breautek commented on issue #610: URL: https://github.com/apache/cordova-cli/issues/610#issuecomment-1502255830
> These come via `pacote` which is used by `cordova-fetch` to handle the npm installing of plugins and platforms. > > The next version will update to a newer version of pacote which resolves most of these warnings. This is true, however most of these warnings comes from the `request` package itself. Cordova has `request` currently through 2 dependencies, one is `pacote` via `cordova-fetch`, the other is via `insight`. The upcoming release of `cordova-fetch` does use an updated `pacote` which doesn't depend on `request` anymore, however `insight` still does and afaik `insight` is also no longer maintained (or it has moved to ESM so we cannot update easily cause it will require converting all of the cordova cli to esm, I kinda forget the case with `insight` but I recall looking into it awhile back). `har-validator` is included because of `request`: ``` [email protected] /development/cordova/coho/cordova-cli └─┬ [email protected] └─┬ [email protected] └── [email protected] ``` `uuid@3` is being included because of `request`: ``` [email protected] /development/cordova/coho/cordova-cli ├─┬ [email protected] │ ├─┬ [email protected] │ │ └── [email protected] ``` `stringify-package` is included via `cordova-lib` (which seems to be still the case in current master): ``` [email protected] /development/cordova/coho/cordova-cli └─┬ [email protected] └── [email protected] ``` `@npmcli/move-file` is being included via `pacote`: ``` [email protected] /development/cordova/coho/cordova-cli └─┬ [email protected] └─┬ [email protected] └─┬ [email protected] └─┬ [email protected] └── @npmcli/[email protected] ``` The `pacote` update addresses this, but current dev of cordova-fetch still has `@npmcli/move-file` via other `@npmcli` dependencies. Lastly, `request` is included because of `pacote` (resolved in cordova-fetch master/v4.0.0) and via `insight`: ``` [email protected] /development/cordova/coho/cordova-cli ├─┬ [email protected] │ └─┬ [email protected] │ └─┬ [email protected] │ └─┬ @npmcli/[email protected] │ └─┬ [email protected] │ └── [email protected] deduped └─┬ [email protected] └── [email protected] ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
