Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request’s Past, Present and Future #3142

Open
mikeal opened this issue Mar 30, 2019 · 413 comments
Open

Request’s Past, Present and Future #3142

mikeal opened this issue Mar 30, 2019 · 413 comments
Labels
neverstale

Comments

@mikeal
Copy link
Member

@mikeal mikeal commented Mar 30, 2019
edited
Loading

Before I go into the details and reasoning I’ll get straight to the point. The most valuable thing request can do for the JavaScript ecosystem is to go into maintenance mode and stop considering new features or major releases.

Apologies in advance to the other committers on request that have been doing their best to improve it, but it’s for the best.

2009

The first version of request was one of the first modules ever created for the Node.js ecosystem. The earliest versions were written to APIs that pre-date the standard callback interface, streams, node_modules and npm. For the first few years, request and Node.js evolved together, each learning from the other. As Node.js improved and migrated core interfaces so did request. As request adopted changes to the core http library and streams it also informed improvements like the pipe event (which enabled request’s one line proxy) and one of Core http’s many re-writes (the one I had to write).

npm

request was one of the first modules added to the npm registry. As npm grew so did dependence on request. Even now, when npm is used far more for front-end than back-end work, request remains one of the most depended on modules in the registry. As I write this, 41K modules depend on request and it is downloaded 14 million times a week.

The place request has in the Node.js ecosystem is no longer one of an innovator but of an incumbent. If you Google for how to do something with HTTP in Node.js the examples are likely to show request as the client and express as the server. This has two notably bad effects.

It’s much harder for new libraries accomplishing similar tasks to gain adoption because of the incumbent position request holds over the ecosystem. It’s also very hard to change request in any meaningful way as the change not only may not be adopted by the majority of its dependents but it would put it out of alignment with the thousands of blog posts and stack overflow responses that use request.

Modern JavaScript

The last few years have been dramatic ones in JavaScript. Features people had talked about for years went from ideas, to standards, to features you can reliably depend on in most environments. The speed at which these have been adopted is staggering, mostly thanks to auto-updating browsers and an aggressive Node.js release schedule.

The patterns at the core of request are out of date. A few people might argue with that assessment, and I know who they are so I won’t be surprised, but it’s true. I have often been skeptical of the impact some of these features would have only to find myself adopting them wholesale not long after they are available in only the latest release of Node.js.

There’s a transition happening now in the ecosystem to these patterns. How messy that will be is still up in the air and I’m not going to try and read the tea leafs and figure out what the future looks like in that regard. The question for request is “Do we try to survive through that transition?” A year ago, I thought the answer was obvious and that we would, but now I’m convinced of the opposite.

A version of request written to truly embrace these new language patterns is, effectively, a new module. I’ve explored this space a bit already and have a project I’m quite happy with but it is incompatible with request in every conceivable way. What’s the value in a version of request that is incompatible with the old patterns yet not fully embracing the new ones? What’s the point in being partially compatible when there’s a whole world of new modules, written by new developers, that are re-thinking these problems with these patterns in mind?

The best thing for these new modules is for request to slowly fade away, eventually becoming just another memory of that legacy stack. Taking the position request has now and leveraging it for a bigger share of the next generation of developers would be a disservice to those developers as it would drive them away from better modules that don’t have the burden of request’s history.

Maintenance Mode

Here’s the plan.

  • request will stop accepting new features.
  • request will stop considering breaking changes.
  • The committers that are still active will try to merge fixes in a timely fashion, no promises though.
  • Releases will be fully automated, any merge into master will be published. I’ve already built this for some other projects using GitHub Actions.
    • We’re going to have to remove inactive collaborators and enforce 2fa, because commit rights will effectively become npm publish rights.
@reconbot
Copy link
Contributor

@reconbot reconbot commented Mar 30, 2019

I fully support this, I think a warning message and/or deprecating new releases is in order.

As for the change in process and guidelines, it makes my job a lot easier 👌

Loading

@simov
Copy link
Member

@simov simov commented Mar 31, 2019

Very well said @mikeal. I'm pinning this issue to gain more visibility.

Loading

@simov simov pinned this issue Mar 31, 2019
@reconbot
Copy link
Contributor

@reconbot reconbot commented Mar 31, 2019
edited
Loading

Things we might do - please discuss and volunteer!

