yarn upgrade

[paul-marechal]

What it does

Upgrade all our dependencies, according to our already specified ranges.

I had to tighten some constraints because the latest version of some
packages cause issues. Notably, the typescript compiler has an issue on
3.6.3 but not 3.5.3, so I constrained it such as it wouldn't ever match
the version that causes issues.

In the long run, we should be more careful with the version ranges we
use, especially with runtime dependencies.

Fixes #6500
DoNotFixes #6529

How to test

• Build should pass.
• Tests should pass.
• Try anything and everything in the example applications to see if anything is broken.

Keep in mind that this commit only updates the lockfile, which means that we will use packages closer to what a fresh Theia build would pull, instead of the outdated versions pinned in the lockfile for the main repository.

Review checklist

• as an author, I have thoroughly tested my changes and carefully followed the review guidelines

Reminder for reviewers

• as a reviewer, I agree to behave in accordance with the review guidelines

[paul-marechal]

Again, this shouldn't impact clients too much, unless I messed up with one of my source modifications.

Doing this made some things surface:

• @theia/languages suffered from some circular dependencies, took me a while to figure out. Basically, exposing things via index.ts files is not too bad in my opinion, but we should never depend on them within the same extension. Index files are useful for dependents, but any internal import within a package should directly import from the most specific file.

• Some of our typings are bogus and I had to resolve to using any because I couldn't find a proper fix for it. See UriAwareCommandHandler: we use a generic to accept only a URI or URI[] type. Issue is that it actually doesn't work. Instead of writing a long text trying to explain, you can remove the @ts-ignore I added and look at the error: something to do with potential incompatible subtypes. In practice it shouldn't happen, but with the way things are written now, it could slip.

• TypeScript 3.6.3 doesn't like our MaybePromise: I opened an issue for it. In this case, tsc is only a dev-dep, so it is not too bad. I had to constrain the version a bit more so that we wouldn't pull the latest compiler, since we never know when things can break. It makes more sense to pin ourselves the compiler version, and change the range when we want to switch to a newer version.

• Newer typings made a small bug surface: the html_element.style.overflow was set to null, but it actually does nothing (tried on firefox). We have to set some string, null doesn't do anything. I changed it, but I don't know if what I used is the intended value, please advise.

[paul-marechal]

Ultimately I would like this yarn upgrade to be part of our release process. It would allow us to develop against the most up to date packages targeted by our ranges, and be closer to whatever would be pulled by newly built Theia applications (since our lockfile doesn't affect what dependents pull on install).

[akosyakov]

code changes looks good to me

It would be good if someone double test.

[vince-fugnitto]

I performed a sanity check and everything works correctly :)
It is fine to merge once the CI is completed.

[vince-fugnitto]

Unfortunately it looks like Travis might be queued a while :(
I will approve nonetheless, but it'd be good to wait for CI to successfully pass before merging :)

[marcdumais-work]

@marechal-p I think this type of dependencies overhaul should be accompanied by a sanity check that we are not pulling anything with a wrong license. Do you want to give it a try and let me know if you have questions?

https://github.com/eclipse-theia/theia/wiki/Registering-CQs#wip---new-ecd-theia-intellectual-property-clearance-approach-experimental

[paul-marechal]

Checked the licenses, everything seems to be in order. Merging!

[akosyakov]

I'm not sure about doing such upgrades without extensive testing. It breaks.

[paul-marechal]

What did it break specifically?

[akosyakov]

What did it break specifically?

debug console - #6551
content assist in json files apparently - #6542

I think upgrade is good, but we then should really test each extension.

[paul-marechal]

I am not sure if this PR really broke the content assist, see #6542 (comment) it was already broken in new apps, but our repo was "uselessly" shielded from it apparently.