Skip to content

Module is not supported or leak memory #429

New issue
New issue
Closed
#430
Closed
Module is not supported or leak memory#429
#430
@BalasundarB-bhc

Description

@BalasundarB-bhc
BalasundarB-bhc
opened on Nov 12, 2025

🐛 Bug Report: Deprecated Dependencies Installed During Production Build

Date: 2025-11-12
Environment:

  • Node.js Version: 20.x
  • Package Manager: npm 10.x
  • OS: Ubuntu (GitHub Actions Runner)

Summary

During the production build and deployment process, npm displays multiple deprecation warnings related to outdated transitive dependencies. These warnings indicate that certain libraries used indirectly (via Swagger and other dependencies) are no longer maintained or supported.

Steps to Reproduce

  1. Run a clean install:

    npm ci --omit=dev

  2. Observe the output during dependency installation.

Actual Result

The following warnings appear during installation:

npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory.
npm WARN deprecated lodash.get@4.4.2: This package is deprecated. Use the optional chaining (?.) operator instead.
npm WARN deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm WARN deprecated glob@7.1.6: Glob versions prior to v9 are no longer supported.

These warnings indicate that deprecated packages are still being installed via indirect dependencies.

Expected Result

All production dependencies should be up to date with no deprecated modules, especially ones known to leak memory (inflight).

Impact

  • Potential memory leaks (via inflight@1.0.6)
  • Codebase depending on deprecated or unsupported libraries
  • Future incompatibility with Node.js 22+ or npm 11
  • Noise in CI/CD logs that may hide actual critical issues

Root Cause (Preliminary Analysis)

  • inflight@1.0.6 is pulled in by older versions of glob@7.x, commonly through swagger-jsdoc or related tooling.
  • lodash.get and lodash.isequal are used internally by older library versions (potentially swagger-jsdoc, mongoose, or ajv).

Status

⚠️ Open – Deprecated dependencies still appear in build logs.
🦩 Action Required – Upgrade Swagger and related dependencies.

Result - After upgrading Swagger and related dependencies to their latest versions, the deprecation warnings still persist in the Swagger build process. The same deprecated modules (inflight, lodash.get, lodash.isequal, and glob) appear, suggesting that the underlying libraries or Swagger’s internal dependencies have not yet updated to remove these deprecated packages.

Image Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions