Yarn dependencies outdated

Matthew_Luke · April 28, 2020, 3:22pm

Hey guys,

Seem to be getting a lot of warnings when running yarn on a fresh Sage install. Not to mention the node-sass dependency needing manually bumping every time as it doesn’t work with my OS. Any tips?

warning browser-sync > chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning browser-sync > chokidar > fsevents@1.2.12: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning browser-sync > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning browser-sync > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning browsersync-webpack-plugin > bs-html-injector > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning browsersync-webpack-plugin > bs-html-injector > jsdom > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning buble-loader > webpack > watchpack > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning buble-loader > webpack > watchpack > chokidar > fsevents@1.2.12: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning copy-globs-webpack-plugin > chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning css-loader > cssnano > autoprefixer > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > caniuse-api > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning eslint > file-entry-cache > flat-cache > circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
warning extract-text-webpack-plugin@3.0.2: Deprecated. Please use https://github.com/webpack-contrib/mini-css-extract-plugin
warning imagemin-mozjpeg > mozjpeg > bin-wrapper > download > gulp-decompress > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning imagemin-webpack-plugin > babel-runtime > core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
warning node-sass > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning node-sass > node-gyp > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning resolve-url-loader > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning resolve-url-loader > rework > css > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning stylelint > autoprefixer > browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.

strarsis · April 28, 2020, 3:30pm

The david tool is very useful.
npm offers the npm ls subcommand that lists a tree with subdependencies (not sure whether yarn also supports this now).

slam · May 4, 2020, 2:23am

Don’t run Sage on node 14.

We use node 10.

Matthew_Luke · May 4, 2020, 6:40am

Why not? Explanation would be helpful!

slam · May 4, 2020, 1:51pm

I’ve actually reversed that question. For me, it’s “why update?”

We’re using Sage 9. I’m pretty sure that when Sage 9 was developed, node 10 was new. So the dependencies it has were all built on node 10 (or a close revision).

As far as I can tell there’s little benefit in using greater node levels. Upgrading node often means updating many dependencies and subdependencies. Trying to keep all these deps and their interrelated dependencies working together is a lot of work and might break Sage, and as far as I can tell offers limited no or benefit.

I do upgrade deps when required. Sometimes deps will throw a warning — compatibility warning, security warning, etc — and I’ll upgrade that dep. Sometimes I find a depency has a known performance issue and I’ll bump that specific one. Otherwise, if it the system works and Sage is relatively performant, I don’t see a compelling reason to burn dev hours trying to keep everything to its absolute latest revision.

It’s kinda the same reason I don’t often upgrade my Mac OS. I know doing so will break some dev tools and I don’t want that hassle. Instead every 3-4 years or so, when I get a new MacBook, I get the latest OS and totally retool my system. For my biggest clients I’ll probably stay on Sage 9/node 10 for 4-5 years; at that point the site likely needs a total redesign anyway and I’ll base that on Sage 10/node xx.

Alejandro_Nieto · May 28, 2020, 11:43pm

Hey how would you do this? I tried uninstalling nodejs but the package doesn’t exist in ubuntu. I think it is inside of yarn

slam · May 29, 2020, 3:14am

Node isn’t in yarn, node is part of your environment like PHP.

In my case I use Lando for my local environmnet, so I specify the node version in my landofile.

  theme:
    type: node:10

If you don’t use Lando you can install a different version of node using the command line, or else use a node switcher app.

system · June 9, 2020, 3:22pm

This topic was automatically closed after 42 days. New replies are no longer allowed.