Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecated dependencies of tmp not updated #29693

Closed
MikeMcC399 opened this issue Jun 17, 2024 · 5 comments · Fixed by #29696
Closed

deprecated dependencies of tmp not updated #29693

MikeMcC399 opened this issue Jun 17, 2024 · 5 comments · Fixed by #29696
Labels
process: dependencies Related to internal dependencies

Comments

@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Jun 17, 2024
edited
Loading

Current behavior

Installations of Cypress with an older package manager lockfile may be left with deprecated dependency versions [email protected], [email protected], [email protected] even after updating to the latest version of Cypress.

Desired behavior

If Cypress is updated to cypress@latest, in a configuration with an older lockfile, then the deprecated dependencies [email protected], [email protected], [email protected] should no longer be part of the configuration, just the same as if a clean installation of cypress@latest were done.

Test code to reproduce

npm install pnpm@latest -g

git clone https://github.com/cypress-io/github-action
cd github-action
git checkout 5dd0f39db75b15eb7782ea9f1b08edf3def5e7b2 # Status June 17, 2024
cd examples/basic-pnpm
pnpm add [email protected] --save-dev

Cypress Version

13.11.0

Node version

v20.14.0 LTS

Operating System

Ubuntu 22.04.4 LTS

Debug Logs

$ pnpm add [email protected] --save-dev
 WARN  3 deprecated subdependencies found: [email protected], [email protected], [email protected]
Packages: +179
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Progress: resolved 179, reused 179, downloaded 0, added 179, done

devDependencies:
+ cypress 13.11.0

$ pnpm why inflight
Legend: production dependency, optional only, dev only

[email protected] C:\Users\mikem\github\cypress-io\github-action\examples\basic-pnpm

devDependencies:
cypress 13.11.0
└─┬ tmp 0.2.1
  └─┬ rimraf 3.0.2
    └─┬ glob 7.2.3
      └── inflight 1.0.6

$ npm show [email protected]

[email protected] | ISC | deps: 1 | versions: 77
A deep deletion module for node (like `rm -rf`)
https://github.com/isaacs/rimraf#readme

DEPRECATED ⚠️  - Rimraf versions prior to v4 are no longer supported

[email protected]` is configured for tmp@~0.2.1 released 4 years ago

cypress/cli/package.json

Line 62 in 7827656

"tmp": "~0.2.1",

Other

pnpm version

9.4.0

Dependency information

$ npm show [email protected] dependencies
{ rimraf: '^3.0.0' }

$ npm show [email protected] dependencies
{ rimraf: '^5.0.5' }

$ npm show [email protected] dependencies
{}

Suggestion

bump dependency to tmp@~0.2.3 in cli/package.json. This would bring older installations of Cypress inline with fresh installations.
@MikeMcC399

This comment was marked as resolved.

Sign in to view
@MikeMcC399 MikeMcC399 mentioned this issue Jun 18, 2024
Merged
@MikeMcC399
Copy link
Contributor Author

@MikeMcC399
Copy link
Contributor Author

The issue applies to package managers:

  • npm
  • pnpm
  • Yarn Classic
  • Yarn Modern

however only pnpm reports the deprecated dependencies. Other package managers silently allow the old [email protected] to remain, since this still satisfies the Cypress requirement "tmp": "~0.2.1".

@jennifer-shehane jennifer-shehane added the process: dependencies Related to internal dependencies label Jun 18, 2024
@MikeMcC399
Copy link
Contributor Author

Confirmed fixed.

Verification

On Ubuntu 22.04.4 LTS, Node.js v20.15.0, pnpm 9.4.0

npm install pnpm@latest -g
git clone https://github.com/cypress-io/github-action
cd github-action/examples/basic-pnpm
pnpm install
pnpm add https://cdn.cypress.io/beta/npm/13.12.1/linux-x64/develop-54127e3c61f6b3ffd949c1f1deed32e81d6d3b93/cypress.tgz -D
$ pnpm add https://cdn.cypress.io/beta/npm/13.12.1/linux-x64/develop-54127e3c61f6b3ffd949c1f1deed32e81d6d3b93/cypress.tgz -D
 WARN  3 deprecated subdependencies found: [email protected], [email protected], [email protected]
Packages: +2 -12
++------------
Progress: resolved 181, reused 180, downloaded 1, added 2, done
node_modules/.pnpm/cypress@https+++cdn.cypress.io+beta+npm+13.12.1+linux-x64+develop-54127e3c61f6b3ffd949c1f1deed32e81d6d3b93+cypresnode_modules/.pnpm/cypress@https+++cdn.cypress.io+beta+npm+13.12.1+linux-x64+develop-54127e3c61f6b3ffd949c1f1deed32e81d6d3b93+cypress.tgz/node_modules/cypress: Running postinstall script, done in 56.7s

devDependencies:
- cypress 13.12.0
+ cypress 13.12.1

$ pnpm add https://cdn.cypress.io/beta/npm/13.12.1/linux-x64/develop-54127e3c61f6b3ffd949c1f1deed32e81d6d3b93/cypress.tgz -D
Packages: +169
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Progress: resolved 169, reused 169, downloaded 0, added 169, done

devDependencies:
+ cypress 13.12.1

$ pnpm why tmp
Legend: production dependency, optional only, dev only

devDependencies:
cypress 13.12.1
└── tmp 0.2.3

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jul 1, 2024

Released in 13.13.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v13.13.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Jul 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
process: dependencies Related to internal dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dependency: update tmp to 0.2.3 MikeMcC399/cypress
2 participants
@jennifer-shehane @MikeMcC399