Issue #2329 - Upgrade and cleanup of Polymer sources

[jhou-pro]

Resolve #2329

To be completed by the pull request creator

This section should be completed with reference to section Preparing PR of the Code and PR reviews wiki page.

• Converted PR to draft while it is being prepared by tapping the "Convert to draft" link beneath the "Reviewers" section.

• A self-review of all changes has been completed, and the changes are in sync with the issue requirements.

• Changes to the requirements have been reflected in the issue description.

• Developer documentation (e.g., comments, Javadoc), have been provided where required.

• All tests (all existing tests) pass successfully.

• The correct base branch has been selected for these changes to be merged into.

• The latest changes from the base branch have already been merged into this feature branch (and tested).

• Added Wiki like to the issue.

• Changes subject to performance considerations have been evaluated, and tested against production-size data if applicable.

                                develop      Issue-#2329-experiment
load-tests-centre: _____run	[1135.3; 1179.5] [1138.8; 1165.6]
load-tests-centre: ____save	[_874.4; _883.6] [_858.9; _867.1]
load-tests-centre: _discard	[_386.8; _389.8] [_407.6; _426.6]
load-tests-centre: validate	[_313.2; _324.1] [_308.1; _324.8]
load-tests-master: ____save	[_796.6; _828.4] [_751.7; _789.3]
load-tests-master: _refresh	[_219.0; _244.5] [_214.3; _222.6]
load-tests-master: validate	[_208.3; _223.0] [_204.8; _217.4]

• This pull request does contain significant changes, the section "Significant changes" below is completed and at least one Senior Software Engineer with the relevant area of expertise has been selected as reviewer.

• The In progress label has been removed from the issue.

• The Pull request label has been added to the issue.

• Made PR ready for review by tapping the "Ready for review" button below the list of commits on the PR page.

Additional details

Due to very large changes (most of them from wct-browser-legacy dependencies override) it is not practical to review them in github. Opening of changes there will likely freeze the whole page. Please look at the overview below by individual folders and use IntelliJ with Git plugin or other diff client (like kdiff3) folder by folder:

in /web/ folder (where our components reside):

1. added missing imports
2. removed rogue / unused imports
3. updated examples
4. antlr-lib.js instead of direct *.mjs file import
5. moment-lib.js rationalised and updated libs
6. update approximation logic to conform stricter moment version of lib (covered by web tests)
7. http:// to https:// links to avoid vulnerabilities
8. unused and vulnerable examples (removed / adjusted)
9. updated jquery, used exclusively for d3 example
10. crypto.randomUUID() in tg-polymer-utils to avoid vulnerability

in /resources/*.*

1. removed all unused imports and added missing ones in build-polymer.js
2. added package-lock.json for Dependabot vulnerability checking
3. moved from polymer building to rollup building
4. all prod dependencies (from polymer subfolder) updated + tree shaken (+additionally moment/moment-timezone/antlr4)
5. all testing dependencies updated
6. removed all package.json files not to show "incorrect" vulnerabilities
7. listed all prod dependencies explicitly in package.json with exact versions that we use (+used ^ to facilitate easy update between patch and minor versions) -- please immediately change this file to the latest versions after update
8. moved all testing dependencies to devDependencies section of package.json
9. overridden wct-browser-legacy dependencies to the latest versions to avoid vulnerabilities and code scanning alerts as much as possible
10. freezed wct-browser-legacy dependencies versions to control them tightly (no ^ sign)

in /resources/gis/

1. manually updated leaflet/esri (not yet on npm infrastructure)

in /resources/lib/

1. added npm-based library import files to generate rewritten /resources/polymer/lib/*-lib.js files for importing in our components; and to facilitate library tree shaking

in /resources/_virtual/

1. Rollup virtual files, used for rewritten CommonJS lib code (made ES6 compliant) (see moment/moment-timezone)

Significant changes

This pull request contains significant changes as defined in the wiki page.

Details are as follows:

Dependencies were changed in this PR. Overview of actually changed dependencies is below. Please refer to individual commit messages for more information (many of them have explanations and additional information).

PRODUCTION (only minors and patches)
  1. updated @webcomponents/shadycss 1.9.1 => 1.11.2
  2. updated @polymer/polymer 3.2.0 => 3.5.2
  3. changed @polymer/all web components
    patches:
    iron-autogrow-textarea >=3.0.1 => 3.0.3
    paper-ripple 3.0.1 => 3.0.2

    patches with transformations:
    iron-overlay-behavior 3.0.2 => 3.0.3
    iron-location 3.0.1 => 3.0.2

    minors:
    iron-a11y-announcer ? => 3.2.0
    app-layout >=3.0.2 => 3.1.0
    iron-list >=3.0.1 => 3.1.0

    minors with transformations:
    iron-fit-behavior >=3.0.1 => 3.1.0
    paper-input >=3.0.1 => 3.2.1

    removed:
    paper-badge
    paper-dropdown-menu
    paper-swatch-picker
    paper-menu-button
    paper-card
    iron-image
    iron-jsonp-library
    iron-swipeable-container
    paper-tabs
    paper-tooltip
    iron-iconset

  4. updated @google-web-components/google-chart 3.0.4 => 3.4.0

  Polyfills:
  1. updated @webcomponents/webcomponentsjs 2.2.10 => 2.8.0
  2. updated web-animations-js 2.3.1 => 2.3.2

  Newly moved to npm infrastructure:
  1. updated moment 2.24.0 => 2.30.1
  2. updated moment-timezone 0.5.33 => 0.5.46

TESTING (majors)
  1. overridden wct-browser-legacy's dependencies:

    updated (likely all majors):
    async ? => 3.2.6
    chai >=4.2.0 => 5.1.2
    lodash ? => 4.17.21
    mocha >=5.2.0 => 10.8.2
    sinon ? => 19.0.2
    sinon-chai ? => 4.0.0

    removed:
    @polymer/sinonjs
    stacky

To be completed by the pull request reviewer

This section should be completed with reference to section Performing PR review of the Code and PR reviews wiki page.

• The In progress label has been added to the pull request in GitHub.

• The issue requirements have been read and understood (along with any relevant emails and/or Slack messages).

• The correct base branch is specified, and that base branch is up-to-date in the local source.

• The issue branch has been checked out locally, and had the base branch merged into it.

• All automated tests pass successfully.

• Ensure the implementation satisfies the functional requirements.

• Ensure that code changes are secure and align with the established coding practices, including code formatting and naming conventions.

• Ensure that code changes are documented and covered with automated tests as applicable.

• Ensure that code changes are well-suited for informal reasoning.

• Ensure that changes are documented for the end-user (a software engineer in the case of TG, or an application user in the case of TG-based applications).

• If there are significant changes (described above), special attention has been paid to them.
  Marked the task items in section "Significant changes" as completed to indicated that corresponding changes have been reviewed, improved if necessary, and approved.

• The issue or issues addressed by the pull request are associated with the relevant release milestone.

To be completed by the pull request reviewer once the changes have been reviewed and accepted

• The changes have been merged into the base branch (unless there is a specific request not to do so, e.g., they are to be released to SIT).

• The issue branch has been deleted (unless the changes have not been merged - see above, or there is a specific request not to do so).

• The In progress label has been removed from the pull request.

• The Pull request label has been removed from the pull request.