search

apache / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network
https://trafficcontrol.apache.org/
Apache License 2.0
1.06k stars 341 forks source link

Traffic Portal deprecated dependencies #3036

Open ocket8888 opened 5 years ago

ocket8888 commented 5 years ago

Traffic Portal uses a number of deprecated dependencies as seen in the NPM warnings:

npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated buffer-browserify@0.0.5: Package not maintained. Recent browserify uses https://github.com/feross/buffer
npm WARN deprecated jade@1.11.0: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated constantinople@3.0.2: Please update to at least constantinople 3.1.1
npm WARN deprecated transformers@2.1.0: Deprecated, use jstransformer
npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN notsup Not compatible with your operating system or architecture: fsevents@1.2.4

TP also uses bower, which will warn that yarn should be used instead, and the bower website has instructions for migrating bower projects to the new dependency management platform.

shamrickus commented 3 years ago

Most of these warnings have been resolved except:

npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.

coffee-script is from load-grunt-config PR to fix but it looks like this PR won't be merged anytime soon.

Istanbul is from grunt-html2js and it looks like it can be safely removed (fromt grunt-html2js) as it's only used for CI and their CI installs it (just need to PR)

zrhoffman commented 3 years ago

TP also uses bower, which will warn that yarn should be used instead, and the bower website has instructions for migrating bower projects to the new dependency management platform.

@shamrickus removed Bower in #6148.

ocket8888 commented 3 years ago

Which is much better than moving to yarn anyway

mitchell852 commented 2 years ago

do you know if this can be closed @shamrickus @ocket8888 ?