Closed kaby76 closed 5 months ago
That's a pretty new warning. Saw this the first time today in a project of mine where I upgraded dependencies. I didn't investigate further, but I'm pretty sure it's coming from a 4th party dependency and it looks like the warning was added in a point release of that, so it was pulled in automatically. You can run npm list --depth=10
(maybe direct the output to a file) to see where glob is used by one of the 3rd or 4th party modules.
antlr-format-cli@1.2.5 C:\Users\Kenne\AppData\Roaming\npm\node_modules\antlr-format-cli
├─┬ @readme/better-ajv-errors@1.6.0
│ ├─┬ @babel/code-frame@7.24.6
│ │ ├─┬ @babel/highlight@7.24.6
│ │ │ ├── @babel/helper-validator-identifier@7.24.6
│ │ │ ├─┬ chalk@2.4.2
│ │ │ │ ├─┬ ansi-styles@3.2.1
│ │ │ │ │ └─┬ color-convert@1.9.3
│ │ │ │ │ └── color-name@1.1.3
│ │ │ │ ├── escape-string-regexp@1.0.5
│ │ │ │ └─┬ supports-color@5.5.0
│ │ │ │ └── has-flag@3.0.0
│ │ │ ├── js-tokens@4.0.0
│ │ │ └── picocolors@1.0.1 deduped
│ │ └── picocolors@1.0.1
│ ├─┬ @babel/runtime@7.24.6
│ │ └── regenerator-runtime@0.14.1
│ ├── @humanwhocodes/momoa@2.0.4
│ ├── ajv@8.12.0 deduped
│ ├─┬ chalk@4.1.2
│ │ ├─┬ ansi-styles@4.3.0
│ │ │ └─┬ color-convert@2.0.1
│ │ │ └── color-name@1.1.4
│ │ └─┬ supports-color@7.2.0
│ │ └── has-flag@4.0.0
│ ├─┬ json-to-ast@2.1.0
│ │ ├── code-error-fragment@0.0.230
│ │ └── grapheme-splitter@1.0.4
│ ├── jsonpointer@5.0.1
│ └── leven@3.1.0
├─┬ ajv@8.12.0
│ ├── fast-deep-equal@3.1.3
│ ├── json-schema-traverse@1.0.0
│ ├── require-from-string@2.0.2
│ └─┬ uri-js@4.4.1
│ └── punycode@2.3.1
├─┬ antlr4ng@3.0.4
│ └── antlr4ng-cli@2.0.0
├── commander@12.0.0
├─┬ glob@10.3.10
│ ├─┬ foreground-child@3.1.1
│ │ ├─┬ cross-spawn@7.0.3
│ │ │ ├── path-key@3.1.1
│ │ │ ├─┬ shebang-command@2.0.0
│ │ │ │ └── shebang-regex@3.0.0
│ │ │ └─┬ which@2.0.2
│ │ │ └── isexe@2.0.0
│ │ └── signal-exit@4.1.0
│ ├─┬ jackspeak@2.3.6
│ │ ├─┬ @isaacs/cliui@8.0.2
│ │ │ ├─┬ string-width-cjs@npm:string-width@4.2.3
│ │ │ │ ├── emoji-regex@8.0.0
│ │ │ │ ├── is-fullwidth-code-point@3.0.0
│ │ │ │ └─┬ strip-ansi@6.0.1
│ │ │ │ └── ansi-regex@5.0.1
│ │ │ ├─┬ string-width@5.1.2
│ │ │ │ ├── eastasianwidth@0.2.0
│ │ │ │ ├── emoji-regex@9.2.2
│ │ │ │ └── strip-ansi@7.1.0 deduped
│ │ │ ├─┬ strip-ansi-cjs@npm:strip-ansi@6.0.1
│ │ │ │ └── ansi-regex@5.0.1
│ │ │ ├─┬ strip-ansi@7.1.0
│ │ │ │ └── ansi-regex@6.0.1
│ │ │ ├─┬ wrap-ansi-cjs@npm:wrap-ansi@7.0.0
│ │ │ │ ├── ansi-styles@4.3.0 deduped
│ │ │ │ ├─┬ string-width@4.2.3
│ │ │ │ │ ├── emoji-regex@8.0.0
│ │ │ │ │ ├── is-fullwidth-code-point@3.0.0 deduped
│ │ │ │ │ └── strip-ansi@6.0.1 deduped
│ │ │ │ └─┬ strip-ansi@6.0.1
│ │ │ │ └── ansi-regex@5.0.1
│ │ │ └─┬ wrap-ansi@8.1.0
│ │ │ ├── ansi-styles@6.2.1
│ │ │ ├── string-width@5.1.2 deduped
│ │ │ └── strip-ansi@7.1.0 deduped
│ │ └── @pkgjs/parseargs@0.11.0
│ ├─┬ minimatch@9.0.4
│ │ └─┬ brace-expansion@2.0.1
│ │ └── balanced-match@1.0.2
│ ├── minipass@7.1.2
│ └─┬ path-scurry@1.11.1
│ ├── lru-cache@10.2.2
│ └── minipass@7.1.2 deduped
└─┬ ts-json-schema-generator@1.5.0
├── @types/json-schema@7.0.15
├── commander@11.1.0
├─┬ glob@8.1.0
│ ├── fs.realpath@1.0.0
│ ├─┬ inflight@1.0.6
│ │ ├── once@1.4.0 deduped
│ │ └── wrappy@1.0.2
│ ├── inherits@2.0.4
│ ├─┬ minimatch@5.1.6
│ │ └── brace-expansion@2.0.1 deduped
│ └─┬ once@1.4.0
│ └── wrappy@1.0.2 deduped
├── json5@2.2.3
├── normalize-path@3.0.0
├── safe-stable-stringify@2.4.3
└── typescript@5.3.3
Looks like gob@8.1.0
. but we also see glob@10.3.10
. Version 8.1.0 comes from ts-json-schema-generator@1.5.0
, but there's a newer version json-schema-generator@2.2.0
. Update this?? https://github.com/mike-lischke/antlr-format/blob/59ae436cac9addfc17804df820c123e5e0cd6905/cli/package.json#L39
I have upgraded all dependencies and see no warning anymore.
