Resolve package conflicts and errors

[aaronzshey]

Here's a list of npm warns:

npm warn ERESOLVE overriding peer dependency
npm warn While resolving: react-inspector@5.1.1
npm warn Found: react@18.2.0
npm warn node_modules/react
npm warn   dev react@"^18.2.0" from the root project
npm warn   44 more (@design-systems/utils, ...)
npm warn
npm warn Could not resolve dependency:
npm warn peer react@"^16.8.4 || ^17.0.0" from react-inspector@5.1.1
npm warn node_modules/@storybook/addon-actions/node_modules/react-inspector
npm warn   react-inspector@"^5.1.0" from @storybook/addon-actions@6.5.9
npm warn   node_modules/@storybook/addon-actions
npm warn
npm warn Conflicting peer dependency: react@17.0.2
npm warn node_modules/react
npm warn   peer react@"^16.8.4 || ^17.0.0" from react-inspector@5.1.1
npm warn   node_modules/@storybook/addon-actions/node_modules/react-inspector
npm warn     react-inspector@"^5.1.0" from @storybook/addon-actions@6.5.9
npm warn     node_modules/@storybook/addon-actions
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: @mdx-js/react@1.6.22
npm warn Found: react@18.2.0
npm warn node_modules/react
npm warn   dev react@"^18.2.0" from the root project
npm warn   44 more (@design-systems/utils, ...)
npm warn
npm warn Could not resolve dependency:
npm warn peer react@"^16.13.1 || ^17.0.0" from @mdx-js/react@1.6.22
npm warn node_modules/@storybook/addon-docs/node_modules/@mdx-js/react
npm warn   @mdx-js/react@"^1.6.22" from @storybook/addon-docs@6.5.9
npm warn   node_modules/@storybook/addon-docs
npm warn
npm warn Conflicting peer dependency: react@17.0.2
npm warn node_modules/react
npm warn   peer react@"^16.13.1 || ^17.0.0" from @mdx-js/react@1.6.22
npm warn   node_modules/@storybook/addon-docs/node_modules/@mdx-js/react
npm warn     @mdx-js/react@"^1.6.22" from @storybook/addon-docs@6.5.9
npm warn     node_modules/@storybook/addon-docs
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: react-element-to-jsx-string@14.3.4
npm warn Found: react@18.2.0
npm warn node_modules/react
npm warn   dev react@"^18.2.0" from the root project
npm warn   44 more (@design-systems/utils, ...)
npm warn
npm warn Could not resolve dependency:
npm warn peer react@"^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1" from react-element-to-jsx-string@14.3.4
npm warn node_modules/@storybook/react/node_modules/react-element-to-jsx-string
npm warn   react-element-to-jsx-string@"^14.3.4" from @storybook/react@6.5.9
npm warn   node_modules/@storybook/react
npm warn
npm warn Conflicting peer dependency: react@17.0.2
npm warn node_modules/react
npm warn   peer react@"^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1" from react-element-to-jsx-string@14.3.4
npm warn   node_modules/@storybook/react/node_modules/react-element-to-jsx-string
npm warn     react-element-to-jsx-string@"^14.3.4" from @storybook/react@6.5.9
npm warn     node_modules/@storybook/react
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: react-element-to-jsx-string@14.3.4
npm warn Found: react-dom@18.2.0
npm warn node_modules/react-dom
npm warn   dev react-dom@"^18.2.0" from the root project
npm warn   34 more (@design-systems/utils, @storybook/addon-actions, ...)
npm warn
npm warn Could not resolve dependency:
npm warn peer react-dom@"^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1" from react-element-to-jsx-string@14.3.4
npm warn node_modules/@storybook/react/node_modules/react-element-to-jsx-string
npm warn   react-element-to-jsx-string@"^14.3.4" from @storybook/react@6.5.9
npm warn   node_modules/@storybook/react
npm warn
npm warn Conflicting peer dependency: react-dom@17.0.2
npm warn node_modules/react-dom
npm warn   peer react-dom@"^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1" from react-element-to-jsx-string@14.3.4
npm warn   node_modules/@storybook/react/node_modules/react-element-to-jsx-string
npm warn     react-element-to-jsx-string@"^14.3.4" from @storybook/react@6.5.9
npm warn     node_modules/@storybook/react
npm warn deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm warn deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm warn deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm warn deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm warn deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm warn deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm warn deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm warn deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm warn deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm warn deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm warn deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

Time to get cracking!

