Update JS dependencies to fix vulnerable "ws" dependency

[zachmargolis]

• yarn upgrade jsdom
• yarn upgrade webpack-dev-server

See: https://github.com/18F/identity-idp/security/dependabot/77

[aduth]

Can you try running yarn-deduplicate on this? I see a few entries in yarn.lock which look like they might be able to be deduplicated.

Related docs: https://github.com/18F/identity-idp/blob/main/docs/frontend.md#dependencies

[zachmargolis]

Can you try running yarn-deduplicate on this? I see a few entries in yarn.lock which look like they might be able to be deduplicated.

Related docs: https://github.com/18F/identity-idp/blob/main/docs/frontend.md#dependencies

done in 2a8ae12

how come we don't run yarn-deduplicate as a lint in CI?

[aduth]

how come we don't run yarn-deduplicate as a lint in CI?

We probably could, and I've become a stronger proponent of it over time. Originally I thought it was a "nice to have", but didn't want to impose it, since it's an extra (unofficial) dependency and an extra step of the workflow to use. But now that you mention it, I do think it could be nice to enforce.

[n1zyy]

I checked this out and the app runs fine. (I mean, I guess tests cover that comprehensively anyway.)

However, I'm noticing:

% git diff
diff --git a/yarn.lock b/yarn.lock
index 1c765b27c..2b002b362 100644
Binary files a/yarn.lock and b/yarn.lock differ

I had run make update, the relevant part being yarn install. Why does it think it's a binary file?

[n1zyy]

Here is the diff:

% git diff --text
diff --git a/yarn.lock b/yarn.lock
index 1c765b27c..2b002b362 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2411,7 +2411,7 @@ brace-expansion@^2.0.1:
   dependencies:
     balanced-match "^1.0.0"

-braces@^3.0.2, braces@^3.0.3, braces@~3.0.2:
+braces@^3.0.3, braces@~3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
   integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
@@ -3838,7 +3838,7 @@ fsevents@~2.3.2:
   resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6"
   integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==

-function-bind@^1.1.1, function-bind@^1.1.2:
+function-bind@^1.1.2:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c"
   integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
@@ -3873,7 +3873,7 @@ get-func-name@^2.0.0, get-func-name@^2.0.2:
   resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.2.tgz#0d7cf20cd13fda808669ffa88f4ffc7a3943fc41"
   integrity sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==

-get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.0, get-intrinsic@^1.2.4:
+get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.0, get-intrinsic@^1.2.4:
   version "1.2.4"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.4.tgz#e385f5a4b5227d449c3eabbad05494ef0abbeadd"
   integrity sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==

I am unsure if this is my environment just being wonky again, though?

[zachmargolis]

Why does it think it's a binary file?

see #10856