Deprecation warnings: updating request@2 to the latest should fix it

icyflame / cli-cube-timer

Time your solves, without leaving the terminal

https://npmjs.org/package/cli-cube-timer

20 stars 5 forks source link

Deprecation warnings: updating request@2 to the latest should fix it #33

Open icyflame opened 7 years ago

icyflame commented 7 years ago

Jan-Ka commented 7 years ago

Upgrading the packages with a tool like ncu get's rid of all but one deprecation warning.

It seems that two of the used packages use deprecated "node-uuid" library. Only way to get rid of this is to replace the packages or ignore for now and hope that newer versions will get rid of it.

~/Projects/cli-cube-timer: grep -R "node-uuid"
[...]
node_modules/http-signature/package.json:    "node-uuid": "^1.4.1",
node_modules/request/package.json:    "node-uuid": "~1.4.7",
[...]

However none of these packages are direct dependencies of cli-cube-timer, so maybe best course of action is to actually upgrade the packages and ignore the remaining warnings.

icyflame commented 7 years ago

Okay. So, please read my comments on #41 before reading the following comment. (this won't make sense otherwise, sorry :stuck_out_tongue: )

I just wanted to remove the deprecated package warnings, I am not necessarily interested in upgrading package versions. (A lot of APIs have changed, eg: Some of Sindre Sorhus's packages have all moved to promises whereas they weren't before.)

ncu is a good tool. I might use it on a dependency-by-dependency basis. But doing everything at the same time is not the way to go.

Merging of the three trash modules into one is the main culprit. I don't even see the use of trash in this particular module.

icyflame commented 7 years ago

Okay, I remember now, so actually I removed the trash module. That was the point of v0.8.2

Instead, I started renaming the files and keeping them around anyway. (Through some weird issue, I lost a large set of times. They were backed up in the gist but the pushed.csv file suddenly became empty! I realized it was related to the trashing of times.csv files and a coincidental API error.)

I will check once again to see if there are any deprecated package warnings.

icyflame commented 7 years ago

Updated warnings:

$ npm i
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

> spawn-sync@1.0.15 postinstall /media/siddharth/code/personal-projects/cli-cube-timer/node_modules/spawn-sync
> node postinstall

icyflame commented 7 years ago

Both node-uuid and tough-cookie are dependencies of request@2.72.0. These have probably been fixed in the latest version of request.