Eleventy: Deprecation warnings on install

Could you run the following commands and share their output?

npm ls chokidar
npm ls fsevents
npm ls resolve-url
npm ls urix
npm ls core-js

This way, we can see, which dependency pulls in the deprecated version.

npm ls chokidar
npm ls fsevents
npm ls resolve-url
npm ls urix
npm ls core-js/...
└── (empty)

npm ls fsevents
npm ls resolve-url
npm ls urix
npm ls core-js/...
└── (empty)

npm ls resolve-url
npm ls urix
npm ls core-js/...
└── (empty)

npm ls urix
npm ls core-js/...
└── (empty)

npm ls core-js
...
└── (empty)

I'm not getting the same deprecation warnings as OP, but all of the dependencies seem to be coming from browser-sync, except for core-js which comes from pug:

$ npm ls [email protected] [email protected] [email protected] [email protected] [email protected]
[email protected] /home/josebolos/devel/eleventy
└─┬ @11ty/[email protected]
  ├─┬ [email protected]
  │ ├─┬ [email protected] 
  │ │ └── UNMET OPTIONAL DEPENDENCY [email protected] 
  │ └─┬ [email protected]
  │   └─┬ [email protected]
  │     └─┬ [email protected]
  │       ├── [email protected] 
  │       └── [email protected] 
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └─┬ [email protected]
            └── [email protected] 

In relation, I am today getting this new security warning from npm when I install eleventy:

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @11ty/eleventy │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @11ty/eleventy > browser-sync > localtunnel > yargs > │
│ │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @11ty/eleventy │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @11ty/eleventy > browser-sync > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 low severity vulnerabilities in 708 scanned packages
2 vulnerabilities require manual review. See the full report for details.

Hi @mmc41,

please read https://github.com/11ty/eleventy/issues/1025#issuecomment-601680218 and open a new issue (in case it wasn't reported yet).

Thanks.

browser-sync npm audits are filed here https://github.com/11ty/eleventy/issues/1164

I'm getting the same issue, ive been trying to resolve it for 2-3 days now.

i am also facing this issue
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\chokidarnode_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

Using yarn global add @11ty/eleventy shows just two deprecation warnings, from browser-sync:

warning @11ty/eleventy > browser-sync > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning @11ty/eleventy > browser-sync > chokidar > [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.

An update here regarding these deps specifically on master:

npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

• urix is no longer in use

• this looks like an issue, but it’s only via a dev dependency so probably a low priority. Filed at #1394
  

Going to close this! Follow along at #1394 for the valid core-js issue