cli-cube-timer icon indicating copy to clipboard operation
cli-cube-timer copied to clipboard

Published 20 hours ago verified publisher icon icyflame

Deprecation warnings: updating request@2 to the latest should fix it

Open icyflame opened this issue 8 years ago • 5 comments

image

icyflame avatar Aug 07 '17 13:08 icyflame

Upgrading the packages with a tool like ncu get's rid of all but one deprecation warning.

It seems that two of the used packages use deprecated "node-uuid" library. Only way to get rid of this is to replace the packages or ignore for now and hope that newer versions will get rid of it.

~/Projects/cli-cube-timer: grep -R "node-uuid"
[...]
node_modules/http-signature/package.json:    "node-uuid": "^1.4.1",
node_modules/request/package.json:    "node-uuid": "~1.4.7",
[...]

However none of these packages are direct dependencies of cli-cube-timer, so maybe best course of action is to actually upgrade the packages and ignore the remaining warnings.

Jan-Ka avatar Oct 01 '17 17:10 Jan-Ka

Okay. So, please read my comments on #41 before reading the following comment. (this won't make sense otherwise, sorry :stuck_out_tongue: )

I just wanted to remove the deprecated package warnings, I am not necessarily interested in upgrading package versions. (A lot of APIs have changed, eg: Some of Sindre Sorhus's packages have all moved to promises whereas they weren't before.)

ncu is a good tool. I might use it on a dependency-by-dependency basis. But doing everything at the same time is not the way to go.

Merging of the three trash modules into one is the main culprit. I don't even see the use of trash in this particular module.

icyflame avatar Oct 03 '17 16:10 icyflame

Okay, I remember now, so actually I removed the trash module. That was the point of v0.8.2

Instead, I started renaming the files and keeping them around anyway. (Through some weird issue, I lost a large set of times. They were backed up in the gist but the pushed.csv file suddenly became empty! I realized it was related to the trashing of times.csv files and a coincidental API error.)

I will check once again to see if there are any deprecated package warnings.

icyflame avatar Oct 03 '17 18:10 icyflame

Updated warnings:

$ npm i
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

> [email protected] postinstall /media/siddharth/code/personal-projects/cli-cube-timer/node_modules/spawn-sync
> node postinstall

icyflame avatar Oct 10 '17 08:10 icyflame

Both node-uuid and tough-cookie are dependencies of [email protected]. These have probably been fixed in the latest version of request.

icyflame avatar Oct 10 '17 08:10 icyflame