Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Deprecation Warning on Installation of packages(inflight@1.0.6, rimraf@3.0.2, glob@7.2.31) #66239

Closed
ananduremanan opened this issue May 27, 2024 · 23 comments
Closed

Deprecation Warning on Installation of packages(inflight@1.0.6, rimraf@3.0.2, glob@7.2.31) #66239

ananduremanan opened this issue May 27, 2024 · 23 comments
Labels
bug Issue was opened via the bug report template. create-next-app Related to our CLI tool for quickly starting a new Next.js application. linear: next Confirmed issue that is tracked by the Next.js team. locked

Comments

@ananduremanan
Copy link

Link to the code that reproduces this issue

https://github.com/ananduremanan/next.js_inflight_deprecation_warning

To Reproduce

Running npx create-next-app@latest and while installing packages.

Current vs. Expected behavior

I had the same experience with sveltekit as well, on installing I got the following warnings

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

the reason why I raised this as bug is because of the text leaks memory in the warning.

Provide environment information

Operating System:
  Platform: win32
  Arch: x64
  Version: Windows 11 Pro
  Available memory (MB): 16109
  Available CPU cores: 12
Binaries:
  Node: 18.18.0
  npm: N/A
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  next: 14.2.3 // Latest available version is detected (14.2.3).
  eslint-config-next: 14.2.3
  react: 18.3.1
  react-dom: 18.3.1
  typescript: 5.4.5
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

create-next-app

Which stage(s) are affected? (Select all that apply)

next dev (local)

Additional context

I ran the following

D:\parallax>npm why inflight
inflight@1.0.6 dev
node_modules/inflight
  inflight@"^1.0.4" from glob@7.2.3
  node_modules/rimraf/node_modules/glob
    glob@"^7.1.3" from rimraf@3.0.2
    node_modules/rimraf
      rimraf@"^3.0.2" from flat-cache@3.2.0
      node_modules/flat-cache
        flat-cache@"^3.0.4" from file-entry-cache@6.0.1
        node_modules/file-entry-cache
          file-entry-cache@"^6.0.1" from eslint@8.57.0
          node_modules/eslint
            dev eslint@"^8" from the root project
            peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.4.0
            node_modules/@eslint-community/eslint-utils
              @eslint-community/eslint-utils@"^4.2.0" from eslint@8.57.0
            peer eslint@"^8.56.0" from @typescript-eslint/parser@7.2.0
            node_modules/@typescript-eslint/parser
              @typescript-eslint/parser@"^5.4.2 || ^6.0.0 || 7.0.0 - 7.2.0" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^7.23.0 || ^8.0.0" from eslint-config-next@14.2.3
            node_modules/eslint-config-next
              dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"*" from eslint-import-resolver-typescript@3.6.1
            node_modules/eslint-import-resolver-typescript
              eslint-import-resolver-typescript@"^3.5.2" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8" from eslint-plugin-import@2.29.1
            node_modules/eslint-plugin-import
              eslint-plugin-import@"^2.28.1" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
              peer eslint-plugin-import@"*" from eslint-import-resolver-typescript@3.6.1
              node_modules/eslint-import-resolver-typescript
                eslint-import-resolver-typescript@"^3.5.2" from eslint-config-next@14.2.3
                node_modules/eslint-config-next
                  dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3 || ^4 || ^5 || ^6 || ^7 || ^8" from eslint-plugin-jsx-a11y@6.8.0
            node_modules/eslint-plugin-jsx-a11y
              eslint-plugin-jsx-a11y@"^6.7.1" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3 || ^4 || ^5 || ^6 || ^7 || ^8" from eslint-plugin-react@7.34.1
            node_modules/eslint-plugin-react
              eslint-plugin-react@"^7.33.2" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project
            peer eslint@"^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0" from eslint-plugin-react-hooks@4.6.2
            node_modules/eslint-plugin-react-hooks
              eslint-plugin-react-hooks@"^4.5.0 || 5.0.0-canary-7118f5dd7-20230705" from eslint-config-next@14.2.3
              node_modules/eslint-config-next
                dev eslint-config-next@"14.2.3" from the root project

I think the error is coming from the glob package.
@ananduremanan ananduremanan added the bug Issue was opened via the bug report template. label May 27, 2024
@github-actions github-actions bot added the create-next-app Related to our CLI tool for quickly starting a new Next.js application. label May 27, 2024
@ananduremanan ananduremanan changed the title eprecation Warning on Installation of packages(inflight@1.0.6, rimraf@3.0.2, glob@7.2.31) Deprecation Warning on Installation of packages(inflight@1.0.6, rimraf@3.0.2, glob@7.2.31) May 27, 2024
@epulla
Copy link

epulla commented May 27, 2024
edited
Loading

That's right, the owner of inflight project has archived it on May 22 due to a memory leak issue and lack of future support: isaacs/inflight-DEPRECATED-DO-NOT-USE#5 (comment).

