Replace deprecated dependencies

[jennifer-shehane]

Current behavior:

Upon install of packages when developing in Cypress there are some deprecation warning that should probably be addressed (not really covered with renovatebot)

npm WARN deprecated coffee-script@1.12.5: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated fs-promise@1.0.0: Use mz or fs-extra^3.0 with Promise Support
npm WARN deprecated coffee-script@1.11.1: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
npm WARN deprecated babel-preset-es2015@6.24.1: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read babeljs.io/env to update!
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated coffee-script@1.9.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated github@11.0.0: 'github' has been renamed to '@octokit/rest' (https://git.io/vNB11)
npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated tar.gz@0.1.1: ⚠️  WARNING ⚠️ tar.gz module has been deprecated and your application is vulnerable. Please use tar module instead: https://npmjs.com/tar
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated cross-spawn-async@2.2.5: cross-spawn no longer requires a build toolchain, use it instead
npm WARN deprecated circular-json@0.5.9: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated samsam@1.1.3: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated postinstall-build@2.1.3: postinstall-build's behavior is now built into npm! You should migrate off of postinstall-build and use the new `prepare` lifecycle script with npm 5.0.0 or greater.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated superagent@3.8.3: Please note that v5.0.1+ of superagent removes User-Agent header by default, therefore you may need to add it yourself (e.g. GitHub blocks requests without a User-Agent header).  This notice will go away with v5.0.2+ once it is released.

Desired behavior:

We should not use deprecated packages

Versions

4.1.0

[jennifer-shehane]

Another user noted the warning below in https://github.com/cypress-io/cypress/issues/6804

cypress > extract-zip > mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)

because extract-zip uses mkdirp@0.5.1 here: https://github.com/maxogden/extract-zip/blob/master/package.json

Should probably replace extract-zip since it hasn't had any commits in 2 years.

[dinhthiquyen]

i read your answer about Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) but i don't understand how can i fix it... please can you explain for me??

[jennifer-shehane]

Some of our dependencies have a sub-dependency that is using mkdirp 0.5.1, so these dependencies are not under our control. They have to update their mkdirp to a more recent version or we have to replace the dependency with a fork of the library ourselves or with a completely different package.

These are all just warning however and can just be ignored - they should not effect the running code.

[dinhthiquyen]

thanks you explain for me.... but i don't know why i can't install angular, it has two warning npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 C:\usr\local\ng -> C:\usr\local\node_modules\@angular\cli\bin\ng if you know how to fix it, can u teach me? i spent all day to install it, i need to submit my assignment this weekend. i find some solution on internet like the path on the system but not run

[jennifer-shehane]

Deprecation warnings should not prevent you from installing - they are just warnings. Read the rest of the output carefully, there may be something else that is causing the install to not be successful.

[dinhthiquyen]

i don't know why it only has this messign C:\Users\Dinh Thi Quyen>npm install -g @angular/cli npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 C:\usr\local\ng -> C:\usr\local\node_modules\@angular\cli\bin\ng

@angular/cli@9.0.7 postinstall C:\usr\local\node_modules\@angular\cli node ./bin/postinstall/script.js

• @angular/cli@9.0.7 updated 1 package in 10.725s

C:\Users\Dinh Thi Quyen>ng -v 'ng' is not recognized as an internal or external command, operable program or batch file.

i don't find the resean

[jennifer-shehane]

@dinhthiquyen Issues in our GitHub repo are reserved for potential bugs or feature requests. These comments are not even related to Cypress, so I will have to suggest you find some other means of finding an answer to your question online. Sorry and good luck.

[karlhorky]

I've opened #6845 to address the extract-zip vulnerability.

[jennifer-shehane]

browserify updated mkdirp here: https://github.com/browserify/browserify/commit/00c913fa345dbb7f612bdad6b4acc91c706e98b2 but has not cut a new version

[nbasport123]

how can i update mkdirp versions? I want the how to do step by step please. /\

[Sanidhya-Tyagi]

i am getting same warning please help

[jackisjack]

same here. Don't know what to do.

[myshuker]

same here elementary@elementary-HP-ProBook-450-G1:~/Documents/Course/HYF/الوظايف/react/week2/lesson$ sudo npm install -g create-react-app [sudo] password for elementary:
npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) /usr/local/bin/create-react-app -> /usr/local/lib/node_modules/create-react-app/index.js /usr/local/lib └── create-react-app@3.4.1

[raajarajan-ms]

Hi All I am also facing the same issue while installing angular cli as like you mentioned in below link https://github.com/cypress-io/cypress/issues/6730#issuecomment-603195484

Have you solved the problem. If so, kindly help me to overcome it.

[jennifer-shehane]

Summary

These are just warnings and can just be ignored! - they should not effect running Cypress.

We will need to update our deps to get rid of the warnings which is in progress.

[raajarajan-ms]

@jennifer-shehane Yeah , those are warnings and can be ignored but while creating new app im getting error like below Installing packages...npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm ERR! Unexpected end of JSON input while parsing near '..."karma-browserify":"^'

npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\Rajarajan Sivaraj\AppData\Roaming\npm-cache_logs\2020-03-30T05_41_29_319Z-debug.log × Package install failed, see above. The Schematic workflow failed. See above.

[jennifer-shehane]

The npm ERR are different and not related to this issue. This issue is only concerned with the npm WARN of deprecated dependencies.

The below is another issue - you should refer to the debug.log as specified for more information on where this is coming from.

npm ERR! Unexpected end of JSON input while parsing near '..."karma-browserify":"^'

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Rajarajan Sivaraj\AppData\Roaming\npm-cache_logs\2020-03-30T05_41_29_319Z-debug.log

[raajarajan-ms]

@jennifer-shehane Ok ..Thanks for the reply. I will look into the npm ERR

[tanosk8]

I got same error . . . I don'''t know what I can do

[spicemix]

I get a minorly annoying warning in the runner's devtools console that popper.js's sourcemap can't be loaded at the start of a test run:

DevTools failed to load SourceMap: Could not load content for http://localhost:4200/__cypress/runner/popper.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE

There's a stack overflow discussing this or maybe it just needs a dependency update as it is in the list above. Not so urgent but we like clean logs. Thanks!

[jennifer-shehane]

Closing due to inactivity.