[Bug]: npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. about jest HOT 17 CLOSED

Looks like the warning originates from Jest's dependencies. These are updated with each version. I just checked, installing jest@next does not print a warning. You just have to update Jest. The next version 30 is currently in beta. You can use it or wait for stable release.

from jest.

Is there any appropriate workaround for people who don't use alpha/beta/gamma/non-stable versions?

from jest.

I think Yarn's resolutions or similar config options from other package managers are worth to try. Reference: https://yarnpkg.com/configuration/manifest#resolutions

from jest.

It seems that the issue needs someone more competent. The mentioned package is out of date. The last update was 8 years ago and all versions contain memory leaks.
@mrazauskas Would you mind assigning this to someone on the team who has experience in the required areas?

from jest.

It's from glob, which has been upgraded in jest@next via #14509

from jest.

This is true. But all packages that depend on 29.7.0 (almost all packages) are currently unsafe. And jest@next is still a alpha version at the moment.
It would be better to issue an emergency bug fix as 29.7.1.

from jest.

It's a breaking change to update to newer versions of glob, so that cannot be done.

from jest.

I keep receiving the same warning! They should release a secure version of Jest until they complete their v30.

from jest.

I don't agree that fix security issue cannot be done. It must be done.
The MR #14509 with "chore" in the title with breaking changes

contains glob v10.3.10

while the glob v10.3.10 does not use inflight library
https://github.com/isaacs/node-glob/blob/v10.3.10/package.json

So there are literally 0 reasons to close the issue

from jest.

Where do you see security issue? The warning mentioned in the OP says: "This module is not supported, and leaks memory." If there are any security issues, better open another issue.

from jest.

I tried jest@next just now and still saw the problem.

$ npm install jest@next
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported

added 308 packages in 14s

46 packages are looking for funding
  run `npm fund` for details

While jest itself no longer directly uses a deprecated version of glob, @jest/transform depends on babel-plugin-istanbul 6.1.1 → test-exclude 6.0.0 → glob 7.2.3 → inflight 1.0.6.

Unfortunately there's not an updated version of babel-plugin-istanbul to update to. Someone has already filed istanbuljs/babel-plugin-istanbul#294, but that repo doesn't seem to have been very active lately.

from jest.

@jest/core -> @jest/reporters -> glob@^7.1.3 -> inflight

from jest.

@jest/core -> @jest/reporters -> glob@^7.1.3 -> inflight

That one was already fixed in #14509. Which I think you know already.

from jest.

@anomiex it is not fixed in the stable version(https://github.com/jestjs/jest/blob/v29.7.0/packages/jest-reporters/package.json#L25). I think you know that people do not use alpha version in production.

from jest.

And I think you know that continuing to complain about that isn't going to accomplish anything with the Jest maintainers. They won't make the change in the v29 branch because it would require dropping support for old nodejs versions, as they already told you, so it has to wait for v30.

OTOH, my comment, if they don't ignore it because it was buried by your complaining, points out something that still isn't fixed in @next.

from jest.

it would require dropping support for old nodejs versions

let's check jest v29 node versions

    "node": "^14.15.0 || ^16.10.0 || >=18.0.0"

what about glob v10?

    "node": ">=16 || 14 >=14.18"

As far as I understand, both support nodejs v14 and there is no need to drop support for old nodejs versions.

from jest.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.

from jest.