Summary
Hello,
My project has "@storybook/cli": "^10.3.3" in its package.json. I did a fresh npm install after removing both package-lock.json and node_modules, and I am getting the following warnings about dependencies that are either not supported anymore, leaking memory, or containing vulnerabilities:
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
so I did a npm list -a to inspect the tree and see which dependencies of my project are importing inflight@1.0.6, rimraf@2.6.3, and glob@7.2.3.
It turns out that:
inflight@1.0.6 is imported by glob@7.2.3glob@7.2.3 is imported by rimraf@2.6.3rimraf@2.6.3 is imported by temp@0.8.4temp@0.8.4 is imported by jscodeshift@0.15.2- and finally,
jscodeshift@0.15.2 is imported by @storybook/cli@10.3.3.
So it seems that the fact that @storybook/cli@10.3.3 imports jscodeshift@0.15.2 is the root cause of the warnings.
The latest version of jscodeshift does not import temp anymore, which can be seen here in the current package.json of jscodeshift: https://github.com/facebook/jscodeshift/blob/main/package.json
So, do you plan upgrading your dependency on jscodeshift to the latest version, which could potentially fix all these issues at once?
Additional information
No response
Create a reproduction
No response
Originally posted by @robin-bourgeon-eficia in #34437
Summary
Hello,
My project has
"@storybook/cli": "^10.3.3"in itspackage.json. I did a freshnpm installafter removing bothpackage-lock.jsonandnode_modules, and I am getting the following warnings about dependencies that are either not supported anymore, leaking memory, or containing vulnerabilities:so I did a
npm list -ato inspect the tree and see which dependencies of my project are importinginflight@1.0.6,rimraf@2.6.3, andglob@7.2.3.It turns out that:
inflight@1.0.6is imported byglob@7.2.3glob@7.2.3is imported byrimraf@2.6.3rimraf@2.6.3is imported bytemp@0.8.4temp@0.8.4is imported byjscodeshift@0.15.2jscodeshift@0.15.2is imported by@storybook/cli@10.3.3.So it seems that the fact that
@storybook/cli@10.3.3importsjscodeshift@0.15.2is the root cause of the warnings.The latest version of
jscodeshiftdoes not importtempanymore, which can be seen here in the currentpackage.jsonofjscodeshift: https://github.com/facebook/jscodeshift/blob/main/package.jsonSo, do you plan upgrading your dependency on
jscodeshiftto the latest version, which could potentially fix all these issues at once?Additional information
No response
Create a reproduction
No response
Originally posted by @robin-bourgeon-eficia in #34437