npm WARN deprecated puppeteer@18.1.0 is no longer supported

[MikeMcC399]

Versions

• What is this plugin's version: 2.2.1
• What is the Node version: v18.15.0 v20.17.0
• What is the NPM version: 9.5.0 10.8.2

Describe the bug

Installing netlify-plugin-cypress@latest (v2.2.1) results in the warning:

npm WARN deprecated puppeteer@18.1.0: < 19.4.0 is no longer supported npm WARN deprecated puppeteer@18.1.0: < 22.8.2 is no longer supported

Steps to reproduce

mkdir netlify-plugin-test
cd netlify-plugin-test
npm init -y
npm install netlify-plugin-cypress@latest

note warnings:

$ npm install netlify-plugin-cypress@latest
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated puppeteer@18.1.0: < 22.8.2 is no longer supported

added 265 packages, and audited 266 packages in 1m

30 packages are looking for funding
  run `npm fund` for details

8 vulnerabilities (1 low, 1 moderate, 6 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Expected

When

npm install netlify-plugin-cypress@latest

is executed, no warnings should be displayed.

The current version of puppeteer is 23.2.1.

Link to the repo

Reproducible example on

https://github.com/cypress-io/cypress-example-kitchensink

Clone the repository and execute

npm ci

[MikeMcC399]

I thought I might at least be able to get rid of the debug deprecation, however updating to the current debug@4.3.4 causes major changes in package-lock.json.

Even without attempting to make this change, on Ubuntu 22.04 with Node.js 18.15.0 18.16.1, the sequence:

npm install
npm ci

executed on a clone of this repo shows:

$ npm ci
npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for @esbuild/android-arm@0.17.12: wanted {"os":"android","arch":"arm"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS:    android
npm ERR! notsup Valid Arch:  arm
npm ERR! notsup Actual OS:   linux
npm ERR! notsup Actual Arch: x64

so it seems this is not simple to resolve. 🙁

[nagash77]

Hi @MikeMcC399 , I do not anticipate us being able to investigate this problem at the moment. I will route the issue and we will keep it in the backlog.

We are of course always open to community contributions if anyone out there is so inclined.

[MikeMcC399]

Hi Ben @nagash77

This is quite a tricky issue, so I wasn't expecting it to get solved soon, and I'm not even sure that it can be solved in Cypress at the moment. I just wanted to make sure it was recorded as a known-issue, since I wasn't able to find a solution for it myself.

• PR https://github.com/cypress-io/netlify-plugin-cypress/pull/320 from @jaffrepaul pinned puppeteer to 18.1.0 so I guess this is the best option for now.

[jaffrepaul]

I think we should be able to bump Puppeteer to the latest version (and not pin it) with some additional dependency updates noted in my PR above. I just didn't have the bandwidth to go that deep at the time.

[MikeMcC399]

• https://github.com/netlify/cli/issues/5323 is an open issue regarding the EBADPLATFORM error.
• A workaround is to revert to netlify-cli@12.2.8 (which however causes a page full of deprecation warnings etc.)

[MikeMcC399]

netlify-cli v14 has been released. Edit: Latest version is now v17.

This can unblock steps needed to resolve this issue, however there are still multiple deprecation warnings and critical vulnerabilities left, so there would still be significant effort needed.

[MikeMcC399]

The warning has now changed to

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.3.7 is no longer supported

See https://github.com/puppeteer/puppeteer/releases for current releases e.g. v21.6.0.

[jaffrepaul]

The warning has now changed to

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.3.7 is no longer supported

cc @jennifer-shehane in case this needs to be prioritized/rerouted

[MikeMcC399]

Updated installation log to current output:

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.8.0 is no longer supported

added 263 packages, and audited 264 packages in 1m

30 packages are looking for funding
  run `npm fund` for details

6 vulnerabilities (1 low, 1 moderate, 4 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

[MikeMcC399]

• related vulnerabilities are also reported in #426

[MikeMcC399]

Mainly due to using the unsupported puppeteer@18.1.0 , the list of deprecations has now increased:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated puppeteer@18.1.0: < 22.6.4 is no longer supported

[asminehid]

Hi Team,

I can see the issue is marked as triaged. Not knowing the cypress update process, I'm curious as to where a fix for this is at. I'm happy to look at getting a PR done to resolve this but I'd need some help in figuring out the process to do so. The Contributing.md file feels quite light and also contains dead links (such as https://github.com/netlify/build/blob/main/docs/creating-a-plugin.md).

Thanks for your help

[MikeMcC399]

@asminehid

• Since there hasn't been any further feedback here it would be safe to assume that nobody is working on a fix.

• As far as external contributions are concerned, please check https://github.com/cypress-io/netlify-plugin-cypress/issues/345