Ensure lockfile is deduplicated (!4910) · Merge requests · GitLab.org / gitlab-ui

What does this MR do?

chore(deps): update lefthook

The @arkweid/lefthook is deprecated, in favour of one of the following:

lefthook
- This uses optionalDependencies plus the os and cpu fields of package.json to install the appropriate binary.
@evilmartions/leftook
- This bundles all binaries into the package.
@evilmartians/lefthook-installer
- This will download the appropriate binary in postinstall script.

The first one seems like the most elegant approach.

This fixes the markdown-lint command, which was running unnecessarily on every push, even when markdown files were not touched. See https://github.com/evilmartians/lefthook/pull/448.

ci: ensure lockfile is deduplicated

This also adds a pre-push hook to check the same.

Screenshots or screen recordings

Example failing job: https://gitlab.com/gitlab-org/gitlab-ui/-/jobs/8786504758

Example lefthook failure

$ LEFTHOOK=1 yarn lefthook run pre-push
yarn run v1.22.19
$ ~/dev/gitlab-ui/node_modules/.bin/lefthook run pre-push
╭─────────────────────────────────────╮
│ 🥊 lefthook v1.10.1  hook: pre-push │
╰─────────────────────────────────────╯
sync hooks: ✔️  (pre-push, pre-commit)
│  markdown-lint (skip) no matching push files
│  stylelint (skip) no files for inspection
│  prettier (skip) no files for inspection
│  eslint (skip) no files for inspection
┃  yarn-deduplicate ❯ 

$ /home/markrian/dev/gitlab-ui/node_modules/.bin/yarn-deduplicate --strategy fewer --list --fail
Package "@babel/parser" wants ^7.1.0 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.13.16 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.14.7 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.16.4 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.20.7 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.21.4 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.23.0 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.23.5 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.25.9 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.26.0 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.6.0 and could get 7.26.3, but got 7.26.0
Package "@babel/parser" wants ^7.9.6 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.0.0 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.20.7 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.21.4 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.22.5 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.23.0 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.25.9 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.26.0 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.3.0 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.3.3 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.4.4 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.6.1 and could get 7.26.3, but got 7.26.0
Package "@babel/types" wants ^7.9.6 and could get 7.26.3, but got 7.26.0
Package "@jridgewell/sourcemap-codec" wants ^1.4.10 and could get 1.5.0, but got 1.4.15
Package "@jridgewell/sourcemap-codec" wants ^1.4.14 and could get 1.5.0, but got 1.4.15
Package "@jridgewell/sourcemap-codec" wants ^1.4.15 and could get 1.5.0, but got 1.4.15
Package "@vue/compiler-core" wants ^3.0.0 and could get 3.5.13, but got 3.2.47
Package "@vue/compiler-dom" wants ^3.2.0 and could get 3.5.13, but got 3.2.47
Package "@vue/compiler-sfc" wants ^3.2.0 and could get 3.5.13, but got 3.2.47
Package "magic-string" wants ^0.30.5 and could get 0.30.17, but got 0.30.5
Package "postcss" wants ^8.1.10 and could get 8.4.49, but got 8.4.40
Package "postcss" wants ^8.4.14 and could get 8.4.49, but got 8.4.40
Package "postcss" wants ^8.4.19 and could get 8.4.49, but got 8.4.40
Package "postcss" wants ^8.4.23 and could get 8.4.49, but got 8.4.40
Package "postcss" wants ^8.4.40 and could get 8.4.49, but got 8.4.40
Package "source-map-js" wants >=0.6.2 <2.0.0 and could get 1.2.1, but got 1.2.0
Package "source-map-js" wants ^1.0.1 and could get 1.2.1, but got 1.2.0
Package "source-map-js" wants ^1.0.2 and could get 1.2.1, but got 1.2.0
Package "source-map-js" wants ^1.2.0 and could get 1.2.1, but got 1.2.0

Found duplicated entries. Run yarn-deduplicate to deduplicate them.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

                                      
  ────────────────────────────────────
summary: (done in 0.29 seconds)       
🥊 yarn-deduplicate
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Integration merge requests

GitLab: mr_url
CustomersDot: mr_url
Status Page: mr_url

Does this MR meet the acceptance criteria?

This checklist encourages the authors, reviewers, and maintainers of merge requests (MRs) to confirm changes were analyzed for conformity with the project's guidelines, security and accessibility.

Toggle the acceptance checklist

Conformity

Code review guidelines.
GitLab UI's contributing guidelines.
If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
If the MR changes a component's API, integration MR(s) have been opened (see integration merge requests above).
Added the ~"component:*" label(s) if applicable.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
Security reports checked/validated by a reviewer from the AppSec team

Accessibility

If this MR adds or modifies a component, take a few moments to review the following:

All actions and functionality can be done with a keyboard.
Links, buttons, and controls have a visible focus state.
All content is presented in text or with a text equivalent. For example, alt text for SVG, or aria-label for icons that have meaning or perform actions.
Changes in a component’s state are announced by a screen reader. For example, changing aria-expanded="false" to aria-expanded="true" when an accordion is expanded.
Color combinations have sufficient contrast.

Edited Jan 07, 2025 by Mark Florian

Ensure lockfile is deduplicated