npm WARN deprecated puppeteer@18.1.0: < 21.8.0 is no longer supported

[MikeMcC399]

Versions

• What is this plugin's version: 2.2.1
• What is the Node version: v18.15.0 v20.12.1
• What is the NPM version: 9.5.0 10.5.0

Describe the bug

Installing netlify-plugin-cypress@latest (v2.2.1) results in the warning:

npm WARN deprecated puppeteer@18.1.0: < 19.4.0 is no longer supported
npm WARN deprecated puppeteer@18.1.0: < 21.8.0 is no longer supported

Steps to reproduce

mkdir netlify-plugin-test
cd netlify-plugin-test
npm init -y
npm install netlify-plugin-cypress@latest

note warnings:

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.8.0 is no longer supported

added 263 packages, and audited 264 packages in 1m

30 packages are looking for funding
  run `npm fund` for details

6 vulnerabilities (1 low, 1 moderate, 4 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Expected

When

npm install netlify-plugin-cypress@latest

is executed, no warnings should be displayed.

The current version of puppeteer is 22.6.1.

Link to the repo

Reproducible example on

https://github.com/cypress-io/cypress-example-kitchensink

Clone the repository and execute

npm ci

[MikeMcC399]

I thought I might at least be able to get rid of the debug deprecation, however updating to the current debug@4.3.4 causes major changes in package-lock.json.

Even without attempting to make this change, on Ubuntu 22.04 with Node.js 18.15.0 18.16.1, the sequence:

npm install
npm ci

executed on a clone of this repo shows:

$ npm ci
npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for @esbuild/android-arm@0.17.12: wanted {"os":"android","arch":"arm"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS:    android
npm ERR! notsup Valid Arch:  arm
npm ERR! notsup Actual OS:   linux
npm ERR! notsup Actual Arch: x64

so it seems this is not simple to resolve. 🙁

[nagash77]

Hi @MikeMcC399 , I do not anticipate us being able to investigate this problem at the moment. I will route the issue and we will keep it in the backlog.

We are of course always open to community contributions if anyone out there is so inclined.

[MikeMcC399]

Hi Ben @nagash77

This is quite a tricky issue, so I wasn't expecting it to get solved soon, and I'm not even sure that it can be solved in Cypress at the moment. I just wanted to make sure it was recorded as a known-issue, since I wasn't able to find a solution for it myself.

• PR update puppeteer #320 from @jaffrepaul pinned puppeteer to 18.1.0 so I guess this is the best option for now.

[jaffrepaul]

I think we should be able to bump Puppeteer to the latest version (and not pin it) with some additional dependency updates noted in my PR above. I just didn't have the bandwidth to go that deep at the time.

[MikeMcC399]

netlify-cli v14 has been released.
Edit: Latest version is now v17.

This can unblock steps needed to resolve this issue, however there are still multiple deprecation warnings and critical vulnerabilities left, so there would still be significant effort needed.

[MikeMcC399]

The warning has now changed to

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.3.7 is no longer supported

See https://github.com/puppeteer/puppeteer/releases for current releases e.g. v21.6.0.

[jaffrepaul]

The warning has now changed to

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.3.7 is no longer supported

cc @jennifer-shehane in case this needs to be prioritized/rerouted

[MikeMcC399]

Updated installation log to current output:

npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated puppeteer@18.1.0: < 21.8.0 is no longer supported

added 263 packages, and audited 264 packages in 1m

30 packages are looking for funding
  run `npm fund` for details

6 vulnerabilities (1 low, 1 moderate, 4 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

[MikeMcC399]

• related vulnerabilities are also reported in Installation reports vulnerabilities #426