Pin production dependencies

[bahmutov]

Before allowing Renovate to pin all dependencies (prod and dev) for us, we should pin production dependencies in CLI and each package to what it was in 3.1.4

• look at installed NPM package - this is CLI/package.json production dependencies (already pinned)
• look at installed 3.1.4 application for the exact version using npx cypress cache path
• then go into that binary cache path, find Resources/app and inspect each packages/*/package.json file

For #3012

[bahmutov]

Hmm, even inside 3.1.4 Electron we don't have pinned dependencies, so we need to actually look at node_modules

packages/electron

$ npm ls --depth 0
@packages/electron@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/electron
├── @cypress/icons@0.6.0
├── asar@0.13.1 extraneous
├── bluebird@3.5.3
├── camelize@1.0.0 extraneous
├── debug@3.2.6
├── electron-download@4.1.1 extraneous
├── electron-osx-sign@0.4.11 extraneous
├── UNMET DEPENDENCY electron-packager@9.0.1
├── extract-zip@1.6.7 extraneous
├── fs-extra@0.30.0
├── get-package-info@1.0.0 extraneous
├── lodash@4.17.11
├── minimist@1.2.0
├── parse-author@2.0.0 extraneous
├── pify@3.0.0 extraneous
├── plist@2.1.0 extraneous
├── pruner@0.0.7 extraneous
├── rcedit@0.9.0 extraneous
├── resolve@1.9.0 extraneous
├── run-series@1.1.8 extraneous
└── sanitize-filename@1.6.1 extraneous

packages/example

$ npm ls --depth 0
@packages/example@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/example
├── bluebird@3.5.3
└── glob@7.1.3

packages/extension

$ npm ls --depth 0
@packages/extension@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/extension
├── bluebird@3.5.3
└── lodash@4.17.11

packages/https-proxy

$ npm ls --depth 0
@packages/https-proxy@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/https-proxy
├── bluebird@3.5.3
├── debug@2.6.9
├── fs-extra@0.30.0
├── lodash@4.17.11
├── node-forge@0.6.49
├── semaphore@1.1.0
├── server-destroy-vvo@1.0.1
└── ssl-root-cas@1.2.5

packages/launcher

$ npm ls --depth 0
@packages/launcher@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/launcher
├── bluebird@3.5.3
├── debug@2.6.9
├── execa@0.6.3
├── fs-extra@3.0.1
├── lodash@4.17.11
├── plist@2.1.0
├── pluralize@7.0.0
└── ramda@0.24.1

packages/server

$ npm ls --depth 0
@packages/server@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/server
├── @cypress/browserify-preprocessor@1.1.2
├── @cypress/commit-info@2.1.1
├── @cypress/icons@0.5.4
├── @cypress/mocha-teamcity-reporter@1.0.0
├── @ffmpeg-installer/ffmpeg@1.0.15
├── ansi_up@1.3.0
├── bluebird@3.4.7
├── browserify@13.3.0
├── chai@1.10.0
├── chalk@2.4.1
├── check-more-types@2.24.0
├── chokidar@1.6.0
├── cjsxify@0.3.0
├── clear-module@2.1.0
├── cli-table2@0.2.0
├── color-string@1.5.3
├── common-tags@1.8.0
├── compression@1.7.2
├── concat-stream@1.6.2
├── content-type@1.0.4
├── cookie@0.2.4
├── cookie-parser@1.4.3
├── data-uri-to-buffer@0.0.4
├── debug@2.6.9
├── dependency-tree@6.4.0
├── electron-context-menu@0.8.0
├── electron-positioner@3.0.0
├── errorhandler@1.1.1
├── evil-dns@0.2.0
├── execa@0.8.0
├── express@4.16.2
├── find-process@1.2.1
├── fluent-ffmpeg@2.1.2
├── fs-extra@4.0.3
├── getos@2.8.4
├── glob@7.1.2
├── graceful-fs@4.1.15
├── gulp-util@3.0.8
├── hbs@4.0.0
├── http-accept@0.1.6
├── http-proxy@1.17.0
├── http-status-codes@1.3.0
├── human-interval@0.1.6
├── image-size@0.5.5
├── is-fork-pr@2.0.0
├── jimp@0.2.28
├── jsonlint@1.6.3
├── konfig@0.2.1
├── lazy-ass@1.6.0
├── lockfile@1.0.4
├── lodash@4.17.4
├── log-symbols@2.2.0
├── md5@2.2.1
├── method-override@2.3.10
├── mime@1.2.11
├── minimatch@3.0.4
├── minimist@1.2.0
├── mocha@2.4.5
├── mocha-junit-reporter@1.17.0
├── moment@2.23.0
├── morgan@1.3.0
├── node-machine-id@1.1.10
├── node-uuid@1.4.1
├── node-webkit-updater@0.3.2 (github:cypress-io/node-webkit-updater#e74623726f381487f543e373e71515177a32daeb)
├── opn@4.0.1 (github:cypress-io/opn#2f4e9a216ca7bdb95dfae9d46d99ddf004b3cbb5)
├── ospath@1.2.2
├── p-queue@1.2.0
├── parse-domain@2.0.0
├── pluralize@3.1.0
├── pumpify@1.5.1
├── ramda@0.24.1
├── randomstring@1.1.5
├── replacestream@4.0.3
├── request@2.88.0
├── request-promise@4.1.1
├── return-deep-diff@0.2.9
├── sanitize-filename@1.6.1
├── semver@5.6.0
├── send@0.14.2
├── server-destroy@1.0.1
├── shell-env@0.3.0
├── signal-exit@3.0.2
├── sinon@5.1.1
├── string-to-stream@1.1.1
├── strip-ansi@3.0.1
├── supports-color@5.5.0
├── syntax-error@1.4.0
├── tar-fs@1.16.3
├── term-size@1.2.0
├── through@2.3.6
├── tough-cookie@2.4.3
├── trash@4.0.0
├── underscore@1.9.1
├── underscore.string@3.3.4
├── url-parse@1.4.4
├── widest-line@2.0.1
└── winston@0.9.0

packages/socket

$ npm ls --depth 0
@packages/socket@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/socket
├── socket.io@1.7.4
└── socket.io-client@1.7.4

packages/ts

$ npm ls --depth 0
@packages/ts@0.0.0 /Users/gleb/Library/Caches/Cypress/3.1.4/Cypress.app/Contents/Resources/app/packages/ts
└── debug@2.6.9

Other packages have no production dependencies

[cypress-bot]

This is a test comment 👏

[cypress-bot]

Released in 3.1.5.