Fix audit alerts and enforce frozen lockfile (#33266) (#33302)

alexslavr · web-flow · commit ec31dfb52e8d · 2026-04-16T18:52:30.000+04:00
diff --git a/.github/actions/run-qunit-tests/action.yml b/.github/actions/run-qunit-tests/action.yml
@@ -115,7 +115,7 @@ runs:
 
     - name: Install dependencies
       shell: bash
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build dotnet
       working-directory: ./packages/devextreme
diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml
@@ -46,7 +46,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run:  pnpm install
+        run:  pnpm install --frozen-lockfile
 
       - name: Build npm packages
         run: pnpm run all:build
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       # - name: Build npm packages
       #   run: pnpm run all:build
diff --git a/.github/workflows/default_workflow.yml b/.github/workflows/default_workflow.yml
@@ -51,7 +51,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Run targets
       run: >
diff --git a/.github/workflows/demos_unit_tests.yml b/.github/workflows/demos_unit_tests.yml
@@ -64,7 +64,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Run unit tests
         working-directory: apps/demos
diff --git a/.github/workflows/demos_visual_tests_frameworks.yml b/.github/workflows/demos_visual_tests_frameworks.yml
@@ -66,7 +66,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: DevExtreme - Build-all
         env:
@@ -136,7 +136,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Install tgz
       working-directory: apps/demos
@@ -232,7 +232,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Install tgz
         run: pnpm add -w ./devextreme-installer.tgz ./devextreme-dist-installer.tgz ./devextreme-react-installer.tgz ./devextreme-vue-installer.tgz ./devextreme-angular-installer.tgz
@@ -315,7 +315,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Install tgz
       run: pnpm add -w ./devextreme-installer.tgz ./devextreme-dist-installer.tgz ./devextreme-react-installer.tgz ./devextreme-vue-installer.tgz ./devextreme-angular-installer.tgz
@@ -479,7 +479,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Install tgz
       working-directory: apps/demos
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -49,7 +49,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Compile renovation
       working-directory: ./packages/devextreme
@@ -94,7 +94,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       working-directory: ./packages/devextreme
@@ -151,7 +151,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       working-directory: ./packages/devextreme
@@ -196,7 +196,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Check texts
       working-directory: ./packages/devextreme
@@ -235,60 +235,12 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Lint CSS
       working-directory: ./packages/devextreme-scss
       run: pnpx nx lint
 
-  pnpm_lock:
-    runs-on: devextreme-shr2
-    timeout-minutes: 10
-    steps:
-    - name: Get sources
-      uses: actions/checkout@v4
-
-    - name: Use Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '20'
-
-    - uses: pnpm/action-setup@v3
-      with:
-        version: 9
-        run_install: false
-
-    - name: Get pnpm store directory
-      shell: bash
-      run: |
-        echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-    - uses: actions/cache@v4
-      name: Setup pnpm cache
-      with:
-        path: |
-          ${{ env.STORE_PATH }}
-          .nx/cache
-        key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-        restore-keys: |
-          ${{ runner.os }}-pnpm-store
-
-    - name: Update lock-file
-      run: |
-        node -v
-        pnpm -v
-        pnpm install
-
-    - name: Upload lock-file
-      uses: actions/upload-artifact@v4
-      with:
-        name: package-lock.json
-        path: ./package-lock.json
-        retention-days: 1
-
-    - name: Check lock-file
-      run: git diff --exit-code pnpm-lock.yaml
-
   component_exports:
     runs-on: devextreme-shr2
     timeout-minutes: 10
@@ -322,7 +274,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Check generated component reexports
       working-directory: ./packages/devextreme
@@ -372,15 +324,15 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Lint wrappers
       run: pnpx nx run-many -t lint -p devextreme-angular devextreme-react devextreme-vue
 
   notify:
     runs-on: devextreme-shr2
     name: Send notifications
-    needs: [Renovation, TS, JS, CSS, texts, pnpm_lock, component_exports]
+    needs: [Renovation, TS, JS, CSS, texts, component_exports]
     if: github.event_name != 'pull_request' && contains(needs.*.result, 'failure')
 
