[NO JIRA] Validate package.json format

server/sonar-web/package.json

@@ -40,7 +40,7 @@
     "rehype-slug": "3.0.0",
     "remark": "11.0.2",
     "remark-custom-blocks": "2.5.1",
-    "remark-react": "7",
+    "remark-react": "7.0.1",
     "remark-rehype": "6.0.0",
     "unist-util-visit": "2.0.2",
     "valid-url": "1.0.9"
@@ -124,10 +124,11 @@
     "lint-report": "eslint --ext js,ts,tsx -f json -o eslint-report/eslint-report.json src/main/js",
     "lint-report-ci": "yarn install --immutable && eslint --ext js,ts,tsx -f json -o eslint-report/eslint-report.json src/main/js  || yarn lint",
     "ts-check": "tsc --noEmit",
-    "validate": "yarn lint && yarn ts-check && yarn format-check && yarn test",
-    "validate-ci": "yarn install --immutable && yarn test --coverage --maxWorkers=4 --ci",
+    "validate": "yarn dep-check && yarn lint && yarn ts-check && yarn format-check && yarn test",
+    "validate-ci": "yarn install --immutable && yarn dep-check && yarn test --coverage --maxWorkers=4 --ci",
     "check-ci": "yarn install --immutable && yarn ts-check && yarn format-check",
-    "update-cwes": "node scripts/update-cwes.js"
+    "update-cwes": "node scripts/update-cwes.js",
+    "dep-check": "node scripts/validate-package-json.js"
   },
   "engines": {
     "node": ">=8"

server/sonar-web/scripts/validate-package-json.js

@@ -0,0 +1,35 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+const { dependencies, devDependencies } = require('../package.json');
+
+const dependenciesArray = Object.entries(dependencies);
+const devDependenciesArray = Object.entries(devDependencies);
+
+const violatingDependencies = [...dependenciesArray, ...devDependenciesArray].filter(
+  ([id, version]) => !/^\d+\.\d+\.\d+$/.test(version)
+);
+
+if (violatingDependencies.length > 0) {
+  throw new Error(
+    `Following dependencies must be locked to an exact version:
+${violatingDependencies.map(([id, version]) => ` - "${id}": "${version}"`).join('\n')}
+`
+  );
+}

server/sonar-web/yarn.lock

@@ -2406,7 +2406,7 @@ __metadata:
     rehype-slug: 3.0.0
     remark: 11.0.2
     remark-custom-blocks: 2.5.1
-    remark-react: 7
+    remark-react: 7.0.1
     remark-rehype: 6.0.0
     testing-library-selector: 0.2.1
     typescript: 4.6.3
@@ -9431,7 +9431,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"remark-react@npm:7":
+"remark-react@npm:7.0.1":
   version: 7.0.1
   resolution: "remark-react@npm:7.0.1"
   dependencies: