Vue 3 package polluted `package-lock.json`

[guilledll]

Describe the bug
Hi all, i'm currently using NPM as package manager and working with @cubejs-client/vue3. I noticed that some dependencies are wrongly installed in the vue3 cube package causing unwanted dependencies to be included on the production build / npm package.

Included dependencies in a fresh @cubejs-client/vue3 install:

"dependencies": {
    "@cubejs-client/core": "1.3.59",
    "@vue/compiler-sfc": "^3.0.11",
    "core-js": "^3.6.5",
    "flush-promises": "^1.0.2",
    "ramda": "^0.27.0",
    "vue-loader": "^16.2.0"
},

By reviewing source code I realized that only @cubejs-client/core and ramda are needed on the production build.
vue-loader, flush-promises, core-js, @vue/compiler-sfc can be removed since they are not needed neither during development or production build.

To Reproduce
Steps to reproduce the behavior:

1. create fresh vue 3 project with npm create vue@latest
2. run npm install @cubejs-client/core @cubejs-client/vue3
3. Verify that package-lock.json includes vue-loaded and all it dependencies (included webpack, see image). Same scenario for all the other dependencies.

Expected behavior
The only two dependencies needed in production are @cubejs-client/core and ramda

Screenshots
Current install (wrong)

Minimally reproducible Cube Schema
Does not apply

Version:
[e.g. 1.3.59]

Additional context
Inclusion of devDependencies in production build is not a good practice, only end user dependencies should be released the npm.
Having this packages may lead to extra (and unneeded) package downloads, heavier bundle sized and decreased performance.

[igorlukanin]

Thanks for reporting! Would you be open to provide a PR to fix?

[guilledll]

Yes @igorlukanin here it is!

#9925

[guilledll]

Solved with the MR merge, now installation with NPM is working as expected (with less dependencies).

Thanks for the review!