yarn install warnings & errors Rev 3 #34
Description
Situation
Attempting to install dependencies with Yarn succeeds and outputs warnings and deprecations. There are currently no vulnerability reported. See Logs below.
Environment
| Component | Version |
|---|---|
| Windows | 11, 24H2 |
| Node.js | 22.17.1 LTS |
| Yarn | 1.22.22 |
| Python | 3.13.5 |
| Visual Studio | Community 2022 - 17.14.9 |
| Desktop development with C++ |
Steps to reproduce
git clone https://github.com/cypress-io/get-windows-proxy
cd get-windows-proxy
git clean -xfd # if repeating
# rm -rf .git/hooks # if updating local copy from a previous version
yarnLogs
$ yarn
yarn install v1.22.22
info No lockfile found.
[1/4] Resolving packages...
warning @cypress/eslint-plugin-dev > shelljs > glob@7.2.3: Glob versions prior to v9 are no longer supported
warning @cypress/eslint-plugin-dev > shelljs > glob > inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
warning dependency-check@4.1.0: dependency-check has been deprecated in favor of the knip module
warning dependency-check > read-package-json@2.1.2: This package is no longer supported. Please use @npmcli/package-json instead.
warning dependency-check > read-package-json > glob@7.2.3: Glob versions prior to v9 are no longer supported
warning dependency-check > globby > glob@7.2.3: Glob versions prior to v9 are no longer supported
warning dependency-check > globby > @types/glob > @types/minimatch@6.0.0: This is a stub types definition. minimatch provides its own type definitions, so you do not need this installed.
warning eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
warning eslint > @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
warning eslint > @humanwhocodes/config-array > @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
warning eslint > file-entry-cache > flat-cache > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
warning eslint > file-entry-cache > flat-cache > rimraf > glob@7.2.3: Glob versions prior to v9 are no longer supported
warning eslint-plugin-json-format > sort-package-json > globby > glob@7.2.3: Glob versions prior to v9 are no longer supported
warning license-checker > read-installed@4.0.3: This package is no longer supported.
warning license-checker > read-installed > read-package-json@2.1.2: This package is no longer supported. Please use @npmcli/package-json instead.
warning license-checker > nopt > osenv@0.1.5: This package is no longer supported.
warning license-checker > read-installed > readdir-scoped-modules@1.1.0: This functionality has been moved to @npmcli/fs
warning license-checker > read-installed > debuglog@1.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
warning license-checker > read-installed > readdir-scoped-modules > debuglog@1.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
warning prettier-eslint-cli > eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
warning prettier-eslint-cli > @prettier/eslint > eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
warning sinon > @sinonjs/samsam > lodash.get@4.4.2: This package is deprecated. Use the optional chaining (?.) operator instead.
warning registry-js > prebuild-install > npmlog@4.1.2: This package is no longer supported.
warning registry-js > prebuild-install > npmlog > gauge@2.7.4: This package is no longer supported.
warning registry-js > prebuild-install > npmlog > are-we-there-yet@1.1.7: This package is no longer supported.
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning " > @cypress/eslint-plugin-dev@6.0.0" has unmet peer dependency "@babel/eslint-parser@^7.0.0".
warning " > @cypress/eslint-plugin-dev@6.0.0" has unmet peer dependency "@typescript-eslint/eslint-plugin@>= 7.0.0".
warning " > @cypress/eslint-plugin-dev@6.0.0" has unmet peer dependency "@typescript-eslint/parser@>= 7.0.0".
warning " > @cypress/eslint-plugin-dev@6.0.0" has unmet peer dependency "eslint-plugin-import@>= 2.0.0".
warning " > @cypress/eslint-plugin-dev@6.0.0" has unmet peer dependency "eslint-plugin-react@>= 7.22.0".
warning "prettier-eslint-cli > @prettier/eslint > @typescript-eslint/parser > @typescript-eslint/typescript-estree > ts-api-utils@1.4.3" has unmet peer dependency "typescript@>=4.2.0".
warning Workspaces can only be enabled in private projects.
[4/4] Building fresh packages...
success Saved lockfile.
Done in 26.04s.
Assessment
optionalDependencies
| Warning | Implication |
|---|---|
| registry-js@1.16.1 | uses old prebuild-install@^5.3.5 versions - see desktop/registry-js#287 |
devDependencies
| Warning | Implication |
|---|---|
| @cypress/eslint-plugin-dev | The dependency needs updating by the Cypress.io team or linting would need to be configured standalone |
| dependency-check@4.1.0 | dependency-check has been deprecated in favor of the knip module. See also cypress-io/cypress#30117 |
| eslint@8.57.1 | eslint 9 is needed. See above |
| eslint | See above |
| eslint-plugin-json-format | unmaintained repo. See comments in cypress-io/cypress#30386 |
| license-checker | unmaintained repo. Last published in 2019. Should probably be removed |
| prettier-eslint-cli | See ESLint above |
| sinon | sinon > @sinonjs/samsam > lodash.get@4.4.2 - open issue under https://github.com/sinonjs/samsam/issues |
| ESLint | unmet peer dependencies - see ESLint above |
dependencies
only debug is listed in dependencies, and this does not appear in warnings at this time.
Background
Yarn is used in .circleci/config.yml with yarn install and yarn test
Recommendation
Refresh Renovate configuration and otherwise regularly monitor dependency status.