chore(deps): update dependencies

To fix all security vulnerabilities detected by `Dependabot`.

 - remove `shelljs`. replace with `fs` and `console`.
 - remove `uuid`. replace with `@phosphor/coreutils`.

Signed-off-by: Akos Kitta <a.kitta@arduino.cc>

arduino-ide-extension/package.json

@@ -109,7 +109,7 @@
   "devDependencies": {
     "@octokit/rest": "^18.12.0",
     "@types/chai": "^4.2.7",
-    "@types/mocha": "^5.2.7",
+    "@types/mocha": "^10.0.0",
     "@types/react-window": "^1.8.5",
     "@xhmikosr/downloader": "^13.0.1",
     "chai": "^4.2.0",
@@ -118,18 +118,15 @@
     "decompress-tarbz2": "^4.1.1",
     "decompress-targz": "^4.1.1",
     "decompress-unzip": "^4.0.1",
-    "grpc_tools_node_protoc_ts": "^4.1.0",
-    "mocha": "^7.0.0",
+    "grpc_tools_node_protoc_ts": "^5.3.3",
+    "mocha": "^10.2.0",
     "mockdate": "^3.0.5",
     "moment": "^2.24.0",
     "ncp": "^2.0.0",
-    "rimraf": "^2.6.1",
-    "shelljs": "^0.8.3",
-    "uuid": "^3.2.1",
-    "yargs": "^11.1.0"
+    "rimraf": "^2.6.1"
   },
   "optionalDependencies": {
-    "grpc-tools": "^1.9.0",
+    "grpc-tools": "^1.12.4",
     "protoc": "^1.0.4"
   },
   "mocha": {

arduino-ide-extension/scripts/download-cli.js

@@ -2,7 +2,6 @@
 
 (async () => {
   const path = require('path');
-  const shell = require('shelljs');
   const semver = require('semver');
   const moment = require('moment');
   const downloader = require('./downloader');
@@ -29,8 +28,8 @@
   })();
 
   if (!version) {
-    shell.echo(`Could not retrieve CLI version info from the 'package.json'.`);
-    shell.exit(1);
+    console.log(`Could not retrieve CLI version info from the 'package.json'.`);
+    process.exit(1);
   }
 
   const { platform, arch } = process;
@@ -71,24 +70,24 @@
       }
     })();
     if (!suffix) {
-      shell.echo(`The CLI is not available for ${platform} ${arch}.`);
-      shell.exit(1);
+      console.log(`The CLI is not available for ${platform} ${arch}.`);
+      process.exit(1);
     }
     if (semver.valid(version)) {
       const url = `https://downloads.arduino.cc/arduino-cli/arduino-cli_${version}_${suffix}`;
-      shell.echo(
+      console.log(
         `📦  Identified released version of the CLI. Downloading version ${version} from '${url}'`
       );
       await downloader.downloadUnzipFile(url, destinationPath, 'arduino-cli');
     } else if (moment(version, 'YYYYMMDD', true).isValid()) {
       const url = `https://downloads.arduino.cc/arduino-cli/nightly/arduino-cli_nightly-${version}_${suffix}`;
-      shell.echo(
+      console.log(
         `🌙  Identified nightly version of the CLI. Downloading version ${version} from '${url}'`
       );
       await downloader.downloadUnzipFile(url, destinationPath, 'arduino-cli');
     } else {
-      shell.echo(`🔥  Could not interpret 'version': ${version}`);
-      shell.exit(1);
+      console.log(`🔥  Could not interpret 'version': ${version}`);
+      process.exit(1);
     }
   } else {
     taskBuildFromGit(version, destinationPath, 'CLI');

arduino-ide-extension/scripts/download-examples.js

@@ -5,10 +5,14 @@ const version = '1.10.0';
 
 (async () => {
   const os = require('node:os');
-  const { existsSync, promises: fs } = require('node:fs');
+  const {
+    existsSync,
+    promises: fs,
+    mkdirSync,
+    readdirSync,
+    cpSync,
+  } = require('node:fs');
   const path = require('node:path');
-  const shell = require('shelljs');
-  const { v4 } = require('uuid');
   const { exec } = require('./utils');
 
   const destination = path.join(
@@ -20,31 +24,38 @@ const version = '1.10.0';
     'Examples'
   );
   if (existsSync(destination)) {
-    shell.echo(
+    console.log(
       `Skipping Git checkout of the examples because the repository already exists: ${destination}`
     );
     return;
   }
 
