be better too.
Re @types/node perhaps we just get it to latest in 14.x series.
Good luck with talk this week :)

[juanpicado]

LGTM

[juanpicado]

@indiescripter you have write permissions to work directly on this repo since you are part of the @verdaccio/collaborators group.

[juanpicado]

I think something got broken on master.

/home/runner/work/verdaccio/verdaccio/node_modules/.pnpm/[email protected]/node_modules/eslint/bin/eslint.js
Referenced from: /home/runner/work/verdaccio/verdaccio/node_modules/.pnpm/[email protected]_5a932766612959030cbbaf3bc45e8537/node_modules/eslint-config-airbnb-typescript/index.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:889:15)
    at Function.Module._load (internal/modules/cjs/loader.js:745:27)
    at Module.require (internal/modules/cjs/loader.js:961:19)
    at require (/home/runner/work/verdaccio/verdaccio/node_modules/.pnpm/[email protected]/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
    at Object.<anonymous> (/home/runner/work/verdaccio/verdaccio/node_modules/.pnpm/[email protected]_5a932766612959030cbbaf3bc45e8537/node_modules/eslint-config-airbnb-typescript/lib/shared.js:2:43)
    at Module._compile (/home/runner/work/verdaccio/verdaccio/node_modules/.pnpm/[email protected]/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1101:10)
    at Module.load (internal/modules/cjs/loader.js:937:32)
    at Function.Module._load (internal/modules/cjs/loader.js:778:12)
    at Module.require (internal/modules/cjs/loader.js:961:19)
/home/runner/work/verdaccio/verdaccio/website:
 ERROR  @verdaccio/[email protected] eslint:check: `eslint src/**/*.tsx`

[juanpicado]

Maybe we should align website and rest of the project, currently are using different setup of eslint and prettier.

[ghost]

@juanpicado
Ok, so to recap you have merged all that PR into master but the eslint is breaking on master.
Is there a problem moving forward if I simply delete my fork and refork to be sure to be sure (I'm paranoid you see).
Do you want me to create my own branch for aligning website with rest of project or still work on master?
That should be a fairly small task to just align eslint and prettier and associated settings/configs & try not to change any other deps unless absolutely necessary including no changes to docusaurus deps.
Would you like any of these updated?

dompurify:                          2.0.8 =>  2.3.1
envinfo:                                7.4.0 => 7.8.1
esbuild-loader:                  2.13.1 => 2.15.1
express-rate-limit:            5.2.3 => 5.3.0
fastify:                                  3.15.1 => 3.20.2
handlebars:                         4.5.3 => 4.7.7
npm:                                      7.0.15 => 7.21.1
sass:                                       1.35.2 => 1.38.2
pnpm:                                    5.13.5 => 6.14.5

[juanpicado]

Do you want me to create my own branch for aligning website with rest of the project or still work on master?

yes, feel free to create a branch on this repo, you could prefix it as indiescripter/xxxxx like I do with jota/xxx so it is much easier to know who is the owner of it.