search

IBM / zowe-cli-cics-deploy-plugin

Provides the cics-deploy plug-in for Zowe CLI https://github.com/zowe/zowe-cli to deploy Node.js and other applications from a workstation to IBM CICS Transaction Server within a CICS bundle. Documentation is available at https://ibm.github.io/zowe-cli-cics-deploy-plugin/
Eclipse Public License 2.0
13 stars 12 forks source link

Investigate npm deprecation warnings #230

Closed matthewpwilson closed 5 years ago

matthewpwilson commented 5 years ago

When I install the cics-deploy plugin I get the following warnings from npm:

npm WARN deprecated joi@13.7.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek@5.0.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated topo@3.0.3: This module has moved and is now available at @hapi/topo. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated hoek@6.1.3: This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.

We need to investigate and at least understand the source of these, and ideally get rid of them for 1.0.

matthewpwilson commented 5 years ago

Here's the dependency tree for our plugin

├─┬ @zowe/cics@2.0.1
│ └─┬ xml2js@0.4.19
│   ├── sax@1.2.4
│   └── xmlbuilder@9.0.7
└─┬ xml2json@0.11.2
  ├── hoek@4.2.1
  ├─┬ joi@13.7.0
  │ ├── hoek@5.0.4
  │ ├─┬ isemail@3.2.0
  │ │ └── punycode@2.1.1
  │ └─┬ topo@3.0.3
  │   └── hoek@6.1.3
  └─┬ node-expat@2.3.18
    ├─┬ bindings@1.5.0
    │ └── file-uri-to-path@1.0.0
    └── nan@2.14.0

So, those warnings all occur as result of dependencies of xml2json

matthewpwilson commented 5 years ago

Some has raised a PR to fix these https://github.com/buglabs/node-xml2json/pull/179, however it doesn't look like the project maintainers are too responsive.

We could consider swapping to another XML parser. At a quick glance fast-xml-parser and xml-js look like reasonable candidates. Both have been updated in the last few months. They both also appear to be native JavaScript parers, which would mean that Windows users wouldn't need to install tools for compiling native modules.

Thoughts @pcoop ?

pcoop commented 5 years ago

The cics plugin uses https://www.npmjs.com/package/xml2js as its parser, but it hasn't been updated in a couple of years so I wasn't keen for us to base on that. If we can find a parser that addresses the namespace problems in issue #158 then that would be good, and we need something that will round-trip a document from XML->JSON->XML without introducing oddities in the processes.

matthewpwilson commented 5 years ago

Fixed by #239.