  • update readme with current state of project
  • update ci publishing pipeline @mikeal
  • provide a doc with some guidance on request alternatives #3143
  • add a warning message on install of the package to use another package and reference the doc
  • pick a date to stop support (I vote 6 months, but 12 is probably friendlier)
  • close all feature requests and feature prs
  • review and merge relevant bug fixes
  • add github issue and pr templates explaining that features wont be merged
  • deprecate the next major version (3.x) so project’s in active maintenance get a warning but older projects continue as usual

Loading

@shiftkey shiftkey mentioned this issue Mar 31, 2019
Closed
@stevenvachon stevenvachon mentioned this issue Mar 31, 2019
Closed
@stevenvachon stevenvachon mentioned this issue Mar 31, 2019
Closed
@stevenvachon stevenvachon mentioned this issue Mar 31, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Open
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
3 tasks
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
3 tasks
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@jaydson jaydson mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
3 tasks
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
3 tasks
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
3 tasks
@reconbot reconbot mentioned this issue Apr 1, 2019
Closed
@analog-nico
Copy link
Member

@analog-nico analog-nico commented Apr 1, 2019

It makes a lot of sense! I will slowly adopt this policy for the request-promise family as well. Cheers to your important contributions to the node ecosystem!

Loading

@DanielRuf DanielRuf mentioned this issue Apr 1, 2019
Closed
shr-project added a commit to shr-project/meta-webosose that referenced this issue Nov 26, 2021
@shr-project
iotivity-node=0
4d132b2 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
shr-project added a commit to shr-project/meta-webosose that referenced this issue Nov 26, 2021
@shr-project
iotivity-node=0
5117e71 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
@CarJu CarJu mentioned this issue Nov 27, 2021
Open
lenorx referenced this issue in lbryio/lbry-sdk Nov 27, 2021
@jackrobison
move test_transaction_commands, test_internal_transaction_api , and t…
b2922d1 
…est_transactions into their own runner

-move test_resolve_command to its own runner
@SebCanet SebCanet mentioned this issue Nov 27, 2021
Closed
shr-project added a commit to shr-project/meta-webosose that referenced this issue Nov 27, 2021
@shr-project
iotivity-node=0
f629997 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
@golddermax golddermax mentioned this issue Nov 27, 2021
Closed
@Willkyz Willkyz mentioned this issue Nov 28, 2021
Closed
@EBalmer EBalmer mentioned this issue Nov 29, 2021
Open
@tiramon tiramon mentioned this issue Nov 29, 2021
Closed
shr-project added a commit to shr-project/meta-webosose that referenced this issue Nov 29, 2021
@shr-project
iotivity-node=0
aeb54ad 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
@ValAug ValAug mentioned this issue Nov 29, 2021
Open
QuickMythril added a commit to QuickMythril/UI that referenced this issue Nov 30, 2021
@QuickMythril
sass replaced node-sass
bfb3213 
this resolves the following build warnings:

warning node-sass > request@2.88.2: request has been deprecated, see request/request#3142
warning node-sass > node-gyp > request@2.88.2: request has been deprecated, see request/request#3142
warning node-sass > request > har-validator@5.1.5: this library is no longer supported
warning node-sass > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
@MFredX MFredX mentioned this issue Nov 30, 2021
Open
@mnorelli mnorelli mentioned this issue Dec 1, 2021
Open
@RopoMen RopoMen mentioned this issue Dec 1, 2021
Open
shr-project added a commit to shr-project/meta-webosose that referenced this issue Dec 1, 2021
@shr-project
iotivity-node=0
d685886 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
@ACHildebrand ACHildebrand mentioned this issue Dec 1, 2021
Closed
3 tasks
@mikolajekpawlak mikolajekpawlak mentioned this issue Dec 2, 2021
Open
2 tasks
@nunoguedelha nunoguedelha mentioned this issue Dec 2, 2021
Open
shr-project added a commit to shr-project/meta-webosose that referenced this issue Dec 2, 2021
@shr-project
iotivity-node=0
b76f889 
:Release Notes:
Not maintained at least since 2019:
intel/iotivity-node@e9c9d75

