Update packages, configs + Node.js 20

[colinrotherham]

Similar to #316 this PR brings all our dependencies up to date

Excluding two major bumps which I've split out:

1. Upgrade to webpack v5 in Upgrade to webpack v5 #614
2. Upgrade to WebdriverIO v8 in Upgrade to WebdriverIO v8 #615

Note: Updates to Preact have also been excluded since we'll need to update tests separately. For example, we currently require a mismatched Preact version via https://unpkg.com

Configs, tests and polyfills

We know the deprecated @wdio/sync package won't install so tests now use async/await instead

But we can remove more (see below) with config updates, especially now IE 8–10 support is clarified:

1. Browserslist config updated with IE11+ to match
2. Babel config presets updated for core-js@3 polyfills
3. Babel config transforms for ES3 removed (prevented errors in IE8)
4. Node.js version config .nvmrc updated to v20.9.0 lts/iron
5. Husky setup moved to new .husky/pre-commit config format

Packages removed

The following packages were unnecessary or unused:

@wdio/sync
copy-webpack-plugin
dotenv
karma-chai
karma-chai-sinon
replace-bundle-webpack-plugin
sinon
sinon-chai

With more included in @babel/preset-env automatically now or to transform to ES3 for Internet Explorer 8:

@babel/plugin-proposal-class-properties
@babel/plugin-proposal-decorators
@babel/plugin-transform-member-expression-literals
@babel/plugin-transform-modules-commonjs
@babel/plugin-transform-property-literals

Package audit

See results from npm audit below

Before

found 181 vulnerabilities (3 low, 45 moderate, 104 high, 29 critical) in 2141 scanned packages
  run `npm audit fix` to fix 132 of them.
  43 vulnerabilities require semver-major dependency updates.
  6 vulnerabilities require manual review. See the full report for details.

After

11 vulnerabilities (3 moderate, 8 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

See PRs #614 and #615 to reach 0 vulnerabilities

[rgarner]

@colinrotherham Wow, thanks, this is a lot of work and looks great. The move to await (away from fibers?) has fixed my Promise issues with integration tests — npm test now completes with no warnings or errors. I had one issue on setup — npm install (from npm 6.14.18) downgraded all package.json integrity checksums from sha-512 to sha1, leaving me with a modified package-lock.json in my working tree. For anyone else upgrading with a similar issue (maybe this one?), here's what worked for me:

git checkout package-lock.json
rm -rf node_modules
npm cache clear --force # you may not need this, at your own risk, etc — I did need it, though
npm install

Now rebasing #611 to see how that goes (to add an integration test)...

EDIT: in that npm SHA issue above it mentions that it was an issue with 6.x. I wonder if it might be worth specifying an npm version (advisory only) in package.json? (ignorance: didn't know fixed npm version came packaged with node)

[colinrotherham]

Brilliant, thanks for confirming that

…I had one issue on setup — npm install (from npm 6.14.18) downgraded all package.json integrity checksums from sha-512 to sha1, leaving me with a modified package-lock.json in my working tree…

Sounds like we might be on different npm versions?

$ node -v
v14.21.3

$ npm -v
6.14.18

Hope this idea is alright, but I'll cherry your .nvmrc commit into this branch and we'll close PR #609

Gives us a single place to rebase from and I can work on raising the maximum Node.js version too

[rgarner]

Sounds like we might be on different npm versions?

@colinrotherham we're both on 6.14.18 by the looks? Seems to be an issue with that particular npm major version that committers are saying "upgrade to 7" for (or rather, my reading is "this might happen in 6.x but we won't fix it").

Hope this idea is alright, but I'll cherry your .nvmrc commit into this branch and we'll close PR #609

Yep, good idea, #609 is looking pretty anaemic now.

[colinrotherham]

Latest push highlights includes:

• Update to Node.js 20
• Update to WebdriverIO v8 → webdriverio/issues/11705
• Update to Puppeteer v21

[rgarner]

@colinrotherham this is all working perfectly for me over on this branch, can run every type of test, so whatever I've wrought upon #611 is of my own rebase making and I shall unpick that in the morning!

[romaricpascal]

Great to have everything a little more up to date, thanks for going through this (and having everything nicely split for review as well). ⛵