search

max-mapper / nugget

minimalist wget clone written in node. HTTP GET files and downloads them into the current directory
BSD 3-Clause "New" or "Revised" License
168 stars 30 forks source link

Request to upgrade dependency - progress-stream #23

Open Brahmasmi opened 7 years ago

Brahmasmi commented 7 years ago

Could you please upgrade progress-stream dependency to 2.0.0?

I ask this because while installing electron (latest stable, 1.6.2), yarn emits the following warning:

warning electron > electron-download > nugget > progress-stream > through2 > xtend > object-keys@0.4.0

On further investigation, this seems to be happening because object-keys@0.4.0 seems to be deprecated. Checking through the transitive dependencies, progress-stream till 1.2.0 has an old dependency on through2. In 1.2.1, progress-stream has upgraded its dependencies, which removes the deprecated object-keys. For some unknown reason, 1.2.1 has not been published in npm. Only the 2.0.0 version has been published, which incidentally does not seem to have any difference with 1.2.1.

Thanks.

pzrq commented 7 years ago

I've unpublished 1.2.1 [of progress-stream] and published as 2.0.0 instead.

https://github.com/freeall/progress-stream/pull/24#issuecomment-293197482

Brahmasmi commented 7 years ago

@pzrq Could you please elaborate on your comment? I ask this because I have a hard time understanding the semver concept and the warnings that they entail. I am a bit surprised that the API surfaces change so rapidly for so many of these dependencies.

If you think that there is nothing for nugget to do here, please let me know. I will close this issue. If nugget should still update its dependency on progress-stream, I will let this issue remain open. Thanks.

pzrq commented 7 years ago

@Brahmasmi Semver and the NodeJS implementation node-semver will hopefully help you there, as may re-reading the full PR https://github.com/freeall/progress-stream/pull/24 in light of the above.

To me, it looks like the root is Streams2 vs Streams3 https://github.com/freeall/progress-stream/pull/24#issuecomment-293194429 , i.e. https://github.com/rvagg/through2/compare/0.2.0...v2.0.0#diff-b9cfc7f2cdf78a7f4b91a753d10865a2R23 which corresponds to https://github.com/nodejs/readable-stream/compare/v1.0.2...v2.0.0 which does look like two years of changes:

This package is a mirror of the Streams2 and Streams3 implementations in Node-core.

That leads me to the following Stack Overflow: https://stackoverflow.com/questions/21538812/what-is-streams3-in-node-js-and-how-does-it-differ-from-streams2

For me and electron at least, this particular npm install warning has gone away (sorry I have no idea why, this upstream issue in npm sheds the most light, but still appears insufficient to explain everything as I am still seeing other transitive npm install warnings in other projects).

Nevertheless, in general the authors of nugget, perhaps @maxogden or others on the collaborators.md list should upgrade progress-stream and release a new version of nugget, but that is technical debt that tends to accrue in projects over time.

So @Brahmasmi, I'd leave the issue open at least until an author weighs in with their opinion.