Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track and address npm deprecation warnings #2485

Closed
mikeharder opened this issue Apr 25, 2019 · 6 comments
Closed

Track and address npm deprecation warnings #2485

mikeharder opened this issue Apr 25, 2019 · 6 comments
Assignees
@praveenkuttappan
Labels
Central-EngSys This issue is owned by the Engineering System team.
Milestone
[2022] January

Comments

@mikeharder
Copy link
Member

We should have a system to track and address npm deprecation warnings. These warnings are printed from npm install like so:

> cd sdk/template/template && npm install
npm WARN deprecated ms-rest-js@1.0.465: Package has been renamed to @azure/ms-rest-js

https://dev.azure.com/azure-sdk/public/_build/results?buildId=21897&view=logs

One option would be to simply fail the build if we detect npm WARN deprecated in the output of npm install. The upside is PRs will be rejected if they introduce dependencies on deprecated packages. The downside is a package may become deprecated at any time causing builds to suddenly fail. We already use this pattern for npm audit, so doing the same for deprecated packages seems fine.

Another option (which we could also use for npm audit), would be to set continueOnError: true on the audit and warning detection tasks. This would mark the build as "succeeded with issues" (example). The upside is the build would not fail and block PRs. The downside is it's easier to not notice builds which are "succeeding with issues", so we would need some alerting system for this, rather than relying on someone manually noticing.
@mikeharder mikeharder added the EngSys This issue is impacting the engineering system. label Apr 25, 2019
@ramya-rao-a ramya-rao-a added the Central-EngSys This issue is owned by the Engineering System team. label Sep 22, 2020
@KarishmaGhiya
Copy link
Member

KarishmaGhiya commented Sep 22, 2020
edited
Loading

This issue was created before we adopted to use rush - I think the deprecation warnings are no longer shown now - but we need to manually check on the deprecation warnings or security vulnerabilities using these steps now - #9248 cc @praveenkuttappan

@ramya-rao-a ramya-rao-a removed the EngSys This issue is impacting the engineering system. label Nov 19, 2020
@praveenkuttappan praveenkuttappan added this to the [2021] April milestone Feb 22, 2021
@ramya-rao-a ramya-rao-a modified the milestones: [2021] April, [2021] June Mar 25, 2021
@praveenkuttappan
Copy link
Member

Security vulnerabilities reported by CG is fixed manually by weekly rotation person. @ramya-rao-a and I have discussed about adding outdated package list in report and may be we should deprecated list in that report too. But what should be our action item from automation perspective other than adding it to report? Failing scheduled builds if package deprecation warning has not been handled for x number days or weeks?

@mikeharder fyi.

@ramya-rao-a
Copy link
Contributor

But what should be our action item from automation perspective other than adding it to report?

@praveenkuttappan We have chosen to log issues for each package that has a newer major version released and which we have not upgraded to. These will be tracked under the Zenhub epic #17069

For deprecated packages, we can log similar issues.

@ramya-rao-a
Copy link
Contributor

@praveenkuttappan Circling back here, can we have the automation log issues for outdated and deprecated packages?

@praveenkuttappan
Copy link
Member

@ramya-rao-a Let me have a look at this and check if we can automate it.

@ramya-rao-a
Copy link
Contributor

@praveenkuttappan We now have automation logging issues for outdated packages. Does that cover the deprecated ones too?

azure-sdk pushed a commit to openapi-env-test/azure-sdk-for-js that referenced this issue Jul 12, 2022
CodeGen from PR 2485 in test-repo-billy/azure-rest-api-specs
21119e5 
Merge pull request Azure#2485 from test-repo-billy/xiaoxu/multi071201

update common-types
azure-sdk pushed a commit to openapi-env-test/azure-sdk-for-js that referenced this issue Jul 12, 2022
CodeGen from PR 2485 in test-repo-billy/azure-rest-api-specs
47f3aa8 
Merge pull request Azure#2485 from test-repo-billy/xiaoxu/multi071201

update common-types
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@praveenkuttappan praveenkuttappan

Labels
Central-EngSys This issue is owned by the Engineering System team.
Projects
None yet
Milestone
[2022] January
Development

No branches or pull requests
5 participants
@KarishmaGhiya @weshaggard @mikeharder @ramya-rao-a @praveenkuttappan