npm warnings on 'npm install' when building Docker img

[willfurnass]

Seen with commit c85f328b9d51362d834f80edb36e25380b78aabf (dev branch):

npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated

[griff-rees]

None of these are direct dependencies, so we'd need to figure out which are being pulled in by what: https://github.com/pydanny/cookiecutter-django/blob/master/%7B%7Bcookiecutter.project_slug%7D%7D/package.json

[cmoralesmx]

Hello, regarding the packages listed, I found the following.

I could not locate commit c85f328, so analyzing the code at commit 1dd6e1a
produces the following dependency tree.

reprohack_hub@0.1.0 /app
+-- gulp@4.0.2
| +-- glob-watcher@5.0.5
| | +-- chokidar@2.1.8    <<
| | | +-- UNMET OPTIONAL DEPENDENCY fsevents@^1.2.7    <<
| | +-- anymatch@2.0.0
| | | +-- micromatch@3.1.10
| | | | +-- snapdragon@0.8.2
| | | | | | +-- source-map-resolve@0.5.3
| | | | | | +-- resolve-url@0.2.1    <<
| | | | | | `-- urix@0.1.0    <<
+-- gulp-sass@4.1.0
| +-- node-sass@4.14.1
| | +-- node-gyp@3.8.0
| | | +-- request@2.88.2 deduped    <<
| | +-- request@2.88.2    <<
| | | +-- har-validator@5.1.5    <<
+-- browser-sync@2.26.13
| +-- chokidar@3.4.3
| | +-- UNMET OPTIONAL DEPENDENCY fsevents@~2.1.2    <<

Note: only those packages depending on the offending packages are show here. Also,
fsevents@1.2.13 was not found but other versions are listed as optional dependencies for some packages.

I hope this helps.

[willfurnass]

@cmoralesmx Thanks. Looks like we'll need to move to using a newer fsevents.

BTW, apologies for the confusion re commit refs in recent Issues; things will be simpler after we get to the point where we can tag the first release!

[griff-rees]

Thanks @cmoralesmx ! I've tried updating the more straightforward ones in dab52f5. There are actually a number of other libraries that will be added to package.json so we can at least keep track of updates. These are in the javascript (and some of the css) portions of the base template: https://github.com/reprohack/reprohack_site/blob/master/reprohack_hub/templates/base.html

For context: the package.json is derived from https://github.com/pydanny/cookiecutter-django/blob/master/%7B%7Bcookiecutter.project_slug%7D%7D/package.json

A classic example of the harder cases is popper.js https://popper.js.org/docs/v2/migration-guide/ Currently version 1 is still required for bootstrap (and concerns of supporting IE 11) twbs/bootstrap#29842 so I think we're stuck on that.

So: those warnings are kind of expected at the moment. I've update some of these but I fear we're a bit further down stream on these issues. @willfurnass or @annakrystalli should we put this as a won't fix until those libraries are fixed?