Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup dependencies based on deprecated packages #53569

Open
13 tasks
fluiddot opened this issue Aug 11, 2023 · 3 comments
Open
13 tasks

Cleanup dependencies based on deprecated packages #53569

fluiddot opened this issue Aug 11, 2023 · 3 comments
Labels
Developer Experience Ideas about improving block and theme developer experience [Type] Build Tooling Issues or PRs related to build tooling [Type] Tracking Issue Tactical breakdown of efforts across the codebase and/or tied to Overview issues.

Comments

@fluiddot
Copy link
Contributor

fluiddot commented Aug 11, 2023
edited
Loading

What problem does this address?

npm reports several warnings about deprecated packages when installing the dependencies the first time. In an effort of cleaning up the dependencies, it would be great to review them and execute the needed upgrades/removals of those packages.

This issue tracks the different tasks we'd need to accomplish to remove the deprecation warnings.

What is your proposed solution?

Remove or find a replacement for the deprecated packages and upgrade the packages where they are used accordingly.

  • stable package

Used by @wordpress/scripts package:

└─┬ @wordpress/[email protected] -> ./packages/scripts
  └─┬ @svgr/[email protected]
    └─┬ @svgr/[email protected]
      └─┬ [email protected]
        └── [email protected]

npm WARN deprecated [email protected]: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
  • urix package

Used by react-native-sass-transformer (related to React Native):

  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        ├─┬ [email protected]
        │ └── [email protected] deduped
        └── [email protected]

npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
  • trim package

Used by @wordpress/docgen:

└─┬ @wordpress/[email protected] -> ./packages/docgen
  └─┬ [email protected]
    └── [email protected]

npm WARN deprecated [email protected]: Use String.prototype.trim() instead
  • har-validator package

Used by appium and wd (related to mobile E2E tests):

├─┬ [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └── [email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected]

npm WARN deprecated [email protected]: this library is no longer supported
  • resolve-url package

Used by react-native-sass-transformer (related to React Native):

  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └── [email protected]

npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
  • source-map-url package

Used by react-native-sass-transformer (related to React Native):

  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └── [email protected]

npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
  • fsevents package

Used by several packages (including React Native Metro server):

├─┬ @playwright/[email protected]
│ └── [email protected]
├─┬ @storybook/[email protected]
│ └─┬ @jest/[email protected]
│   └─┬ [email protected]
│     └── [email protected] deduped
├─┬ [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └── [email protected]
├─┬ [email protected]
│ └─┬ @react-native-community/[email protected]
│   └─┬ @react-native-community/[email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └── [email protected] deduped
└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected] deduped

npm WARN deprecated [email protected]: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2
  • chokidar package

Used by several packages:

├─┬ @pmmmwh/[email protected]
│ └─┬ [email protected]
│   └── [email protected] deduped
├─┬ @storybook/[email protected]
│ └─┬ @storybook/[email protected]
│   └─┬ [email protected]
│     └── [email protected] deduped
├─┬ @storybook/[email protected]
│ └─┬ @storybook/[email protected]
│   └─┬ [email protected]
│     └── [email protected] deduped
├─┬ [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     ├── [email protected] deduped
│     └─┬ [email protected]
│       └── [email protected]
└─┬ [email protected]
  └── [email protected]

npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
  • querystring package

Used by react-refresh-webpack-plugin and React Native:

├─┬ @pmmmwh/[email protected]
│ └─┬ [email protected]
│   └── [email protected]
└─┬ @wordpress/[email protected] -> ./packages/react-native-editor
  └─┬ [email protected]
    └── [email protected] deduped

npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
  • uuid package

Used by several packages (including Mobile E2E tests):

├─┬ @actions/[email protected]
│ └── [email protected]
├─┬ @pmmmwh/[email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └── [email protected]
├─┬ @storybook/[email protected]
│ └── [email protected]
├─┬ @wordpress/[email protected] -> ./packages/annotations
│ └── [email protected] deduped
├─┬ @wordpress/[email protected] -> ./packages/block-library
│ └── [email protected] deduped
├─┬ @wordpress/[email protected] -> ./packages/blocks
│ └── [email protected] deduped
├─┬ @wordpress/[email protected] -> ./packages/components
│ └── [email protected] deduped
├─┬ @wordpress/[email protected] -> ./packages/core-data
│ └── [email protected] deduped
├─┬ @wordpress/[email protected] -> ./packages/e2e-tests
│ └── [email protected] deduped
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └─┬ [email protected]
│ │     └── [email protected] deduped
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └── [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └─┬ [email protected]
│ │     └── [email protected] deduped
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └── [email protected] deduped
│ ├─┬ [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └── [email protected]
├─┬ [email protected]
│ └── [email protected]
├─┬ [email protected]
│ └── [email protected]
├── [email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected]

npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
  • source-map-resolve package

Used by react-native-sass-transformer and Babel preset:

├─┬ @wordpress/[email protected] -> ./packages/react-native-editor
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └── [email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └── [email protected] deduped

npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
  • request package

Used by appium and wd (related to Mobile E2E tests):

├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └─┬ [email protected]
│ │     ├── [email protected] deduped
│ │     └─┬ [email protected]
│ │       └─┬ [email protected]
│ │         └── [email protected] deduped
│ └─┬ [email protected]
│   └─┬ [email protected]
│     ├── [email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └── [email protected] deduped
└─┬ [email protected]
  └── [email protected]

npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
  • uglify-es package

Used by React Native (Metro server):

└─┬ [email protected]
  └─┬ @react-native-community/[email protected]
    └─┬ @react-native-community/[email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └── [email protected]

npm WARN deprecated [email protected]: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
@fluiddot fluiddot added the [Type] Tracking Issue Tactical breakdown of efforts across the codebase and/or tied to Overview issues. label Aug 11, 2023
@fluiddot fluiddot mentioned this issue Aug 11, 2023
Closed
@bph
Copy link
Contributor

bph commented Mar 15, 2024

Having a list of warnings on the build process will give new contributors pause, and might keep them from moving forward because they might not trust their capabilities.

What would be involved, apart from needed time, to work on removing them?

@youknowriad @mcsf @gziolo

@gziolo gziolo added Developer Experience Ideas about improving block and theme developer experience [Type] Code Quality Issues or PRs that relate to code quality labels Mar 15, 2024
@gziolo
Copy link
Member

gziolo commented Mar 15, 2024

@sirreal should land soon a PR #57800 with package deduplication, which updates what's in the lock file. The next step would require auditing the list again and eventually upgrading the problematic packages to more recent version.

@gziolo gziolo added [Type] Build Tooling Issues or PRs related to build tooling and removed [Type] Code Quality Issues or PRs that relate to code quality labels Mar 15, 2024
@sirreal
Copy link
Member

sirreal commented May 6, 2024

Packages have been deduped and several dependencies have been upgraded. We can reassess what needs to be done now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Developer Experience Ideas about improving block and theme developer experience [Type] Build Tooling Issues or PRs related to build tooling [Type] Tracking Issue Tactical breakdown of efforts across the codebase and/or tied to Overview issues.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bph @gziolo @sirreal @fluiddot