Yarn dependencies outdated

Hey guys,

Seem to be getting a lot of warnings when running yarn on a fresh Sage install. Not to mention the node-sass dependency needing manually bumping every time as it doesn’t work with my OS. Any tips?

warning browser-sync > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning browser-sync > chokidar > [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning browser-sync > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > [email protected]: https://github.com/lydell/resolve-url#deprecated
warning browser-sync > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > [email protected]: Please see https://github.com/lydell/urix#deprecated
warning browsersync-webpack-plugin > bs-html-injector > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning browsersync-webpack-plugin > bs-html-injector > jsdom > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning buble-loader > webpack > watchpack > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning buble-loader > webpack > watchpack > chokidar > [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning copy-globs-webpack-plugin > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning css-loader > cssnano > autoprefixer > [email protected]: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > [email protected]: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > caniuse-api > [email protected]: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning eslint > file-entry-cache > flat-cache > [email protected]: CircularJSON is in maintenance only, flatted is its successor.
warning [email protected]: Deprecated. Please use https://github.com/webpack-contrib/mini-css-extract-plugin
warning imagemin-mozjpeg > mozjpeg > bin-wrapper > download > gulp-decompress > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning imagemin-webpack-plugin > babel-runtime > [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
warning node-sass > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning node-sass > node-gyp > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning resolve-url-loader > [email protected]: Please see https://github.com/lydell/urix#deprecated
warning resolve-url-loader > rework > css > [email protected]: Please see https://github.com/lydell/urix#deprecated
warning stylelint > autoprefixer > [email protected]: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.

The david tool is very useful.
npm offers the npm ls subcommand that lists a tree with subdependencies (not sure whether yarn also supports this now).

Don’t run Sage on node 14.

We use node 10.

Why not? Explanation would be helpful!

I’ve actually reversed that question. For me, it’s “why update?”

We’re using Sage 9. I’m pretty sure that when Sage 9 was developed, node 10 was new. So the dependencies it has were all built on node 10 (or a close revision).

As far as I can tell there’s little benefit in using greater node levels. Upgrading node often means updating many dependencies and subdependencies. Trying to keep all these deps and their interrelated dependencies working together is a lot of work and might break Sage, and as far as I can tell offers limited no or benefit.

I do upgrade deps when required. Sometimes deps will throw a warning — compatibility warning, security warning, etc — and I’ll upgrade that dep. Sometimes I find a depency has a known performance issue and I’ll bump that specific one. Otherwise, if it the system works and Sage is relatively performant, I don’t see a compelling reason to burn dev hours trying to keep everything to its absolute latest revision.

It’s kinda the same reason I don’t often upgrade my Mac OS. I know doing so will break some dev tools and I don’t want that hassle. Instead every 3-4 years or so, when I get a new MacBook, I get the latest OS and totally retool my system. For my biggest clients I’ll probably stay on Sage 9/node 10 for 4-5 years; at that point the site likely needs a total redesign anyway and I’ll base that on Sage 10/node xx.

Hey how would you do this? I tried uninstalling nodejs but the package doesn’t exist in ubuntu. I think it is inside of yarn

Node isn’t in yarn, node is part of your environment like PHP.

In my case I use Lando for my local environmnet, so I specify the node version in my landofile.

  theme:
    type: node:10

If you don’t use Lando you can install a different version of node using the command line, or else use a node switcher app.