Add check whether yarn.lock needs to be updated

Under certain circumstances (bad merges?) the yarn.lock file might contain extranous root dependencies. This is not a security risk because the dependencies are simply not downloaded. However, it can be confusing because a `yarn install` updates `yarn.lock` locally, while a `yarn install --frozen-lockfile` does not fail in CI. The last time this happened was after https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55062 was merged. Interestingly a `yarn check --integrity` would fail. We already utilize this locally when running `yarn run jest`. This is also not executed in CI, because we run `yarn run jest:ci` there. Simply adding the same check to our `static-analysis` will solve the problem in the future.

Add check whether yarn.lock needs to be updated
Under certain circumstances (bad merges?) the yarn.lock file might contain extranous root dependencies. This is not a security risk because the dependencies are simply not downloaded. However, it can be confusing because a `yarn install` updates `yarn.lock` locally, while a `yarn install --frozen-lockfile` does not fail in CI. The last time this happened was after https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55062 was merged. Interestingly a `yarn check --integrity` would fail. We already utilize this locally when running `yarn run jest`. This is also not executed in CI, because we run `yarn run jest:ci` there. Simply adding the same check to our `static-analysis` will solve the problem in the future.
b59d1a0d · Lukas Eipert · 5fdc0c6d · b59d1a0d
Commit b59d1a0d authored Mar 22, 2022 by Lukas Eipert
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

scripts/static-analysis scripts/static-analysis +1 -0

No files found.
--- a/scripts/static-analysis
+++ b/scripts/static-analysis
@@ -55,6 +55,7 @@ class StaticAnalysis
    Task.new(%w[yarn run internal:stylelint], 8),
    Task.new(%w[scripts/lint-conflicts.sh], 1),
    Task.new(%w[yarn run block-dependencies], 1),
+    Task.new(%w[yarn run check-dependencies], 1),
    Task.new(%w[scripts/lint-rugged], 1),
    Task.new(%w[scripts/gemfile_lock_changed.sh], 1)
  ].compact.freeze