Recently I have migrated from Gatsby V2 to V4, using the official docs since that Iam facing this warning and It goes like this,
warn Error persisting state: function createFolder(folderData) {
return client.mutate({
mutation: mutations.createFo...<omitted>... } could not be cloned.
Iam using node version : 14.15.4
and npm version : 6.14.10
Is anybody faced this error before or suggest any way to resolve this.
I'd suggest updating your npm version up to version 7 in order to run:
npm install gatsby#latest --legacy-peer-deps
As well:
npm outdated
To compare your wanted version to the latest.
Keep in mind that if some dependency is not updated to any accordingly working version, your project may not be able to run. However, in the case of the gatsby-plugin-sharp, being an official maintained plugin I guess it will be compatible with v3 (they just shipped the v4 recently so...).
Prior to that suggestions, I'd also recommend cleaning cache in each process as well reinstalling your dependencies (or the locked ones) removing your node_modules, your package-lock.json, etc if needed.
Share you configuration details (gatsby-config.js) to see if there's something that needs to be refactored in the version 3.
Related
I'm new to NPM. I'm getting an alert from github dependabot saying my json-schema package is vulnerable. My current json-schema version is 0.2.3, it's required by my current npm#7.20.6 via transitive dependency on jsprim#1.4.1. I can't update my npm version right now since that involves lots of testing which I don't have time to do right now. Wondering what's a good way to force npm to use a newer version of json-schema. (0.4.0 is the version I should use.) I was thinking updating package-lock.json to use json-schema#0.2.3, but if I run npm install, that change will be erased right? Some examples would be appreciated!
react-dev-utils#11.0.4 installing a vulnerable version of browserlist, browserslist#4.14.2, although we have updated package on github. https://github.com/facebook/create-react-app/blob/main/packages/react-dev-utils/package.json#L57
[to test out, you may simple create any folder and do npm i react-dev-utils and then check it using npm ls browserlist]
I dont get, what all are the constraint for this. (I dont see any package-lock.json for this package, which could be a potential reason for the vuln). older version has reported vulnerability CVE-2021-23364.
react-dev-utils#11.0.4 installing a vulnerable version of browserlist, browserslist#4.14.2, although we have updated package on github
This is because that package.json file resides in the default branch which usually contains the latest or development code. At the time you posted the question, that change was not published to the npm registry.
react-dev-utils#11.0.4 has browserslist#4.14.2 listed in its package so that's the version that will be installed. Reference: https://cdn.jsdelivr.net/npm/react-dev-utils#11.0.4/package.json
You need atleast react-dev-utils#12.0.0 to fix that vulnerability. See the versions tab.
[to test out, you may simple create any folder and do npm i react-dev-utils and then check it using npm ls browserlist]
Running that command will install the latest version of react-dev-utils, which now has no vulnerability. So it will fix your issue.
I dont see any package-lock.json for this package, which could be a potential reason for the vuln
package-lock.json cannot be published to registry, only the top level lock file is respected. Reference: Should package-lock.json also be published?
this may be an example package, but how in general we update to latest package? have tried npm update as well.
npm update respects the semver range that you've set in your package.json. If its like "react-dev-utils": "11.0.4" that command won't do anything. If its "react-dev-utils": "^11.0.4", it will try to update to the latest 11.x.x version which you are already on, so again it won't do anything. Reference: npm update does not do anything
In general if you want to upgrade every direct dependency to latest version you can use npm-check-updates before running npm update. Refer https://nodejs.dev/learn/update-all-the-nodejs-dependencies-to-their-latest-version for detailed guide. Related: How to update each dependency in package.json to the latest version?
Now, if it is not a direct dependency, as was in your case, you can force resolutions. This is natively supported in Yarn and NPM v8.3.0 and above. In older NPM versions you need to use a dependency like npm-force-resolutions. Related thread: npm equivalent of yarn resolutions?
There are much more related threads that you can easily find by searching on the web.
