request@2.88.2: request has been deprecated

Question

request@2.88.2: request has been deprecated

shakaran opened this issue 3 years ago · comments

Ángel Guzmán Maeso commented 3 years ago

NPM version (npm -v):
8.5.1
Node version (node -v):
v17.6.0
Node Process (node -p process.versions):

{
  node: '17.6.0',
  v8: '9.6.180.15-node.13',
  uv: '1.43.0',
  zlib: '1.2.11',
  brotli: '1.0.9',
  ares: '1.18.1',
  modules: '102',
  nghttp2: '1.45.1',
  napi: '8',
  llhttp: '6.0.4',
  openssl: '3.0.1+quic',
  cldr: '40.0',
  icu: '70.1',
  tz: '2021a3',
  unicode: '14.0',
  ngtcp2: '0.1.0-DEV',
  nghttp3: '0.1.0-DEV'
}

Node Platform (node -p process.platform):
linux
Node architecture (node -p process.arch):
x64
node-sass version (node -p "require('node-sass').info"):

node-sass	7.0.1	(Wrapper)	[JavaScript]
libsass  	3.5.5	(Sass Compiler)	[C/C++]

npm node-sass versions (npm ls node-sass):

├─┬ bootstrap-loader@3.0.4
│ └── node-sass@7.0.1 deduped
├── node-sass@7.0.1
└─┬ sass-loader@12.6.0
  └── node-sass@7.0.1 deduped

Doing a yarn upgrade, I get the following warnings:

warning node-sass > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning node-sass > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning node-sass > request > har-validator@5.1.5: this library is no longer supported

Reference request/request#3142

Nick Schonning · Answer 1 · Fri Feb 25 2022 13:37:40 GMT+0800 (China Standard Time)

7.0.1 no longer directly uses request

Ángel Guzmán Maeso · Answer 2 · Fri Feb 25 2022 15:40:14 GMT+0800 (China Standard Time)

@nschonni but I have 7.0.1 and the warnings are showing, How remove the warnings?

sp3c73r2038 · Answer 3 · Fri Apr 29 2022 10:24:02 GMT+0800 (China Standard Time)

@nschonni seems 7.0.1 still depends on request
https://github.com/sass/node-sass/blob/v7.0.1/package.json#L67

and I have this warning when using node-sass 7.0.1.

codes in current master are indeed not using request directly.

a quick comparing shows this commit actually removed direct dependency of request.

is that not released yet?

T.J. · Answer 4 · Tue Aug 02 2022 02:23:40 GMT+0800 (China Standard Time)

today is 08/01/22 and I am still seeing request being a dependency for the node-sass v7.0.1
this is in my package-json.lock file after doing a npm ci on my project which includes node-sass v7.0.1