yarn install fails for gemini

[Macroz]

Hi,

I'm trying out the latest toys. Using yarn to latest gemini from GitHub repo. We use gemini in https://github.com/HSLdevcom/digitransit-ui

Would appreciate eliminating ancient polyfill-service dependency or another solution.

yarn install v0.15.1
info No lockfile found.
[1/4] Resolving packages...
warning polyfill-service > mocha > glob > graceful-fs@2.0.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
warning mocha > glob > minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning polyfill-service > mocha > glob > minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning wd > archiver > glob > minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning mocha > to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warning mocha > jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warning polyfill-service > forever > forever-monitor > minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning polyfill-service > babel-core > line-numbers@0.2.0: Copy its ~20 LOC directly into your code instead.
warning gitbook-cli > npm > request > tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
warning gitbook-cli > npm > lodash.isarray@4.0.0: This package is deprecated. Use Array.isArray.
warning gitbook-cli > npm > node-gyp > minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
[2/4] Fetching packages...
warning lodash@2.4.2: The engine "rhino" appears to be invalid.
warning url@0.7.9: The engine "ender" appears to be invalid.
warning punycode@1.0.0: The engine "rhino" appears to be invalid.
error hawk@0.10.2: The engine "node" is incompatible with this module. Expected version "0.8.x".
error Found incompatible module
info Visit http://yarnpkg.com/en/docs/cli/install for documentation about this command.

[SevInf]

It does seem that yarn handles engines differently than npm. In npm it just a warning, where yarn appears to treat it as engineStrict. Seems like a bug in yarn to me.

As for eliminating dependencies: we need to be able to run client scripts in IE8, so we need a few polyfills for modern APIs. We would gladly accept pull request, that will replace this polyfills with something else.

[hannesj]

@SevInf Is there some reason of depending on a very old version of polyfill-service? It seems the newer versions have updated dependencies.

[SevInf]

@hannesj last time we tried updating, newer version logged a lot of stuff to console without any option to disable it. But looks like the last such log was removed just 8 days ago, so 3.13 will be the version we can update to.