-
Notifications
You must be signed in to change notification settings - Fork 209
Expand file tree
/
Copy pathpackage.json
More file actions
199 lines (199 loc) · 10.8 KB
/
package.json
File metadata and controls
199 lines (199 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
{
"name": "teams-js-monorepo",
"private": true,
"author": "Microsoft Teams",
"engines": {
"pnpm": ">=9.0.6",
"node": ">=18.0.0"
},
"scripts": {
"build": "lerna run build --stream",
"build-force-blazor": "pnpm build && pnpm build-blazor-app",
"build:clean": "pnpm clean && pnpm build",
"bundleAnalyze": "pnpm --filter @microsoft/bundle-analysis-app webpack:profile",
"bundleAnalyze:collect": "pnpm bundleAnalyze && node tools/cli/collectBundleAnalysis.js --folderName bundleAnalysis",
"build-blazor-app": "pnpm --filter blazor-test-app blazor-build",
"build-test-app-CDN": "pnpm --filter teams-test-app build:CDN",
"build-test-app-local": "pnpm --filter teams-test-app build:local",
"changefile": "pnpm beachball --no-commit",
"clean": "lerna run clean --stream",
"clean:full": "pnpm clean && pnpm clean:modules",
"clean:modules": "lerna clean -y && rimraf node_modules",
"docs": "pnpm --filter @microsoft/teams-js docs",
"docs:validate": "pnpm --filter @microsoft/teams-js docs:validate",
"lint": "lerna run lint",
"setup-ssr-app-cert": "node tools/cli/setupSSRCerts.js",
"size": "lerna run size",
"start-blazor-app": "pnpm --filter blazor-test-app start",
"start-perf-app": "pnpm --filter teams-perf-test-app start",
"start-ssr-app": "pnpm --filter ssr-test-app start",
"start-ssr-app:https": "pnpm --filter ssr-test-app dev:https",
"start-test-app": "pnpm --filter teams-test-app start",
"start-test-app-CDN": "pnpm --filter teams-test-app start:CDN",
"start-test-app-local": "pnpm --filter teams-test-app start:local",
"test": "lerna run test --stream",
"validate-test-schema": "ts-node tools/validateTestSchema.ts"
},
"devDependencies": {
"@babel/core": "^7.24.4",
"@babel/plugin-transform-runtime": "^7.24.3",
"@babel/preset-env": "^7.24.4",
"@babel/preset-react": "^7.24.1",
"@babel/preset-typescript": "^7.24.1",
"@babel/runtime": "^7.24.4",
"@microsoft/eslint-plugin-sdl": "^0.2.2",
"@mixer/webpack-bundle-compare": "^0.1.1",
"@next/eslint-plugin-next": "^15.5.7",
"@octokit/core": "^3.6.0",
"@rollup/plugin-commonjs": "^26.0.1",
"@rollup/plugin-json": "^6.1.0",
"@rollup/plugin-node-resolve": "^15.2.3",
"@rollup/plugin-replace": "5.0.7",
"@rollup/plugin-terser": "0.4.4",
"@rollup/plugin-typescript": "^11.1.6",
"@size-limit/preset-big-lib": "^11.2.0",
"@types/fs-extra": "^9.0.13",
"@types/jest": "^27.5.2",
"@types/jscodeshift": "^0.11.11",
"@types/msgpack-lite": "^0.1.11",
"@types/node": "^20.0.0",
"@types/pako": "^1.0.7",
"@types/react": "^17.0.80",
"@types/react-dom": "^17.0.25",
"@types/webpack": "^4.41.40",
"@typescript-eslint/eslint-plugin": "^7.13.1",
"@typescript-eslint/parser": "^7.13.1",
"ajv": "^8.12.0",
"babel-loader": "^9.2.1",
"beachball": "^2.43.0",
"copy-webpack-plugin": "12.0.2",
"cross-env": "^7.0.3",
"css-loader": "^7.1.2",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-only-error": "^1.0.2",
"eslint-plugin-prettier": "^5.1.3",
"eslint-plugin-react": "^7.34.3",
"eslint-plugin-react-hooks": "^4.6.2",
"eslint-plugin-security": "^3.0.1",
"eslint-plugin-simple-import-sort": "^12.1.0",
"eslint-plugin-strict-null-checks": "^0.1.2",
"filemanager-webpack-plugin": "^8.0.0",
"fs-extra": "^9.1.0",
"html-webpack-plugin": "^5.6.3",
"jest": "^29.7.0",
