Investigate strategy for dependency pinning

[cramforce]

We used to use NPM shrinkwrap, but we stopped due to problems with @greenkeeperio-bot. We should reconsider. I'd also consider just checking node_modules into the repo (or ideally a separate repo connected with git submodule (Rule number 1: Never ever use git submodule, they are the worst).

[erwinmombay]

cool, will go ahead and run shrinkwrap again. these days we dont really upgrade as much we would like to anyways, so i think we should be good. we can always remove shrinkwrap again if it becomes a issue.

ive never done checking the whole node_modules into a repo, not sure whats its implications are building etc (besides cloning slowdown + bandwidth)

[cramforce]

@erwinmombay where are we with yarn on this?

[erwinmombay]

@cramforce confirmed it works internally in the release process. i need to update the docs and send out an email to the team

[adelinamart]

@erwinmombay anything else to be done here? Thanks