     steps:
diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml
@@ -64,7 +64,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Set timestamp version
         if: ${{ env.SET_TIMESTAMP_VERSION == 'true' }}
@@ -150,7 +150,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Change package scope
         id: scopedPackage
diff --git a/.github/workflows/playgrounds_tests.yml b/.github/workflows/playgrounds_tests.yml
@@ -54,7 +54,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       working-directory: ./packages/devextreme
@@ -130,7 +130,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       working-directory: ./packages/devextreme-${{ matrix.ARGS.platform }}
diff --git a/.github/workflows/publish-demos.yml b/.github/workflows/publish-demos.yml
@@ -36,7 +36,7 @@ jobs:
     - name: Install dependencies
       run: |
         corepack enable
-        pnpm install
+        pnpm install --frozen-lockfile
 
     - name: DevExtreme - Build-all
       env:
@@ -103,7 +103,7 @@ jobs:
     - name: Install dependencies
       run: |
         corepack enable
-        pnpm install
+        pnpm install --frozen-lockfile
 
     - name: Install tgz
       working-directory: apps/demos
@@ -205,7 +205,7 @@ jobs:
     - name: Install dependencies
       run: |
         corepack enable
-        pnpm install
+        pnpm install --frozen-lockfile
 
     - name: Install tgz
       working-directory: apps/demos
diff --git a/.github/workflows/qunit_tests-additional-renovation.yml b/.github/workflows/qunit_tests-additional-renovation.yml
@@ -65,7 +65,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Build
         env:
diff --git a/.github/workflows/qunit_tests-renovation.yml b/.github/workflows/qunit_tests-renovation.yml
@@ -51,7 +51,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       working-directory: ./packages/devextreme
diff --git a/.github/workflows/renovation.yml b/.github/workflows/renovation.yml
@@ -49,7 +49,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build localization
       working-directory: ./packages/devextreme
diff --git a/.github/workflows/run-testcafe-on-gh-pages.yml b/.github/workflows/run-testcafe-on-gh-pages.yml
@@ -75,7 +75,7 @@ jobs:
               working-directory: devextreme
               run: |
                 corepack enable
-                pnpm install
+                pnpm install --frozen-lockfile
             
             - name: Run TestCafe tests
               working-directory: devextreme/apps/demos
diff --git a/.github/workflows/styles.yml b/.github/workflows/styles.yml
@@ -49,7 +49,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Run tests
       run: pnpx nx test devextreme-scss
diff --git a/.github/workflows/testcafe_tests.yml b/.github/workflows/testcafe_tests.yml
@@ -69,7 +69,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build
       shell: bash
@@ -232,7 +232,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Run TestCafe tests
       working-directory: ./e2e/testcafe-devextreme
diff --git a/.github/workflows/themebuilder_tests.yml b/.github/workflows/themebuilder_tests.yml
@@ -50,7 +50,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Build etalon bundles
       working-directory: ./packages/devextreme-scss
diff --git a/.github/workflows/ts_declarations.yml b/.github/workflows/ts_declarations.yml
@@ -45,7 +45,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Check dx.all.d.ts is up-to-date
       working-directory: ./packages/devextreme
@@ -102,7 +102,7 @@ jobs:
           ${{ runner.os }}-pnpm-store
 
     - name: Install dependencies
-      run: pnpm install
+      run: pnpm install --frozen-lockfile
 
     - name: Validate declarations
       working-directory: ./packages/devextreme
diff --git a/.github/workflows/update_version.yml b/.github/workflows/update_version.yml
@@ -49,7 +49,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Setup git config
         run: |
diff --git a/.github/workflows/wrapper_tests_e2e.yml b/.github/workflows/wrapper_tests_e2e.yml
@@ -53,7 +53,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Build all DevExtreme packages
         env:
@@ -131,7 +131,7 @@ jobs:
             ${{ runner.os }}-pnpm-store
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       - name: Start server for ${{ matrix.framework }}
         working-directory: e2e/wrappers
diff --git a/apps/angular/src/polyfills.ts b/apps/angular/src/polyfills.ts
diff --git a/tools/scripts/build-all.ts b/tools/scripts/build-all.ts
