Inventory of dependencies in UI5 tooling
swaldmann opened this issue · 4 comments
Is your feature request related to a problem? Please describe.
Currently installing @ui5/cli
complains about outdated dependencies, for a rather minimal UI5 app with this package.json
:
{
"name": "browse",
"version": "1.0.0",
"main": "webapp/index.html",
"scripts": {
"build": "ui5 build preload --clean-dest --config ui5-deploy.yaml",
"build-local": "ui5 build preload --clean-dest",
"start": "ui5 serve"
},
"devDependencies": {
"@ui5/cli": "^3",
"ui5-task-zipper": "^3"
},
"ui5": {
"dependencies": [
"ui5-task-zipper"
]
}
}
These come from (transitive) dependencies of @ui5/cli
:
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
Some warnings might just be due to an outdated shrinkwrap, but imo the dependencies could be thinned nowadays with Node.js 18+ (now LTS) APIs. For example, there's no reason to use the rimraf
or graceful-fs
package with fs.rm()
and other modern file system APIs now being stable.
Describe the solution you'd like
- Do an inventory of which npm dependencies are not required in the UI5 tooling any more. Some hints:
- File system:
rimraf
,graceful-fs
- Unmaintained stuff that can be trivially implemented w/o deps nowadays:
etag
,fresh
,yesno
,escape-html
…
- File system:
Describe alternatives you've considered
–
Additional context
–
Thanks for reporting. We are aware of this and already upgraded the respective dependencies on our development branches.
Most of them can't be upgraded in UI5 Tooling v3 without breaking compatibility, since they required Node.js versions above v16 (which is the lowest supported version for UI5 Tooling v3).
UI5 Tooling v4 with updated dependencies will be released soon. We will update this issue once it is available and check whether the warnings are resolved.
Apologies. I just checked our current main branches and the warnings still appear. Looks like https://github.com/guybedford/devcert is quite outdated. We'll look into it. Thanks again for reporting! 👍
BTW, if there are older dependencies that don't have a good replacement but just very few users are interested in the feature they enable I'd just consider turning it into an optional peer dependency.
We do this in @cap-js/hana
for example, where we ship hdb
by default but @sap/hana-client
has to be manually added if required:
https://github.com/cap-js/cds-dbs/blob/main/hana/package.json#L29-L36
Affected dependencies have been updated in guybedford/devcert#7
The deprecation warnings should be resolved with the latest UI5 CLI. Thanks again for reporting.