chore: switch to lockfile-version=3

[aryamohanan]

Which problem is this PR solving?

• The repository is still using an older lockfile version, while the minimum supported Node.js version has been raised to 18.19.0 (which comes with npm 10).
• Updating to lockfileVersion: 3 ensures compatibility with the current runtime requirements and aligns the project with modern npm standards.

Short description of the changes

• Regenerated package-lock.json with lockfileVersion: 3.
• Per the npm documentation:

  3: The lockfile version used by npm v9. Backwards compatible with npm v7.

• No application code changes, only the lockfile was updated.

closes #3069

[david-luna]

@aryamohanan

there are some merged PRs that made significant changes to the pacakge.json file like #3120

Would you mind to sync with main and run again the install script? I'll be keeping an eye to this PR to prioritise it

[aryamohanan]

@david-luna I've rebased the branch with the latest main.

[david-luna]

I've checked the diff of package-lock.json locally. It basically removes a lot of references (duped) to aws sdk, cucumber, babel and others. The following change is interesting though

 "node_modules/@lerna/create/node_modules/nx": { - "version": "21.5.3", - "resolved": "https://registry.npmjs.org/nx/-/nx-21.5.3.tgz", - "integrity": "sha512-+XwzK3OWZw/7zLdhNHBms9VdAA8F6w6QsX8qFQ3+3CnbqEy0IDmVxTXb8c711LDMbEtNn94EiWvSV6C00FKw9Q==", + "version": "21.6.2", + "resolved": "https://registry.npmjs.org/nx/-/nx-21.6.2.tgz", + "integrity": "sha512-bFZgAsB838vn9kk1vI6a1A9sStKyOA7Q9Ifsx7fYPth3D0GafHKu7X2/YbsC4h1TpmuejkJCPWUw2WtCOQy6IQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -6818,16 +6818,16 @@ "nx-cloud": "bin/nx-cloud.js" }, "optionalDependencies": { - "@nx/nx-darwin-arm64": "21.5.3", - "@nx/nx-darwin-x64": "21.5.3", - "@nx/nx-freebsd-x64": "21.5.3", - "@nx/nx-linux-arm-gnueabihf": "21.5.3", - "@nx/nx-linux-arm64-gnu": "21.5.3", - "@nx/nx-linux-arm64-musl": "21.5.3", - "@nx/nx-linux-x64-gnu": "21.5.3", - "@nx/nx-linux-x64-musl": "21.5.3", - "@nx/nx-win32-arm64-msvc": "21.5.3", - "@nx/nx-win32-x64-msvc": "21.5.3" + "@nx/nx-darwin-arm64": "*", + "@nx/nx-darwin-x64": "*", + "@nx/nx-freebsd-x64": "*", + "@nx/nx-linux-arm-gnueabihf": "*", + "@nx/nx-linux-arm64-gnu": "*", + "@nx/nx-linux-arm64-musl": "*", + "@nx/nx-linux-x64-gnu": "*", + "@nx/nx-linux-x64-musl": "*", + "@nx/nx-win32-arm64-msvc": "*", + "@nx/nx-win32-x64-msvc": "*" }, "peerDependencies": { "@swc-node/register": "^1.8.0", @@ -22695,146 +22695,6 @@ "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" } },

which IIUC makes lerna to use the version of nx pinned at the top level in #3120

LGTM!

[pichlermarc]

which IIUC makes lerna to use the version of nx pinned at the top level in #3120

yep - looks like it. I think this should be fine, though. AFAICT the code that supports OIDC is in lerna@9, not nx@21, and that's the only thing we need it for. 🙂 I wish they would depend on a caret version though. 😅

[david-luna]

which IIUC makes lerna to use the version of nx pinned at the top level in #3120

yep - looks like it. I think this should be fine, though. AFAICT the code that supports OIDC is in lerna@9, not nx@21, and that's the only thing we need it for. 🙂 I wish they would depend on a caret version though. 😅

Thanks @pichlermarc for your feedback. I'm going to merge now

[otelbot]

Thank you for your contribution @aryamohanan! 🎉 We would like to hear from you about your experience contributing to OpenTelemetry by taking a few minutes to fill out this survey.

[trentm]

I wish they would depend on a caret version though. 😅

Yes.

[trentm]

FWIW, it looks like nx@21.6.2 has the * deps, but nx@21.6.3 has them back to pinned deps:

{ "name": "nx", "version": "21.6.3", ... "optionalDependencies": { "@nx/nx-darwin-arm64": "21.6.3", "@nx/nx-darwin-x64": "21.6.3", "@nx/nx-freebsd-x64": "21.6.3", "@nx/nx-linux-arm-gnueabihf": "21.6.3", "@nx/nx-linux-arm64-gnu": "21.6.3", "@nx/nx-linux-arm64-musl": "21.6.3", "@nx/nx-linux-x64-gnu": "21.6.3", "@nx/nx-linux-x64-musl": "21.6.3", "@nx/nx-win32-arm64-msvc": "21.6.3", "@nx/nx-win32-x64-msvc": "21.6.3" }, ... 

[trentm]

I think nrwl/nx#32928 is the relevant change, but not sure. There is processing of the nx/package.json file before it is published, AFAICT. The content here at the tag: https://github.com/nrwl/nx/blob/21.6.3/packages/nx/package.json#L88-L99 differs from the node_modules/nx/package.json content when installing that version of nx. :/