Fix dependency related build problems by downgrading.

[kaladay]

I happened to have a 2 year old package lock file. Compare and copy and paste several of the versions and problematic packages. This could use further review to get the latest but still working versions. For now, this is good enough to get things compiling.

The 12.2.16 versions of angular happened to be being pulled down by recent installs but the older package lock file shows 12.2.17. Explicitly set the 12.2.17 in all angular cases.

Several dependencies have warnings like these:

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'cheerio@1.0.0',
npm WARN EBADENGINE   required: { node: '>=18.17' },
npm WARN EBADENGINE   current: { node: 'v16.18.1', npm: '8.19.2' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'undici@6.19.8',
npm WARN EBADENGINE   required: { node: '>=18.17' },
npm WARN EBADENGINE   current: { node: 'v16.18.1', npm: '8.19.2' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'whatwg-mimetype@4.0.0',
npm WARN EBADENGINE   required: { node: '>=18' },
npm WARN EBADENGINE   current: { node: 'v16.18.1', npm: '8.19.2' }
npm WARN EBADENGINE }

Downgrade the dependencies to known versions that do build.

I explicitly set the typescript version to >=4.2.3 <4.4 based on some of the contents of the 2 year old package lock file. I do not know what is ideal here for the version numbers but this is good enough for now.

This also requires using Node v16 in user-space to build.

[kaladay]

This isn't an upgrade. This is a downgrade to known versions that worked in 2022. The Angular changes are done because that was the version available in 2022 but for some reason NPM is now pulling an older version of angular than from 2022 when doing npm install without these changes.

I'll attach my 2022 package-lock.json file to this for reference.

[kaladay]

The 2022 package lock file that works without error and was used to generate this PR.

package-lock.json

[kaladay]

Here is also the package.json file from two years ago to match that lock file above.

package.json

[wwelling]

It is neither a downgrade or upgrade and shouldn't be either. It is fixing the implicit dependency versions to when the build worked.

[wwelling]

The reason we should not upgrade angular as tamu-library-components is what we need a change for, and it does not require any weaver-component changes. We should maintain these but not have it prevent the feature request for the header.

[wwelling]

How did your package-lock.json have a later version of angular that is fixed to a version in the package.json?

[kaladay]

How did your package-lock.json have a later version of angular that is fixed to a version in the package.json?

Probably because of the dependencies and how NPM does its thing. We have apparently been using a newer angular than the one specified in the package json file because of dependencies pulling things in.

This PR fixes the state to be explicitly what it has already been doing.

The reason we should not upgrade angular as...

We are in agreement. This PR does NOT upgrade angular. It explicitly sets it to what it has already been doing for years now as noted by the lock file.

[wwelling]

It explicitly sets it to what it has already been doing for years now as noted by the lock file.

Aren't lock files environment specific? I am fine with the patch upgrade of angular in the package.json. We will have to upgrade similar in tamu-library-components or have another incorrect peer dependency. If not reworking the entire dependency management altogether. It is a bit overwhelming between the two and the projects package.json.

[rmathew1011]

Update: A spike has been created to address this issue further: https://github.com/TAMULib/weaver-components/issues/526

Requesting to review/approve the above PR.

Thank you.