-  const repository = path.join(os.tmpdir(), `${v4()}-arduino-examples`);
-  if (shell.mkdir('-p', repository).code !== 0) {
-    shell.exit(1);
-  }
+  const repository = await fs.mkdtemp(
+    path.join(os.tmpdir(), 'arduino-examples-')
+  );
 
   exec(
     'git',
     ['clone', 'https://github.com/arduino/arduino-examples.git', repository],
-    shell
+    { logStdout: true }
   );
 
   exec(
     'git',
     ['-C', repository, 'checkout', `tags/${version}`, '-b', version],
-    shell
+    { logStdout: true }
   );
 
-  shell.mkdir('-p', destination);
-  shell.cp('-fR', path.join(repository, 'examples', '*'), destination);
+  mkdirSync(destination, { recursive: true });
+  const examplesPath = path.join(repository, 'examples');
+  const exampleResources = readdirSync(examplesPath);
+  for (const exampleResource of exampleResources) {
+    cpSync(
+      path.join(examplesPath, exampleResource),
+      path.join(destination, exampleResource),
+      { recursive: true }
+    );
+  }
 
   const isSketch = async (pathLike) => {
     try {
@@ -104,5 +115,5 @@ const version = '1.10.0';
     JSON.stringify(examples, null, 2),
     { encoding: 'utf8' }
   );
-  shell.echo(`Generated output to ${path.join(destination, 'examples.json')}`);
+  console.log(`Generated output to ${path.join(destination, 'examples.json')}`);
 })();

arduino-ide-extension/scripts/download-fwuploader.js

@@ -2,7 +2,6 @@
 
 (async () => {
   const path = require('node:path');
-  const shell = require('shelljs');
   const semver = require('semver');
   const downloader = require('./downloader');
   const { taskBuildFromGit } = require('./utils');
@@ -28,10 +27,10 @@
   })();
 
   if (!version) {
-    shell.echo(
+    console.log(
       `Could not retrieve Firmware Uploader version info from the 'package.json'.`
     );
-    shell.exit(1);
+    process.exit(1);
   }
 
   const { platform, arch } = process;
@@ -71,14 +70,14 @@
       }
     })();
     if (!suffix) {
-      shell.echo(
+      console.log(
         `The Firmware Uploader is not available for ${platform} ${arch}.`
       );
-      shell.exit(1);
+      process.exit(1);
     }
     if (semver.valid(version)) {
       const url = `https://downloads.arduino.cc/arduino-fwuploader/arduino-fwuploader_${version}_${suffix}`;
-      shell.echo(
+      console.log(
         `📦  Identified released version of the Firmware Uploader. Downloading version ${version} from '${url}'`
       );
       await downloader.downloadUnzipFile(
@@ -87,8 +86,8 @@
         'arduino-fwuploader'
       );
     } else {
-      shell.echo(`🔥  Could not interpret 'version': ${version}`);
-      shell.exit(1);
+      console.log(`🔥  Could not interpret 'version': ${version}`);
+      process.exit(1);
     }
   } else {
     taskBuildFromGit(version, destinationPath, 'Firmware Uploader');

arduino-ide-extension/scripts/download-ls.js

@@ -5,7 +5,6 @@
 
 (() => {
   const path = require('path');
-  const shell = require('shelljs');
   const downloader = require('./downloader');
   const { goBuildFromGit } = require('./utils');
 
@@ -25,20 +24,20 @@
   })();
 
   if (!DEFAULT_LS_VERSION) {
-    shell.echo(
+    console.log(
       `Could not retrieve Arduino Language Server version info from the 'package.json'.`
     );
-    shell.exit(1);
+    process.exit(1);
   }
 
   if (!DEFAULT_CLANGD_VERSION) {
-    shell.echo(
+    console.log(
       `Could not retrieve clangd version info from the 'package.json'.`
     );
-    shell.exit(1);
+    process.exit(1);
   }
 
-  const yargs = require('yargs')
+  const yargs = require('@theia/core/shared/yargs')
     .option('ls-version', {
       alias: 'lv',
       default: DEFAULT_LS_VERSION,
@@ -114,10 +113,10 @@
       throw new Error(`Unsupported platform/arch: ${platformArch}.`);
   }
   if (!lsSuffix || !clangdSuffix) {
-    shell.echo(
+    console.log(
       `The arduino-language-server is not available for ${platform} ${arch}.`
     );
-    shell.exit(1);
+    process.exit(1);
   }
 
   if (typeof lsVersion === 'string') {