"jest-environment-jsdom": "^29.7.0",
"jest-junit": "^15.0.0",
"jsdom": "^24.1.0",
"lerna": "^8.1.9",
"merge2": "1.0.2",
"path": "^0.12.7",
"prettier": "^3.3.2",
"rimraf": "^5.0.7",
"rollup": "^4.24.4",
"rollup-plugin-dts": "^6.1.1",
"rollup-plugin-polyfill-node": "^0.13.0",
"shx": "^0.3.4",
"size-limit": "^11.2.0",
"style-loader": "^4.0.0",
"ts-jest": "^29.1.2",
"ts-loader": "^9.5.1",
"ts-node": "^10.9.2",
"tslib": "^2.3.1",
"typedoc": "^0.24.8",
"typescript": "^4.9.5",
"webpack": "^5.97.1",
"webpack-assets-manifest": "^5.2.1",
"webpack-bundle-analyzer": "^4.10.2",
"webpack-cli": "^6.0.1",
"webpack-dev-server": "^5.2.3",
"webpack-merge": "^6.0.1",
"webpack-subresource-integrity": "^5.2.0-rc.1",
"yargs": "^17.7.2"
},
"pnpm": {
"overrides": {
"@azure/identity": ">=4.2.1",
"cookie": ">=0.7.0",
"cross-spawn": ">=7.0.5",
"dns-packet": "^1.3.2",
"express": "^4.21.0",
"follow-redirects": "^1.15.6",
"form-data": "^4.0.4",
"glob-parent": "^5.1.2",
"http-proxy-middleware": ">=2.0.7",
"jsdom": "^24.0.0",
"ip": ">=2.0.1",
"lodash": "^4.17.21",
"merge": "^2.1.1",
"micromatch": ">=4.0.8",
"minimist": "^0.2.4",
"nanoid": "3.3.11",
"nth-check": ">=2.0.1",
"postcss": "8.5.6",
"qs": "6.14.2",
"semver": "^7.5.2",
"serialize-javascript": "^3.1.0",
"set-value": "^2.0.1",
"socks": "^2.7.3",
"string_decoder": "^1.3.0",
"tar": ">=6.2.1",
"tough-cookie": "^4.1.3",
"underscore": "1.13.8",
"url-parse": "^1.5.0",
"word-wrap": "^1.2.4",
"y18n": "^4.0.1",
"picomatch": ">=2.3.1,<3.0.0||>=4.0.4"
},
"overrides-explanation": {
"WHAT IS THIS SECTION": "pnpm ignores this section and comments aren't allowed in JSON files. This section documents why the above overrides have been put in place. If you add an override, describe it in this section.",
"cookie": "There is a vulnerability with cookie versions less than 0.7.0. This package is currently being consumed in @types/webpack and needs to be updated there. For now we will override this until that is fixed.",
"cross-spawn": "There is a vulnerability with cross-spawn versions less than 7.0.5 This package is currently being consumed in @types/webpack and needs to be updated there. For now we will override this until that is fixed.",
"express": "There is a vulnerability in older versions of the express package that is consumed by webpack-dev-server, this has been patched in a later version of express that webpack-dev-server has not updated yet. Once they update this package, we can remove this override",
"follow-redirects": "There is a vulnerability in the follow-redirects package, and a fix has been provided. However, we consume the follow-redirects package via webpack-dev-server, Lerna, and wait-on, eventually. We are using this newer version of follow-redirects to avoid the vulnerability. If webpack-dev-server, Lerna, and wait-on packages are ever updated to a version of follow-redirects that fixes the vulnerability, we can remove this override and update the three packages accordingly.",
"form-data": "There is a vulnerability with form-data versions less than 4.0.4. This package is consumed indirectly by jest-environment-jsdom@29.7.0, jsdom@24.1.0, and lerna@8.1.9",
"micromatch": "There is a vulnerability with micromatch versions less than 4.0.8 This package is currently being consumed in @types/webpack and needs to be updated there. For now we will override this until that is fixed.",
"nanoid": "New nanoid 5.x releases are ESM-only and break our webpack/css-loader stack that still uses require(), so we pin to 3.3.11 (last 3.x CJS release).",
"postcss": "Pinned to 8.5.6 so we stay on the latest 8.x while forcing its nanoid dependency to the compatible 3.3.11 CJS build until our tooling is ESM-ready.",
"socks": "There is a vulnerability in the ip package which has no fix. We consume ip via socks (eventually via lerna). Socks released a new version that removed the ip dependency. We are using this newer version of socks to avoid the vulnerability. If ip is ever updated or lerna (or any package in the chain) eventually updates to a version of socks that doesn't depend on ip, we can remove this override",
"tar": "There is a vulnerability in the tar package which is being used by lerna that hasn't yet been updated. Once this is patched in lerna we can remove this override",
"underscore": "Security vulnerability (prototype pollution) fixed in version 1.13.8. Pinned to address prototype pollution issues in older versions.",
"picomatch": "CVE-2026-33671: picomatch 4.0.3 has a ReDoS vulnerability. Override to >=4.0.4 for v4 consumers while preserving v2 compatibility."
}
},
"dependencies": {
"skeleton-buffer": "file:./skeleton-buffer",
"uuid": "^9.0.1"
},
"size-limit": [
{
"brotli": false,
"path": "./packages/teams-js/dist/esm/packages/teams-js/src/index.js",
"import": "{ app, authentication, pages }",
"limit": "60.2 KB"
},
{
"brotli": false,
"path": "./packages/teams-js/dist/esm/packages/teams-js/src/index.js",
"import": "{ nestedAppAuthBridge }",
"limit": "4 KB"
},
{
"brotli": false,
"path": "./packages/teams-js/dist/esm/packages/teams-js/src/index.js",
"import": "*"
}
],
"size-limit-explanation": [
"There are 2 configurations for size-limit. The first configuration is used to test treeshakability in teams-js. If treeshaking is broken in any capability other than `app`, `authentication`, or `pages`, then the size of the build",
"will increase above the set amount. The limit is currently just slightly above the size of building the library and importing the 3 specified capabilities. If your build ever fails because of this size-limit check there are a few scenarios you may fall into:",
"1. You made changes to a file other than `app`, `authentication`, `pages`, or an internal folder file that unintentionally broke treeshakability, and you need to investigate and resolve why this has happened.",
"2. You made a change to either `app`, `authentication`, `pages`, or an internal folder file. These size changes are intentional and do not affect treeshaking. In this case, you need to determine the new size of the build and update the size-limit accordingly.",
"3. You made changes to a file other than `app`, `authentication`, `pages`, or an internal folder file that justly requires the size of the build to increase. This can be due to other factors that do not affect treeshakability, but do result",
"in a package size increase. An example of this may be adding references to another library that requires a polyfill. The inclusion of that polyfill may increase the library size.",
"Any time you increase the size-limit of the build, be sure to include an explanation of why it is necessary in the PR description.",
"If you run into any problems or have questions, reach out to [Noah Darveau](noahdarveau-MSFT@microsoft.com) or file an issue on the [Teams-JS github page](https://github.com/OfficeDev/microsoft-teams-library-js).",
"The second configration is there as a simple and easy way to determine the size of the entire library."
]
}