[aaronzshey]

Following #3, here's the new npm audit output:

 npm audit
# npm audit report

babel-traverse  *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
No fix available
node_modules/babel-traverse
  babel-core  5.8.20 - 7.0.0-beta.3
  Depends on vulnerable versions of babel-helpers
  Depends on vulnerable versions of babel-register
  Depends on vulnerable versions of babel-template
  Depends on vulnerable versions of babel-traverse
  Depends on vulnerable versions of json5
  node_modules/babel-core
    babel-cli  *
    Depends on vulnerable versions of babel-core
    Depends on vulnerable versions of babel-register
    Depends on vulnerable versions of chokidar
    node_modules/babel-cli
    babel-register  *
    Depends on vulnerable versions of babel-core
    node_modules/babel-register
  babel-template  *
  Depends on vulnerable versions of babel-traverse
  node_modules/babel-template
    babel-helpers  *
    Depends on vulnerable versions of babel-template
    node_modules/babel-helpers

braces  <=3.0.2
Severity: high
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
No fix available
node_modules/chokidar/node_modules/braces
node_modules/readdirp/node_modules/braces
  micromatch  0.2.0 - 3.1.10
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of braces
  node_modules/chokidar/node_modules/micromatch
  node_modules/readdirp/node_modules/micromatch
    anymatch  1.2.0 - 1.3.2
    Depends on vulnerable versions of micromatch
    node_modules/chokidar/node_modules/anymatch
      chokidar  1.3.0 - 1.7.0
      Depends on vulnerable versions of anymatch
      node_modules/chokidar
    readdirp  2.2.0 - 2.2.1
    Depends on vulnerable versions of micromatch
    node_modules/readdirp

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
No fix available
node_modules/babel-core/node_modules/json5

12 vulnerabilities (2 low, 6 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

[aaronzshey]

It seems like all the issues stemmed from Babel. In #3 I selected "SWC" as the new tool, so after deleting babel dependencies they should be gone.

[aaronzshey]

New npm install reveals these warns:

npm warn deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm warn deprecated source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm warn deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.

[aaronzshey]

> npm outdated
Package                    Current  Wanted   Latest  Location                                Depended by
@testing-library/jest-dom   5.17.0  5.17.0    6.4.8  node_modules/@testing-library/jest-dom  react-hexgrid
@testing-library/react      13.3.0  13.3.0   16.0.0  node_modules/@testing-library/react     react-hexgrid
@types/jest                 28.1.8  28.1.8  29.5.12  node_modules/@types/jest                react-hexgrid
fsevents                    1.2.13  1.2.13    2.3.3  node_modules/fsevents                   react-hexgrid
jest                        28.1.3  28.1.3   29.7.0  node_modules/jest                       react-hexgrid
jest-environment-jsdom      28.1.3  28.1.3   29.7.0  node_modules/jest-environment-jsdom     react-hexgrid
react-use                   17.4.0  17.4.0   17.5.1  node_modules/react-use                  react-hexgrid
ts-jest                     28.0.8  28.0.8   29.2.3  node_modules/ts-jest                    react-hexgrid
typescript                   4.9.5   4.9.5    5.5.4  node_modules/typescript                 react-hexgrid

[aaronzshey]

#5

[aaronzshey]

following #6:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated domexception@4.0.0: Use your platform's native DOMException instead

[aaronzshey]

rimraf, glob, and inflight come from:

jest 29 - jest 30 will bump the various uses of rimraf and glob
react-docgen-typescript-plugin > preset-react-webpack > react-webpack-5 : uses an outdated version of flat-cache, which depends on the offending version of inflight. I've submitted a pull request to the project.

[aaronzshey]

abab and domexception are no longer used in jsdom 24. However, upcoming jest-environment-jsdom 30 depends on jsdom 22, which still uses abab and domexception. I'll open an issue - I'll make a pull request later.

[aaronzshey]

related:
react-docgen: #93, #95
jest: #15217

[aaronzshey]

We'll have to wait for jest and react-docgen to upgrade. In the mean time, these install errors only appear when installing dev dependencies and don't affect the product.