Whenever I install any packages through npm I keep getting this warning:
npm WARN deprecated fsevents#2.1.3: Please update to v 2.2.x
I tried various methods to update it. But all failed.
So my question is, is this important for Node.js?
Can I uninstall it, if possible?
Or is there any other ways to update or remove the warning?
Some package you are using is apparently using the v2.1.3 version of the fsevents module, yet that has been specifically deprecated (usually because of known problems or vulnerabilities) and it is recommended to use v2.2.x instead. If you aren't yourself directly using the fsevents package, then you can grep your node_modules directory and find out which package is using fsevents. You can then try several things:
First, make sure you have the latest version of all the packages you are specifically using in case it's already been fixed in one of those.
See if there's an update to the package that is using it that fixes the warning.
Contact the maintainer of the package that is using it to see if they have an update coming that fixes the warning.
Fork that package and modify their package.json to update to the latest version of fsevents and then test things to see if it all works appropriately and go with that until the maintainer of the package fixes the core.
File a bug/issue with the maintainer and wait until hey fix it.
How to safely npm install/update when deploying/upgrading ?
Problem 1 : npm install is a statefull operation that depends on the latest versions of dependencies in the time when the command is executed. This causes surprises when deploying since package.json file indicates ranges but not specific versions.
Problem 2 : everytime I make npm update or use ncu, I spend hours/days trying to handle incoherences between modules. Why would this happens in 2018 ?
Problem 3 : How to have package.json file that describes exactly the state of installed packages instead of ranges so that I can deploy without surprises ?
NB: I use Angular
If you use yarn or a more recent version of npm, it will generate for you a yarn.lock or package-lock.json.
This will keep exactly the version of any package when it's first installed, so further calls to yarn or npm install will fetch and install exactly those versions.
Of course you should add these lock files to your repository so anyone doing a fresh clone get the same dependencies installed.
See the npm docs: https://docs.npmjs.com/files/package-lock.json
And the yarn docs: https://yarnpkg.com/lang/en/docs/yarn-lock/
package.json file indicates ranges but not specific versions : Re-read the documentation, you can specify specific versions. See point 3 for an example.
Why would this happens in 2018 <= I/we can't speculate as to problems where you did not include any specific details, it might be a valid general gripe you have but StackOverflow is not the correct place to vent it.
Again, see the documentation. You just have to include the version number with an = sign. Example below would get only the version 5.0.0 of #angular/cdk.
"#angular/cdk": "5.0.0"
be advised that any call to npm update will update your package.json with the latest minor version, so setting a strict constraint version ex (5.0.0) will only work with npm install when no package-lock.json is present. When doing npm update, your 5.0.0 constraint will be replaced by a ^5.5.0 constraint (or whatever the next minor release is). It's fine if the packages you are using implement semver correctly, but you can have a lot of issues with breaking changes on minor release.
I have the latest versions of Node and NPM installed, using which I installed Angular/cli, but it's shooting me with following errors: angular/cli and npm versions not compatible with current version of node.
I suspect that I may(not) be installing out of the proper directory. But at this point, what else can I do? thanks.
Please check: Screenshot with details of the issue
I also faced a similar problem, but the solution was quite simple : my path was too long.
I shortened it a bit (two directories down) and then I did the install again with success.
Here are the reqs.
Both the CLI and generated project have dependencies that require Node 6.9.0 or higher, together with NPM 3 or higher.
You are using the latest node.js 9.2
you need to uninstall or rollback to 8.9 !!
Here is a guide
https://github.com/angular/angular-cli
Hope this solves it for you.
I faced a similar problem with angular/cli version not compatible with the current node version. This generally happens when you are upgrading from lower version of Angular to any other higher version.
You can try following steps:
npm outdated --> To list latest and current package details in local application.
npm update --> to update the local packages.
If it still doesn`t work,
Try deleting the 'node_modules' folder and install dependencies of fresh:
npm install
You can then check whether all packages, including the cli is not outdated.