Update npm packeges in devDependencies

[shu-mutou]

This PR updates dependencies for development that do not have breakable changes.

[codecov]

Codecov Report

Merging #6690 (2762b9e) into master (0326fb7) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #6690   +/-   ##
=======================================
  Coverage   41.89%   41.89%           
=======================================
  Files          44       44           
  Lines        1234     1234           
  Branches      178      178           
=======================================
  Hits          517      517           
  Misses        678      678           
  Partials       39       39           

[floreks]

We should not constantly be doing this manually. We do have a bot that should keep our dependencies up-to-date. The only time when we should intervene is:

• bulk update of related dependencies (i.e. angular)
• breaking change update where bot created a PR but it fails or requires manual changes in the codebase
• removal of unused dependencies

If the bot is not creating PRs then we should fix the bot configuration.

[shu-mutou]

I found that dependabot is stopping to post PR for dashboard, because it does not support nodejs 16 and npm 8. 😞
So until following PR merged on dependabot, we need to update manually.
dependabot/dependabot-core#4531

[floreks]

Are you aware of how exactly is the bot checking which npm version is being used on the repo? We do not have an explicit version in the package.json anymore. I see that there is something in the lock file, but potentially we could change it to 7.X and this should allow bot to work maybe?

      "engines": {
        "node": ">=16.13.0 <17",
        "npm": ">=8.1.0 <9"
      }

v8 should be mostly backward compatible so maybe it would work.

[shu-mutou]

bot doesn't support lockfile v3 actually.

[shu-mutou]

we can find errors of dependabot in following page:
https://github.com/kubernetes/dashboard/network/updates/258146930

[floreks]

So it indeed takes the engine from our package.json. Maybe we could enable npm v7, for now, to allow the bot to work.

[shu-mutou]

I will try to change engine in package.json in the other PR.
But dependabot have stopped already several weeks, I want to update dashboard's dependency once right now.

[floreks]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: floreks, shu-mutou

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [floreks,shu-mutou]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment