Please provide package-lock.json with fully resolved dependencies again

[WilliButz]

Describe the bug
With release 2023.6.0 and seemingly introduced in #5761 (diff https://github.com/goauthentik/authentik/pull/5761/files#diff-3ebf69f247f3231fd796e60555489b4a1ed684e3ad4cb0ace460a2ed07d53a95)
the fields resolved and integrity were dropped from a set of dependencies in web/package-lock.json.
For example:

@@ -108,16 +106,15 @@
         },
         "node_modules/@apitools/openapi-parser": {
             "version": "0.0.30",
-            "resolved": "https://registry.npmjs.org/@apitools/openapi-parser/-/openapi-par
-            "integrity": "sha512-e8KttEjBSozuSO7IVeFTRvzqgsbxwFtGbwc1Yi/u8EgzDqtVpTOgZ5qfS
+            "license": "MIT",
             "dependencies": {
                 "swagger-client": "^3.18.5"
             }
         },
         "node_modules/@babel/code-frame": {
             "version": "7.21.4",
-            "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.21.4.
-            "integrity": "sha512-LYvhNKfwWSPpocw8GI7gpK2nq3HSDuEPC/uSYaALSJu9xjsalaaYFOq0P
+            "dev": true,
+            "license": "MIT",
             "dependencies": {
                 "@babel/highlight": "^7.18.6"
             },
@@ -127,16 +124,16 @@

I suppose this happened by accident. Related issue: npm/cli#4263

To Reproduce
N/A

Expected behavior
For the purpose of building the official code from source without having to resolve the dependencies in question and in the worst case diverging from the ones used by the project's devs, it would be great if the next release included package-lock.jsons with fully resolved dependencies again. :)

Screenshots
N/A

Logs
N/A

Version and Deployment (please complete the following information):

• authentik version: 2023.6.0
• Deployment: irrelevant

Additional context
N/A

[jvanbruegge]

It looks like #6107 fixed this, the current master has all resolved fields again. Checked with a git bisect and jq '.packages[] | select(has("resolved") | not)' < package-lock.json

[WilliButz]

Yes, I can confirm that the latest releases provide the fully resolved lock files again 👍

[WilliButz]

It seems like this happened again with the 2024.4.0 release, see https://github.com/goauthentik/authentik/blob/version/2024.4.0/web/package-lock.json#L18889-L18926 for example.

I believe the regression was accidentally introduced in #8699, most likely obscured by GitHub not showing the large lock file diffs by default.

Link to the collapsed lock file diff: https://github.com/goauthentik/authentik/pull/8699/files#diff-3ebf69f247f3231fd796e60555489b4a1ed684e3ad4cb0ace460a2ed07d53a95

[jvanbruegge]

I've opened a PR to fix this and add a CI job to prevent this from happening again