search

vercel / next.js

The React Framework
https://nextjs.org
MIT License
127.22k stars 27.02k forks source link

Deprecation Warning on Installation of packages(inflight@1.0.6, rimraf@3.0.2, glob@7.2.31) #66239

Closed ananduremanan closed 3 months ago

ananduremanan commented 6 months ago

Link to the code that reproduces this issue

https://github.com/ananduremanan/next.js_inflight_deprecation_warning

To Reproduce

Running npx create-next-app@latest and while installing packages.

Current vs. Expected behavior

I had the same experience with sveltekit as well, on installing I got the following warnings

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

the reason why I raised this as bug is because of the text leaks memory in the warning.

Provide environment information

Operating System:
  Platform: win32
  Arch: x64
  Version: Windows 11 Pro
  Available memory (MB): 16109
  Available CPU cores: 12
Binaries:
  Node: 18.18.0
  npm: N/A
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  next: 14.2.3 // Latest available version is detected (14.2.3).
  eslint-config-next: 14.2.3
  react: 18.3.1
  react-dom: 18.3.1
  typescript: 5.4.5
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

create-next-app

Which stage(s) are affected? (Select all that apply)

next dev (local)

Additional context

I ran the following 

D:\parallax>npm why inflight
inflight@1.0.6 dev
node_modules/inflight
  inflight@"^1.0.4" from glob@7.2.3
  node_modules/rimraf/node_modules/glob
    glob@"^7.1.3" from rimraf@3.0.2
    node_modules/rimraf
      rimraf@"^3.0.2" from flat-cache@3.2.0
      node_modules/flat-cache
        flat-cache@"^3.0.4" from file-entry-cache@6.0.1
        node_modules/file-entry-cache
          file-entry-cache@"^6.0.1" from eslint@8.57.0
          node_modules/eslint
            dev eslint@"^8" from the root project
            peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.4.0
            node_modules/@eslint-community/eslint-utils
              @eslint-community/eslint-utils@"^4.2.0" from eslint@8.57.0
            peer eslint@"^8.56.0" from @typescript-eslint/parser@7.2.0
            node_modules/@typescript-eslint/parser
              @typescript-eslint/parser@"^5.4.2 || ^6.0.0 || 7.0.0 - 7.2.0" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^7.23.0 || ^8.0.0" from eslint-config-next@14.2.3
            node_modules/eslint-config-next
              dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"*" from eslint-import-resolver-typescript@3.6.1
            node_modules/eslint-import-resolver-typescript
              eslint-import-resolver-typescript@"^3.5.2" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8" from eslint-plugin-import@2.29.1
            node_modules/eslint-plugin-import
              eslint-plugin-import@"^2.28.1" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
              peer eslint-plugin-import@"*" from eslint-import-resolver-typescript@3.6.1
              node_modules/eslint-import-resolver-typescript
                eslint-import-resolver-typescript@"^3.5.2" from eslint-config-next@14.2.3
                node_modules/eslint-config-next
                  dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3 || ^4 || ^5 || ^6 || ^7 || ^8" from eslint-plugin-jsx-a11y@6.8.0
            node_modules/eslint-plugin-jsx-a11y
              eslint-plugin-jsx-a11y@"^6.7.1" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3 || ^4 || ^5 || ^6 || ^7 || ^8" from eslint-plugin-react@7.34.1
            node_modules/eslint-plugin-react
              eslint-plugin-react@"^7.33.2" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0" from eslint-plugin-react-hooks@4.6.2
            node_modules/eslint-plugin-react-hooks
              eslint-plugin-react-hooks@"^4.5.0 || 5.0.0-canary-7118f5dd7-20230705" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project

I think the error is coming from the glob package.

epulla commented 6 months ago

That's right, the owner of inflight project has archived it on May 22 due to a memory leak issue and lack of future support: https://github.com/isaacs/inflight-DEPRECATED-DO-NOT-USE/issues/5#issuecomment-2126153820.

He's recommended to use something else like lru_cache.

ananduremanan commented 5 months ago

That's right, the owner of inflight project has archived it on May 22 due to a memory leak issue and lack of future support: isaacs/inflight-DEPRECATED-DO-NOT-USE#5 (comment).

He's recommended to use something else like lru_cache.

Inflight have more than 37 million weekly downloads on npm and he just deprecate it like that... 😐

The main reason why I hate JS is this "Dependency Hell"

mattkrins commented 5 months ago

Can file-entry-cache be bumped to a later/latest version? Memory leak issue should be fixed in that.

file-entry-cache > flat-cache > rimraf > glob > inflight

Glob removed inflight as a dependency in v9 https://github.com/isaacs/node-glob/issues/435#issuecomment-1673562165 which has subsequently flowed up to file-entry-cache in later versions.

This would also fix warnings: npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

radio-miskovice commented 5 months ago

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3

19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7.

Not sure if this could ever be cleaned up...

wbt commented 5 months ago

See also https://github.com/vercel/next.js/issues/66413

skagedal commented 5 months ago

A direct dependency of eslint-config-next is eslint-plugin-react-hooks. A minimal way to reproduce this is to go to an empty directory and do npm i -D eslint-plugin-react-hooks. You will get the above warnings:

❯ npm i -D eslint-plugin-react-hooks@latest
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

added 100 packages in 7s

23 packages are looking for funding
  run `npm fund` for details

This being with eslint-plugin-react-hooks 4.6.2, as of today the latest released version.

