Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transitive dependency on deprecated inflight package #5158

Closed
skagedal opened this issue Jun 9, 2024 · 2 comments
Closed

Transitive dependency on deprecated inflight package #5158

skagedal opened this issue Jun 9, 2024 · 2 comments
Labels
duplicate been there, done that, got the t-shirt...

Comments

@skagedal
Copy link

skagedal commented Jun 9, 2024

As noted in this eslint issue, mocha has a transitive dependency to the deprecated, memory-leaking inflight package.

This is not a direct dependency of mocha, but comes in through several paths.

For some reason, I don't get the deprecation warning when I run npm install --ignore-scripts from current main (commit 2f3fedcc):

❯ npm i --ignore-scripts
npm warn deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm warn deprecated gulp-header@1.8.12: Removed event-stream from gulp-header
npm warn deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm warn deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm warn deprecated har-validator@5.1.5: this library is no longer supported
npm warn deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm warn deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm warn deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm warn deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm warn deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm warn deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm warn deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm warn deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

added 1939 packages, and audited 1940 packages in 16s

However, the deprecated module inflight does get installed into node_modules. This issue exist to track its removal through various dependencies.

@skagedal
Copy link
Author

skagedal commented Jun 9, 2024

Going through npm why inflight, these seem to be the top-level dependencies where it enters mocha:

❯ npm why inflight | grep "root project" | awk '{$1=$1};1' | sort | uniq
dev @11ty/eleventy@"^1.0.0" from the root project
dev @rollup/plugin-commonjs@"^21.0.2" from the root project
dev @rollup/plugin-multi-entry@"^4.0.1" from the root project
dev assetgraph-builder@"^9.0.0" from the root project
dev canvas@"^2.11.2" from the root project
dev eslint@"^8.56.0" from the root project
dev hyperlink@"^5.0.4" from the root project
dev karma-mocha-reporter@"^2.2.5" from the root project
dev karma-sauce-launcher@"^4.3.6" from the root project
dev karma@"^6.4.2" from the root project
dev markdownlint-cli@"^0.30.0" from the root project
dev nyc@"^15.1.0" from the root project
dev rimraf@"^3.0.2" from the root project
glob@"8.1.0" from the root project

(adding links to other issues here)

@JoshuaKGoldberg JoshuaKGoldberg added the status: in triage a maintainer should (re-)triage (review) this issue label Jun 26, 2024
@JoshuaKGoldberg
Copy link
Member

Yeah, this comes in as a dependency of glob. Moving to a newer version is tracked in #5148. Thanks for filing!

@JoshuaKGoldberg JoshuaKGoldberg closed this as not planned Won't fix, can't repro, duplicate, stale Jul 2, 2024
@JoshuaKGoldberg JoshuaKGoldberg added duplicate been there, done that, got the t-shirt... and removed status: in triage a maintainer should (re-)triage (review) this issue labels Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
duplicate been there, done that, got the t-shirt...
Projects
None yet
Development

No branches or pull requests

2 participants