:Detailed Notes:
Fails to build with nodejs-16:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-istanbul@0.7.2',
npm WARN EBADENGINE   required: { node: '~0.12.0' },
npm WARN EBADENGINE   current: { node: 'v16.11.1', npm: '8.0.0' }
npm WARN EBADENGINE }
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated chokidar@1.6.1: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated har-validator@2.0.6: this library is no longer supported
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated uuid@2.0.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated request@2.79.0: request has been deprecated, see request/request#3142
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated qunitjs@2.4.1: 2.4.1 is the last version where QUnit will be published as 'qunitjs'. To receive future updates, you will need to change the package name to 'qunit'.
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm notice
npm notice New minor version of npm available! 8.0.0 -> 8.1.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.1>
npm notice Run `npm install -g npm@8.1.1` to update!
npm notice
npm ERR! Cannot convert undefined or null to object

iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/npm_cache/_logs/2021-10-26T12_55_50_564Z-debug.log shows:
...
4317 timing metavuln:cache:get:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 2ms
4318 timing metavuln:load:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 1ms
4319 timing metavuln:cache:put:security-advisory:snapdragon:j24phmz85HNSAE6FvXGrP+0S+41ieF8s2OJqBi6XFCV/KlcpQQpWveSWkzxIi+OOz2e+wYO2juTGtNUNzoGhJw== Completed in 17ms
4320 timing metavuln:calculate:security-advisory:snapdragon:uNFm/9SWmRgB9gLRD4VGq4VQ5FOPCHwWXQKxGXaC3T+ietRH5qmMoI3ywLjJr5K4tAEQU7UZMrCIBlg7BaYCFw== Completed in 20ms
4321 timing metavuln:cache:get:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 1ms
4322 timing metavuln:load:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 1ms
4323 timing metavuln:cache:put:security-advisory:micromatch:6Fml4tYlx3dptqZDgBlSut0ySn+/H9lvCjx+n1SeNalohb5DXL3ZBJkECOGoOIIrIQw2ZbWXnuQtxHYOsOAWVA== Completed in 20ms
4324 timing metavuln:calculate:security-advisory:micromatch:LrdxKX+foyUAL4XmpSSSGpQE5G0HIzBFsjl7ehjAlj2fZlhn8XXxCBx4fhzP6FsXo0tsFfuRcLcrpVy1Iu8cYQ== Completed in 24ms
4325 timing metavuln:cache:get:security-advisory:iot-js-api:LW6p12Fj+5SNzMxj2EeJ+jKDJUur+lMVJVfKA0zp/SdEoYsB9ec7LHOsbBqoTtn4zyREtW2KXexLBjvlPOsFqw== Completed in 2ms
4326 http fetch GET 200 https://registry.npmjs.org/iot-js-api 167ms (cache miss)
4327 timing metavuln:packument:iot-js-api Completed in 167ms
4328 verbose stack TypeError: Cannot convert undefined or null to object
4328 verbose stack     at Function.keys (<anonymous>)
4328 verbose stack     at Advisory.load (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:102:33)
4328 verbose stack     at Calculator.[calculate] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:59:14)
4328 verbose stack     at async Promise.all (index 0)
4328 verbose stack     at async Map.[init] (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:192:7)
4328 verbose stack     at async Map.run (/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:110:7)
4329 verbose cwd /jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/git
4330 verbose Linux 5.4.0-80-generic
4331 verbose argv "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sysroot-native/usr/bin/node" "/jenkins/mjansa/build/webos/kirkstone/BUILD/work/qemux86-webos-linux/iotivity-node/1.3.1+gitAUTOINC+c6aab8e612-r7/recipe-sys
root-native/usr/bin/npm" "update"
4332 verbose node v16.11.1
4333 verbose npm  v8.0.0
4334 error Cannot convert undefined or null to object
4335 verbose exit 1

:Testing Performed:
Only build tested.

:QA Notes:
No change to image.

:Issues Addressed:
[WRN-9458] NPM registry should be accessed over https now
[WRN-9820] Create GPVB with Yocto 3.5 Kirkstone
@rimjhim07 rimjhim07 mentioned this issue Dec 3, 2021
Closed
@taekou taekou mentioned this issue Dec 3, 2021
Closed
@RochelleLong RochelleLong mentioned this issue Dec 4, 2021
Closed
6 tasks
@prk2331 prk2331 mentioned this issue Dec 4, 2021
Closed
@eronnes eronnes mentioned this issue Dec 4, 2021
Closed
@markg85 markg85 mentioned this issue Dec 6, 2021
Open
@mc-jones mc-jones mentioned this issue Dec 8, 2021
Open
@zjinh zjinh mentioned this issue Dec 9, 2021
Closed
@maheshmobile maheshmobile mentioned this issue Dec 9, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
neverstale
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet