Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated dependencies in @mapbox/node-pre-gyp #881

Closed
Johnwjl opened this issue Sep 9, 2024 · 10 comments
Closed

Deprecated dependencies in @mapbox/node-pre-gyp #881

Johnwjl opened this issue Sep 9, 2024 · 10 comments

Comments

@Johnwjl
Copy link

Johnwjl commented Sep 9, 2024
edited
Loading

Description

I noticed that @mapbox/[email protected] introduces deprecated dependencies:

Could you please consider updating npmlog rimraf and addressing these deprecated dependencies?

Steps to reproduce

  1. Install a project that depends on @mapbox/node-pre-gyp
  2. Run pnpm install
  3. Observe deprecation warnings about these packages.

Dependency chain:

nuxt 3.13.1
└─┬ nitropack 2.9.7
  └─┬ @vercel/nft 0.26.5
    └─┬ @mapbox/node-pre-gyp 1.0.11
      └─┬ npmlog 5.0.1
        └── are-we-there-yet 2.0.0
        └── gauge 3.0.2
      └── rimraf 3.0.2
         └── glob 7.2.3
@Johnwjl Johnwjl changed the title Deprecated dependencies in @mapbox/node-pre-gyp: npmlog and are-we-there-yet Deprecated dependencies in @mapbox/node-pre-gyp: npmlog and are-we-there-yet and gauge Sep 9, 2024
@Johnwjl Johnwjl changed the title Deprecated dependencies in @mapbox/node-pre-gyp: npmlog and are-we-there-yet and gauge Deprecated dependencies in @mapbox/node-pre-gyp Sep 9, 2024
@heath-freenome
Copy link

These deprecated dependencies are triggering Snyk warnings in our enterprise. Given that rimraf is an easy upgrade, can't you at least make that change? Not sure how hard npmlog upgrade is

@je-movers-market
Copy link

This seems to have been an issue since around July (#877), and I've been noticing it myself for quite a few months.

@mapbox/node-pre-gyp is also a subdependency of @vercel/nft so it's presumably affecting a good amount of Vercel users. In my case using @sveltejs/adapter-vercel is causing it, as it has a dependency on the nft package.

Surprising it's been like this for so long.

@Tofandel
Copy link

Tofandel commented Sep 30, 2024
edited
Loading

And also @vercel/nft is a dependency of nitropack which is itself a dependency of nuxt, so pretty much 50% of the npm ecosystem is affected

They seem to have addressed them already but haven't published a release yet
e882b7e#diff-2187cf6e5770e0f160f1d63d4a287f35d012e3dd3e08464e45490d81b20b9049R27

@leeobrum
Copy link

leeobrum commented Sep 30, 2024
edited
Loading

Do we have any solution? @cclauss

@leeobrum
Copy link

leeobrum commented Oct 9, 2024

can you help us @lukekarrys?

@minenwerfer
Copy link

I hope this issue gets solved, it's spamming the console with warning messages when my package is installed.

@cclauss
Copy link
Collaborator

cclauss commented Dec 2, 2024

What is the status of this?

@HummingMind
Copy link

+1
Would also like to see this get fixed.

Thank you! 🍻

@benmccann
Copy link
Collaborator

I believe this should be fixed in 2.0.0-rc.0. npmlog was replaced with consola. rimraf is no longer a direct dependency, but unfortunately is still pulled in by minizlib. There are a couple PRs out to remove it such as isaacs/minizlib#30. But I think it's a newer version so it should at least fix the deprecation warnings

@HummingMind
Copy link

Looks like the deprication warnings are gone with 2.0.0-rc.0.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@benmccann @cclauss @Tofandel @Johnwjl @leeobrum @heath-freenome @minenwerfer @HummingMind @je-movers-market