However, if you instead use the canary release:

❯ npm i -D eslint-plugin-react-hooks@canary

added 90 packages in 3s

22 packages are looking for funding
  run `npm fund` for details

No warnings! (version 5.1.0-rc-cc1ec60d0d-20240607).

So hopefully, there should be a release of this which eslint-config-next can depend on and then at least one path to this deprecated module is closed.

skagedal commented 5 months ago

I also raised this issue for eslint.

wkd-kapsule commented 5 months ago

I'm not sure to follow. Is there a solution to fix this or is it being taken care of? My production builds have been failing for a week now due to that issue.

mattkrins commented 5 months ago

I'm not sure to follow. Is there a solution to fix this or is it being taken care of? My production builds have been failing for a week now due to that issue.

It's bad practice but you can temporarily fix the error by forcing a newer version of glob in your package.json using an override. For example:

  "overrides": {
    "glob": "9.0.0"
  }

But this is far from ideal and should be removed once the glob update has flowed upstream to file-entry-cache.

ebosetalee commented 5 months ago

@mattkrins @kapsule-studio I think it best to override rimraf since v4xx removed glob thus removing inflight

"overrides": {
    "rimraf": "^4.0.0"
  }
Zafkiel45 commented 5 months ago

Do you have any predictions as to when this will be resolved?

I create a new project in Next.js version: 14.2.4 and show this warn: 

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
ebosetalee commented 5 months ago

@Zafkiel45 the deprecated error from @humanwhocode is eslint. You need to upgrade the version to 9xx or 8.57 https://eslint.org/docs/latest/use/migrate-to-9.0.0#drop-old-node or you can follow this blog to migration better https://www.raulmelo.me/en/blog/migration-eslint-to-flat-config or this https://github.com/eslint/eslint/discussions/18207

MalahimHaseeb commented 5 months ago

i also currently facing the same issue.Will react owners resolve it ?? or i should do ?

DanielNoonan commented 5 months ago

npx create-next-app currently installing version 8 of esLint. Current version of eslint is 9.5. Has anyone tried updating eslint to 9.5 to see if this fixes the issue?

xlr8nur commented 4 months ago

temporary solution

"overrides": { "glob": "9.0.0", "rimraf": "^4.0.0" }

aipages commented 4 months ago

Is there a temporary solution?

Edit by maintainer bot: Comment was automatically minimized because it was considered unhelpful. (If you think this was by mistake, let us know). Please only comment if it adds context to the issue. If you want to express that you have the same problem, use the upvote 👍 on the issue description or subscribe to the issue for updates. Thanks!

xlr8nur commented 4 months ago

Temporary solution

"overrides": { "glob": "9.0.0", "rimraf": "^4.0.0" }

On Fri, 19 Jul 2024, 03:42 Nico, @.***> wrote:

Is there a temporary solution?

— Reply to this email directly, view it on GitHub https://github.com/vercel/next.js/issues/66239#issuecomment-2237818186, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXGVDP7RFNGOGVEZKXUEW4LZNBOI3AVCNFSM6AAAAABIK3D5AWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZXHAYTQMJYGY . You are receiving this because you commented.Message ID: <vercel/next. @.***>

isasmendiagus commented 4 months ago

Waiting a solution as well

hzhang20902 commented 4 months ago

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3

19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7.

Not sure if this could ever be cleaned up...

I'm guessing most of these if not all are maintained by contributors and not any kind of permanent team. I wanna start contributing to opensource and I'm knowledgeable enough to update packages and deps in package-locks, I figured this could be a good way to dip my toes and get started.

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

Zafkiel45 commented 4 months ago

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3 19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7. Not sure if this could ever be cleaned up...

I'm guessing most of these if not all are maintained by contributors and not any kind of permanent team. I wanna start contributing to opensource and I'm knowledgeable enough to update packages and deps in package-locks, I figured this could be a good way to dip my toes and get started.

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

The question was not for me, but I feel that I can help with your doubt.

You can create a fork of the project, and after making your changes, perform a pull request. The repository maintainers will do a code review, and if they decide to accept, then their changes will be merged into the original project timeline.

The problem in question, is that some like Eslint, is just outdated in the dependencies of Next.js and some others have been decripped (discontinued projects)

hzhang20902 commented 4 months ago

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

The question was not for me, but I feel that I can help with your doubt.

You can create a fork of the project, and after making your changes, perform a pull request. The repository maintainers will do a code review, and if they decide to accept, then their changes will be merged into the original project timeline.

The problem in question, is that some like Eslint, is just outdated in the dependencies of Next.js and some others have been decripped (discontinued projects)

Cool, thanks for the answer. and I see, yea this is quite messy

ijjk commented 3 months ago

Hi, looking over this thread I don't see any specific actions we can take on our end yet to immediately resolve these dependencies in the tree as we don't control ESLint or the similar dependencies that are causing the nested dependencies to be pulled in.

We are working towards ESLint v9 support although there is need for the related rules/plugins to catch up for full support/migration there as well.

I'm gonna close this specific item out as unactionable on our end but follow the ESLint v9 threads for tracking on that front! https://github.com/vercel/next.js/issues/64409

github-actions[bot] commented 3 months ago

This closed issue has been automatically locked because it had no new activity for 2 weeks. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.