Sorry, could you publish the updated antlr-format (or is it antlr-format-cli, or both) in npmjs.org? I still see the issue when I type npm i -g --save-dev antlr-format-cli
on my Windows box, and it is still in the builds in grammars-v4 (https://github.com/antlr/grammars-v4/actions/runs/9346564460/job/25721678203#step:15:34). Thanks.
Why's that warning a problem for you? And why can't the package read its own package.json file there?
I don't know why using deprecated packages is an issue. People generally use out-of-date software all the time. The originating issue was here: https://github.com/antlr/grammars-v4/issues/4120
If I install specific versions of the command-line tool globally, then try to antlr-format *.g4
, I get this:
06/03-07:51:42 ~/issues/g4-current/abb
$ npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm WARN skipping integrity check for git dependency ssh://git@github.com/mike-lischke/antlr-format.git
added 2 packages, and changed 1 package in 5s
06/03-07:51:56 ~/issues/g4-current/abb
$ npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
added 2 packages, and changed 1 package in 6s
06/03-07:52:11 ~/issues/g4-current/abb
$ which antlr-format
/c/Users/kenne/AppData/Roaming/npm/antlr-format
06/03-07:52:15 ~/issues/g4-current/abb
$ ls
abbLexer.g4 abbParser.g4 desc.xml examples/ Generated-CSharp/ pom.xml readme.txt
06/03-07:52:20 ~/issues/g4-current/abb
$ antlr-format *.g4
Error reading package.json file: ENOENT: no such file or directory, open 'C:\msys64\home\Kenne\issues\g4-current\abb\package.json'
06/03-07:52:25 ~/issues/g4-current/abb
$
Yes, the npm i
for the specific git commit got rid of the warnings for deprecated packages, but then antlr-format command-line tool no longer works for me as it is expecting a package.json file locally in the directory containing the .g4 files.
I can then work around the work around with this:
06/03-08:00:26 ~/issues/g4-current/abb
$ npm i --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
up to date, audited 4 packages in 5s
found 0 vulnerabilities
06/03-08:00:35 ~/issues/g4-current/abb
$ antlr-format *.g4
antlr-format, processing options...
formatting 2 file(s)...
done [63 ms]
06/03-08:00:40 ~/issues/g4-current/abb
$ ls
abbLexer.g4 desc.xml Generated-CSharp/ package.json pom.xml
abbParser.g4 examples/ node_modules/ package-lock.json readme.txt
06/03-08:00:42 ~/issues/g4-current/abb
$ git clean -f .
Removing package.json
06/03-08:00:51 ~/issues/g4-current/abb
$ ls
abbLexer.g4 abbParser.g4 desc.xml examples/ Generated-CSharp/ node_modules/ package-lock.json pom.xml readme.txt
06/03-08:00:58 ~/issues/g4-current/abb
$ rm -rf node_modules/
06/03-08:01:04 ~/issues/g4-current/abb
$
I will then need to delete the package.json and node_modules/ directory as I do not want to add package.json to all 353 grammars in grammars-v4. So, I can write a Bash script to do all this:
$ bash ../_scripts/the-real-antlr-format.sh *.g4
+ npm i -g --save-dev https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c
npm WARN skipping integrity check for git dependency ssh://git@github.com/mike-lischke/antlr-format.git
added 2 packages, and changed 1 package in 4s
+ npm i -g --save-dev https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c
added 2 packages, and changed 1 package in 6s
+ npm i --save-dev https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c
added 3 packages in 13s
+ antlr-format abbLexer.g4 abbParser.g4
antlr-format, processing options...
formatting 2 file(s)...
done [65 ms]
+ rm -rf package.json node_modules/
06/03-08:16:44 ~/issues/g4-current/abb
$ cat ../_scripts/the-real-antlr-format.sh
#
set -x
npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm i --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
antlr-format "$@"
rm -rf package.json node_modules/
06/03-08:16:58 ~/issues/g4-current/abb
$
There's probably a better way to achieve this but I'm not sure.
The json file path is relative to the importing script, so even if you change the current workdir (e.g. to the grammar) it should still find the JSON file next to itself. But the cli tool is a bundle, maybe that plays a role? I need to find time to investigate that problem.
I released a new version of the CLI tool. Hope that solves all this.
Works perfect! Thanks for the update!
I did a
npm i -g --save-dev antlr-format-cli
and got this: