Regenerate lock files for experiment templates

[jessestorbeck]

I noticed all our dependabot security alerts relate to lock files rather than our direct dependencies in package.json. Here I just deleted and regenerated all lock files in the experiment templates (in /api controllers, /web page, and /worker for each exp template). This should resolve a bunch of our current dependabot security alerts.

I've tested the templates locally and in a codespace, and everything looks normal. The experiments run and collect data as expected. The one thing I noticed when regenerating the lock files for the worker packages was I would get the following warnings:

jessestorbeck@Jesses-MacBook-Pro worker % yarn
yarn install v1.22.21
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning pushkin-worker > @babel/polyfill@7.12.1: 🚨 This package has been deprecated in favor of separate inclusion of a polyfill and regenerator-runtime (when needed). See the @babel/polyfill docs (https://babeljs.io/docs/en/babel-polyfill) for more information.
warning pushkin-worker > @babel/polyfill > core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 🔨  Building fresh packages...
success Saved lockfile.
✨  Done in 2.15s.

It seems like we'll need to eventually do some dependency upgrades for pushkin-worker, but I'm not certain yet what specifically is needed. At any rate, it doesn't currently seem to affect anything.

@hunterschep @ayang21 -- For testing this, you'll want to use the dev CLI (node <build path> etc.) and install all templates from path.

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: 2c9609743f32c15a6e812daeb15188bc481a3864

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages

| Name | Type | | ---------------------------------------------- | ----- | | @pushkin-templates/exp-grammaticality-judgment | Patch | | @pushkin-templates/exp-self-paced-reading | Patch | | @pushkin-templates/exp-lexical-decision | Patch | | @pushkin-templates/exp-basic | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[jessestorbeck]

@hunterschep,

There are some dependency warnings for the different experiment templates, would we be able to resolve this

Are you referring to these when you install the first experiment template in your site?

warning @pushkin-templates/exp-basic > jest-environment-jsdom > jsdom > abab@2.0.6: Use your platform's native atob() and btoa() methods instead
warning @pushkin-templates/exp-basic > jest-environment-jsdom > jsdom > data-urls > abab@2.0.6: Use your platform's native atob() and btoa() methods instead
warning @pushkin-templates/exp-basic > jest-environment-jsdom > jsdom > domexception@4.0.0: Use your platform's native DOMException instead

See https://github.com/jestjs/jest/issues/14890. Seems like we could (a) not worry about it, since it's not currently breaking any tests, and upgrade jest-environment-jsdom at a later date, (b) try to implement the fix suggested in the issue, or (c) have the CLI suppress the warnings. We can discuss today.

The package.json seems to missing a license which spits out an annoying warning

Can you show me what you're referring to? The package.json for all the templates contains "license": "MIT".

It would be nice to have something that installed all 5 templates in one command

Will you make an issue and assign it to me? I think the best way is to leave install site alone and then have an option for install experiment that does all the available templates. We'll want this to work when there is more than one available site template.