search

SciSpike / yaktor-issues

Issues-only repository for issue management of all Yaktor repositories
0 stars 1 forks source link

Upgrade Yaktor dependencies #63

Open matthewadams opened 7 years ago

matthewadams commented 7 years ago

There are deprecation warnings during npm install of a new Yaktor project. Excerpts follow:

$ curl https://init.yaktor.io | sh
...
npm install
npm WARN deprecated node-uuid@1.4.1: use uuid module instead
npm WARN deprecated standard-format@2.1.1: standard-format is deprecated in favor of a built-in autofixer in 'standard'. Usage: standard --fix
...
npm WARN deprecated tough-cookie@0.9.15: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated native-or-bluebird@1.1.2: 'native-or-bluebird' is deprecated. Please use 'any-promise' instead.
...
npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
...
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@2.0.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
...
npm WARN deprecated graceful-fs@1.1.14: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

Some of the above warnings may be from transitive dependencies. Upgrading Yaktor's direct dependencies should eliminate the transitive deprecation warnings.

barrettc commented 7 years ago

I can speak to the jade/pug warning as I recently had to look into this for some course material updates. The jade project had to be renamed to pug for legal reasons. Once switching to the latest version of pug, the templates were not backwards compatible and required some minor changes. I can take on that migration since I've done it already.

matthewadams commented 7 years ago

Ask and ye shall receive: you've been assigned. :)