From d662faf471c372addc138561eb777c565f2b5d6e Mon Sep 17 00:00:00 2001 From: Timur Olzhabayev Date: Tue, 19 May 2026 14:57:56 +0200 Subject: [PATCH] chore(deps): pin npm dependencies and harden .npmrc Replace semver ranges in dependencies and devDependencies with the exact versions already resolved by package-lock.json. Direct deps no longer drift across reinstalls. Also harden .npmrc with supply-chain settings: - allow-git=none (block git dependencies) - ignore-scripts=true (was already set, kept) - min-release-age=3 (only install packages at least 3 days old) --- .npmrc | 2 ++ package-lock.json | 36 ++++++++++++++++++------------------ package.json | 36 ++++++++++++++++++------------------ 3 files changed, 38 insertions(+), 36 deletions(-) diff --git a/.npmrc b/.npmrc index 97b895e..573f360 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,3 @@ ignore-scripts=true +allow-git=none +min-release-age=3 diff --git a/package-lock.json b/package-lock.json index 6d0c8c0..1884b7d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,26 +9,26 @@ "version": "3.2.2", "license": "MIT", "dependencies": { - "@emotion/css": "^11.13.5", - "@grafana/data": "^12.2.0", + "@emotion/css": "11.13.5", + "@grafana/data": "12.2.0", "@grafana/i18n": "12.4.0-21947912385", - "@grafana/runtime": "^12.2.0", - "@grafana/schema": "^12.2.0", - "@grafana/ui": "^12.2.0", + "@grafana/runtime": "12.2.0", + "@grafana/schema": "12.2.0", + "@grafana/ui": "12.2.0", "moment-timezone": "0.6.0", "react": "18.3.1", "react-dom": "18.3.1", - "semver": "^7.7.3" + "semver": "7.7.3" }, "devDependencies": { - "@grafana/eslint-config": "^9.0.0", + "@grafana/eslint-config": "9.0.0", "@grafana/eslint-plugin-plugins": "0.6.0", - "@grafana/plugin-e2e": "^3.7.0", - "@grafana/tsconfig": "^2.0.0", + "@grafana/plugin-e2e": "3.7.0", + "@grafana/tsconfig": "2.0.0", "@playwright/test": "1.57.0", "@stylistic/eslint-plugin-ts": "4.4.1", "@swc/core": "1.15.8", - "@swc/helpers": "^0.5.0", + "@swc/helpers": "0.5.17", "@swc/jest": "0.2.39", "@testing-library/jest-dom": "6.9.1", "@testing-library/react": "16.3.1", @@ -36,7 +36,7 @@ "@types/node": "24.10.3", "@types/react": "18.3.26", "@types/react-dom": "18.3.7", - "@types/semver": "^7.7.1", + "@types/semver": "7.7.1", "@typescript-eslint/eslint-plugin": "8.51.0", "@typescript-eslint/parser": "8.51.0", "copy-webpack-plugin": "13.0.1", @@ -50,26 +50,26 @@ "eslint-webpack-plugin": "5.0.2", "fork-ts-checker-webpack-plugin": "9.1.0", "glob": "11.1.0", - "i18next-cli": "^1.36.1", + "i18next-cli": "1.36.1", "identity-obj-proxy": "3.0.0", - "imports-loader": "^5.0.0", + "imports-loader": "5.0.0", "jest": "30.2.0", "jest-environment-jsdom": "30.2.0", "moment": "2.30.1", "prettier": "3.7.4", - "replace-in-file-webpack-plugin": "^1.0.6", + "replace-in-file-webpack-plugin": "1.0.6", "sass": "1.93.3", "sass-loader": "16.0.6", "style-loader": "4.0.0", "swc-loader": "0.2.6", "terser-webpack-plugin": "5.3.16", - "ts-node": "^10.9.2", + "ts-node": "10.9.2", "typescript": "5.9.3", "webpack": "5.104.1", "webpack-cli": "6.0.1", - "webpack-livereload-plugin": "^3.0.2", - "webpack-subresource-integrity": "^5.1.0", - "webpack-virtual-modules": "^0.6.2" + "webpack-livereload-plugin": "3.0.2", + "webpack-subresource-integrity": "5.1.0", + "webpack-virtual-modules": "0.6.2" }, "engines": { "node": ">=24" diff --git a/package.json b/package.json index 51844c4..fe39cc3 100644 --- a/package.json +++ b/package.json @@ -30,14 +30,14 @@ "author": "Grafana Labs", "license": "MIT", "devDependencies": { - "@grafana/eslint-config": "^9.0.0", + "@grafana/eslint-config": "9.0.0", "@grafana/eslint-plugin-plugins": "0.6.0", - "@grafana/plugin-e2e": "^3.7.0", - "@grafana/tsconfig": "^2.0.0", + "@grafana/plugin-e2e": "3.7.0", + "@grafana/tsconfig": "2.0.0", "@playwright/test": "1.57.0", "@stylistic/eslint-plugin-ts": "4.4.1", "@swc/core": "1.15.8", - "@swc/helpers": "^0.5.0", + "@swc/helpers": "0.5.17", "@swc/jest": "0.2.39", "@testing-library/jest-dom": "6.9.1", "@testing-library/react": "16.3.1", @@ -45,7 +45,7 @@ "@types/node": "24.10.3", "@types/react": "18.3.26", "@types/react-dom": "18.3.7", - "@types/semver": "^7.7.1", + "@types/semver": "7.7.1", "@typescript-eslint/eslint-plugin": "8.51.0", "@typescript-eslint/parser": "8.51.0", "copy-webpack-plugin": "13.0.1", @@ -59,38 +59,38 @@ "eslint-webpack-plugin": "5.0.2", "fork-ts-checker-webpack-plugin": "9.1.0", "glob": "11.1.0", - "i18next-cli": "^1.36.1", + "i18next-cli": "1.36.1", "identity-obj-proxy": "3.0.0", - "imports-loader": "^5.0.0", + "imports-loader": "5.0.0", "jest": "30.2.0", "jest-environment-jsdom": "30.2.0", "moment": "2.30.1", "prettier": "3.7.4", - "replace-in-file-webpack-plugin": "^1.0.6", + "replace-in-file-webpack-plugin": "1.0.6", "sass": "1.93.3", "sass-loader": "16.0.6", "style-loader": "4.0.0", "swc-loader": "0.2.6", "terser-webpack-plugin": "5.3.16", - "ts-node": "^10.9.2", + "ts-node": "10.9.2", "typescript": "5.9.3", "webpack": "5.104.1", "webpack-cli": "6.0.1", - "webpack-livereload-plugin": "^3.0.2", - "webpack-subresource-integrity": "^5.1.0", - "webpack-virtual-modules": "^0.6.2" + "webpack-livereload-plugin": "3.0.2", + "webpack-subresource-integrity": "5.1.0", + "webpack-virtual-modules": "0.6.2" }, "dependencies": { - "@emotion/css": "^11.13.5", - "@grafana/data": "^12.2.0", + "@emotion/css": "11.13.5", + "@grafana/data": "12.2.0", "@grafana/i18n": "12.4.0-21947912385", - "@grafana/runtime": "^12.2.0", - "@grafana/schema": "^12.2.0", - "@grafana/ui": "^12.2.0", + "@grafana/runtime": "12.2.0", + "@grafana/schema": "12.2.0", + "@grafana/ui": "12.2.0", "moment-timezone": "0.6.0", "react": "18.3.1", "react-dom": "18.3.1", - "semver": "^7.7.3" + "semver": "7.7.3" }, "engines": { "node": ">=24"