He's recommended to use something else like lru_cache.

@ananduremanan
Copy link
Author

ananduremanan commented May 28, 2024
edited
Loading

That's right, the owner of inflight project has archived it on May 22 due to a memory leak issue and lack of future support: isaacs/inflight-DEPRECATED-DO-NOT-USE#5 (comment).

He's recommended to use something else like lru_cache.

Inflight have more than 37 million weekly downloads on npm and he just deprecate it like that... 😐

The main reason why I hate JS is this "Dependency Hell"

@mattkrins
Copy link

mattkrins commented May 29, 2024
edited
Loading

Can file-entry-cache be bumped to a later/latest version? Memory leak issue should be fixed in that.

file-entry-cache > flat-cache > rimraf > glob > inflight

Glob removed inflight as a dependency in v9 isaacs/node-glob#435 (comment) which has subsequently flowed up to file-entry-cache in later versions.

This would also fix warnings:
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

@radio-miskovice
Copy link

radio-miskovice commented Jun 1, 2024
edited
Loading

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3

19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7.

Not sure if this could ever be cleaned up...

@wbt
Copy link

wbt commented Jun 3, 2024

See also #66413

@skagedal
Copy link

skagedal commented Jun 8, 2024

A direct dependency of eslint-config-next is eslint-plugin-react-hooks. A minimal way to reproduce this is to go to an empty directory and do npm i -D eslint-plugin-react-hooks. You will get the above warnings:

❯ npm i -D eslint-plugin-react-hooks@latest
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

added 100 packages in 7s

23 packages are looking for funding
  run `npm fund` for details

This being with eslint-plugin-react-hooks 4.6.2, as of today the latest released version.

However, if you instead use the canary release:

❯ npm i -D eslint-plugin-react-hooks@canary

added 90 packages in 3s

22 packages are looking for funding
  run `npm fund` for details

No warnings! (version 5.1.0-rc-cc1ec60d0d-20240607).

So hopefully, there should be a release of this which eslint-config-next can depend on and then at least one path to this deprecated module is closed.

@skagedal
Copy link

skagedal commented Jun 9, 2024

I also raised this issue for eslint.

@wkd-kapsule
Copy link

I'm not sure to follow. Is there a solution to fix this or is it being taken care of? My production builds have been failing for a week now due to that issue.

@mattkrins
Copy link

I'm not sure to follow. Is there a solution to fix this or is it being taken care of? My production builds have been failing for a week now due to that issue.

It's bad practice but you can temporarily fix the error by forcing a newer version of glob in your package.json using an override. For example:

  "overrides": {
    "glob": "9.0.0"
  }

But this is far from ideal and should be removed once the glob update has flowed upstream to file-entry-cache.

@ebosetalee
Copy link

@mattkrins @kapsule-studio I think it best to override rimraf since v4xx removed glob thus removing inflight

"overrides": {
    "rimraf": "^4.0.0"
  }

@Zafkiel45
Copy link

Do you have any predictions as to when this will be resolved?

I create a new project in Next.js version: 14.2.4 and show this warn:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead

@ebosetalee
Copy link

ebosetalee commented Jun 24, 2024
edited
Loading

@Zafkiel45 the deprecated error from @humanwhocode is eslint. You need to upgrade the version to 9xx or 8.57 https://eslint.org/docs/latest/use/migrate-to-9.0.0#drop-old-node or you can follow this blog to migration better https://www.raulmelo.me/en/blog/migration-eslint-to-flat-config or this eslint/eslint#18207

@MalahimHaseeb
Copy link

i also currently facing the same issue.Will react owners resolve it ?? or i should do ?

@DanielNoonan
Copy link

npx create-next-app currently installing version 8 of esLint. Current version of eslint is 9.5. Has anyone tried updating eslint to 9.5 to see if this fixes the issue?

@github-actions github-actions bot added the linear: next Confirmed issue that is tracked by the Next.js team. label Jul 15, 2024
@xlr8nur
Copy link

xlr8nur commented Jul 16, 2024
edited
Loading

_temporary solution _

"overrides": {
"glob": "9.0.0",
"rimraf": "^4.0.0"
}

@aipages

This comment has been minimized.

