Comments (17)
Looks like the warning originates from Jest's dependencies. These are updated with each version. I just checked, installing jest@next
does not print a warning. You just have to update Jest. The next version 30 is currently in beta. You can use it or wait for stable release.
from jest.
Is there any appropriate workaround for people who don't use alpha/beta/gamma/non-stable versions?
from jest.
I think Yarn's resolutions
or similar config options from other package managers are worth to try. Reference: https://yarnpkg.com/configuration/manifest#resolutions
from jest.
It seems that the issue needs someone more competent. The mentioned package is out of date. The last update was 8 years ago and all versions contain memory leaks.
@mrazauskas Would you mind assigning this to someone on the team who has experience in the required areas?
from jest.
It's from glob
, which has been upgraded in jest@next
via #14509
from jest.
This is true. But all packages that depend on 29.7.0 (almost all packages) are currently unsafe. And jest@next is still a alpha version at the moment.
It would be better to issue an emergency bug fix as 29.7.1.
from jest.
It's a breaking change to update to newer versions of glob
, so that cannot be done.
from jest.
I keep receiving the same warning! They should release a secure version of Jest until they complete their v30.
from jest.
I don't agree that fix security issue cannot be done. It must be done.
The MR #14509 with "chore" in the title with breaking changes
contains glob v10.3.10
while the glob v10.3.10 does not use inflight library
https://github.com/isaacs/node-glob/blob/v10.3.10/package.json
So there are literally 0 reasons to close the issue
from jest.
Where do you see security issue? The warning mentioned in the OP says: "This module is not supported, and leaks memory." If there are any security issues, better open another issue.
from jest.
I tried jest@next
just now and still saw the problem.
$ npm install jest@next
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
added 308 packages in 14s
46 packages are looking for funding
run `npm fund` for details
While jest
itself no longer directly uses a deprecated version of glob
, @jest/transform
depends on babel-plugin-istanbul
6.1.1 → test-exclude
6.0.0 → glob
7.2.3 → inflight
1.0.6.
Unfortunately there's not an updated version of babel-plugin-istanbul
to update to. Someone has already filed istanbuljs/babel-plugin-istanbul#294, but that repo doesn't seem to have been very active lately.
from jest.
@jest/core
-> @jest/reporters
-> glob@^7.1.3
-> inflight
from jest.
@jest/core
->@jest/reporters
->glob@^7.1.3
->inflight
That one was already fixed in #14509. Which I think you know already.
from jest.
@anomiex it is not fixed in the stable version(https://github.com/jestjs/jest/blob/v29.7.0/packages/jest-reporters/package.json#L25). I think you know that people do not use alpha version in production.
from jest.
And I think you know that continuing to complain about that isn't going to accomplish anything with the Jest maintainers. They won't make the change in the v29 branch because it would require dropping support for old nodejs versions, as they already told you, so it has to wait for v30.
OTOH, my comment, if they don't ignore it because it was buried by your complaining, points out something that still isn't fixed in @next
.
from jest.
it would require dropping support for old nodejs versions
let's check jest v29 node versions
"node": "^14.15.0 || ^16.10.0 || >=18.0.0"
what about glob v10?
"node": ">=16 || 14 >=14.18"
As far as I understand, both support nodejs v14 and there is no need to drop support for old nodejs versions.
from jest.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.
from jest.
Related Issues (20)
- Import, export syntax error from @azure/storage-blob in nx monorepo HOT 1
- [Bug]: When executing the command npm install jest, a warning occurs HOT 1
- Jest is broken HOT 3
- [Feature]: Jest should use the `debugger` statement on failure
- [Bug]: `instanceof Date` fails when using a date created from node-api (n-api)
- [Docs]: One of the examples for configuring Jest to work with Eslint no longer works with the flat config.
- [Bug]: inflight deprecated, glob deprecated
- [Bug]: module is not mocked if there's signal input in spec file (angular)
- [Bug]: isEqual with large Float64Arrays is slow HOT 1
- [Feature]: Provide console logs per testcase to reporter
- [Bug]: require.main has invalid value null
- [Bug]: toThrow fails if error object contains a cause property
- [Feature]: add `expect(spy).toHaveResolvedWith` for spies on async functions
- [Feature]: Replace `chalk` dependency with a lighter alternative HOT 3
- [Feature]: make PRINT_LIMIT configurable
- [Feature]: Show which project failed when a `preset` fails to load HOT 1
- [Bug]: Calling ts.createSourceFile in a test file hangs with Typescript 5.x.x
- [Bug]: [jest-runner] loses error `stack` property for failed test when sends a message to jest
- [Bug]: No way to use inline snapshots without Babel
- [Docs]: .tocontainequalitem() explanation is ambiguous HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jest.