search

SAP / ui5-tooling

An open and modular toolchain to develop state of the art applications based on the UI5 framework
https://sap.github.io/ui5-tooling
Apache License 2.0
466 stars 68 forks source link

Inventory of dependencies in UI5 tooling #980

Closed swaldmann closed 3 weeks ago

swaldmann commented 1 month ago

Is your feature request related to a problem? Please describe.

Currently installing @ui5/cli complains about outdated dependencies, for a rather minimal UI5 app with this package.json:

{
  "name": "browse",
  "version": "1.0.0",
  "main": "webapp/index.html",
  "scripts": {
    "build": "ui5 build preload --clean-dest --config ui5-deploy.yaml",
    "build-local": "ui5 build preload --clean-dest",
    "start": "ui5 serve"
  },
  "devDependencies": {
    "@ui5/cli": "^3",
    "ui5-task-zipper": "^3"
  },
  "ui5": {
    "dependencies": [
      "ui5-task-zipper"
    ]
  }
}

These come from (transitive) dependencies of @ui5/cli:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

Some warnings might just be due to an outdated shrinkwrap, but imo the dependencies could be thinned nowadays with Node.js 18+ (now LTS) APIs. For example, there's no reason to use the rimraf or graceful-fs package with fs.rm() and other modern file system APIs now being stable.

Describe the solution you'd like

Describe alternatives you've considered

ā€“

Additional context

ā€“

RandomByte commented 1 month ago

Thanks for reporting. We are aware of this and already upgraded the respective dependencies on our development branches.

Most of them can't be upgraded in UI5 Tooling v3 without breaking compatibility, since they required Node.js versions above v16 (which is the lowest supported version for UI5 Tooling v3).

UI5 Tooling v4 with updated dependencies will be released soon. We will update this issue once it is available and check whether the warnings are resolved.

RandomByte commented 1 month ago

Apologies. I just checked our current main branches and the warnings still appear. Looks like https://github.com/guybedford/devcert is quite outdated. We'll look into it. Thanks again for reporting! šŸ‘

swaldmann commented 1 month ago

BTW, if there are older dependencies that don't have a good replacement but just very few users are interested in the feature they enable I'd just consider turning it into an optional peer dependency.

We do this in @cap-js/hana for example, where we ship hdb by default but @sap/hana-client has to be manually added if required: https://github.com/cap-js/cds-dbs/blob/main/hana/package.json#L29-L36

RandomByte commented 1 week ago

Affected dependencies have been updated in https://github.com/guybedford/devcert/pull/7

The deprecation warnings should be resolved with the latest UI5 CLI. Thanks again for reporting.