# to view
@xlr8nur
Copy link

xlr8nur commented Jul 19, 2024 via email

@isasmendiagus
Copy link

Waiting a solution as well

@hzhang20902
Copy link

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3

19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7.

Not sure if this could ever be cleaned up...

I'm guessing most of these if not all are maintained by contributors and not any kind of permanent team. I wanna start contributing to opensource and I'm knowledgeable enough to update packages and deps in package-locks, I figured this could be a good way to dip my toes and get started.

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

@Zafkiel45
Copy link

eslint@9.0.0 contains the offending dependency on file-entry-cache, but there are some other packages depending explicitly on glob^7.x.x: ajv (6.12.6), rimraf (2.7.1) and sorcery (0.11.0). And postcss-selector-parser@6.1.0 depends on glob@^8.0.3
19 other packages depend on rimraf, versions vary: ^2.2.8 (glob, graceful-fs), ^2.5.0 (isexe, dir-glob), ^2.5.2 (sander), ^2.6.2 (which), ^3.0.0 (cross-spawn, readdirp, chokidar), ^3.0.2 (aria-query, axobject-query, globby), ^5.0.0, ^5.0.1, ^5.0.5, ^5.0.7.
Not sure if this could ever be cleaned up...

I'm guessing most of these if not all are maintained by contributors and not any kind of permanent team. I wanna start contributing to opensource and I'm knowledgeable enough to update packages and deps in package-locks, I figured this could be a good way to dip my toes and get started.

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

The question was not for me, but I feel that I can help with your doubt.

You can create a fork of the project, and after making your changes, perform a pull request. The repository maintainers will do a code review, and if they decide to accept, then their changes will be merged into the original project timeline.

The problem in question, is that some like Eslint, is just outdated in the dependencies of Next.js and some others have been decripped (discontinued projects)

@hzhang20902
Copy link

Would I just need to go to the repos, fork them, make changes and then do a pull request? I know this was pretty random but your comment seems like you're pretty knowledgeable about this stuff so I figured I'd ask

The question was not for me, but I feel that I can help with your doubt.

You can create a fork of the project, and after making your changes, perform a pull request. The repository maintainers will do a code review, and if they decide to accept, then their changes will be merged into the original project timeline.

The problem in question, is that some like Eslint, is just outdated in the dependencies of Next.js and some others have been decripped (discontinued projects)

Cool, thanks for the answer. and I see, yea this is quite messy

@ijjk
Copy link
Member

ijjk commented Jul 29, 2024

Hi, looking over this thread I don't see any specific actions we can take on our end yet to immediately resolve these dependencies in the tree as we don't control ESLint or the similar dependencies that are causing the nested dependencies to be pulled in.

We are working towards ESLint v9 support although there is need for the related rules/plugins to catch up for full support/migration there as well.

I'm gonna close this specific item out as unactionable on our end but follow the ESLint v9 threads for tracking on that front! #64409

@ijjk ijjk closed this as completed Jul 29, 2024
@Speyedr Speyedr mentioned this issue Jul 31, 2024
Open
Speyedr added a commit to viziou/viziou that referenced this issue Jul 31, 2024
@Speyedr
Remove inflight@1.0.6 dependency due to deprecation and supposed me…
a10c446 
…mory leak warning by forcing `rimraf` update. This was an actively developing issue until yesterday, see here: vercel/next.js#66239

Also fixes `rimraf` and `glob` deprecation warnings (both of these are probably due to having to migrate from `inflight` lol)
Speyedr added a commit to viziou/viziou that referenced this issue Jul 31, 2024
@Speyedr
packages.json housekeeping, module override hack to remove deprecat…
4a9c1dd 
…ed `inflight` dependancy (#35)

* Remove `inflight@1.0.6` dependency due to deprecation and supposed memory leak warning by forcing `rimraf` update. This was an actively developing issue until yesterday, see here: vercel/next.js#66239

Also fixes `rimraf` and `glob` deprecation warnings (both of these are probably due to having to migrate from `inflight` lol)

* Updated package name, we're still 0.0.0 indev though
@github-actions GitHub Actions
Copy link
Contributor

This closed issue has been automatically locked because it had no new activity for 2 weeks. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 13, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
bug Issue was opened via the bug report template. create-next-app Related to our CLI tool for quickly starting a new Next.js application. linear: next Confirmed issue that is tracked by the Next.js team. locked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests