Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lib superagent:8.0.9 has dependency with problems #316

Closed
BrunoHenriqueSouza opened this issue Apr 23, 2024 · 8 comments
Closed

Lib superagent:8.0.9 has dependency with problems #316

BrunoHenriqueSouza opened this issue Apr 23, 2024 · 8 comments

Comments

@BrunoHenriqueSouza
Copy link

BrunoHenriqueSouza commented Apr 23, 2024
edited
Loading

The last version 4.4.0 use superagent:8.0.9 that use formidable with problems (ladjs/superagent#1800).
Need upgrade superagent to version up 9.0.0.
@natlibfi-jonollil
Copy link

natlibfi-jonollil commented Apr 24, 2024
edited
Loading

Dependabot cannot update formidable to a non-vulnerable version

The latest possible version that can be installed is 2.1.2 because of the following conflicting dependencies:

[email protected] requires formidable@^2.1.2 via [email protected]
No patched version available for formidable

The earliest fixed version is 3.2.4.

Dependabot note about this

@keithamus
Copy link
Member

PRs welcome!

@crisward
Copy link

Seems the tests don't pass when updating superagent to the latest version. Possibly related to this.

ladjs/superagent#1793

  2 failing

  1) assertions
       #cookie (agent):
     TypeError: Cannot read properties of undefined (reading 'push')
      at Agent.<computed> [as set] (node_modules/superagent/lib/agent-base.js:20:20)
      at Context.<anonymous> (test/http.js:378:13)
      at process.processImmediate (node:internal/timers:478:21)

  2) request
       Node.js
         agent can be used to persist cookies:
     TypeError: Cannot read properties of undefined (reading 'getCookies')
      at TestAgent._attachCookies (node_modules/superagent/lib/node/agent.js:75:30)
      at TestAgent.<computed> [as get] (lib/request.js:220:404)
      at Context.<anonymous> (test/request.js:192:10)
      at process.processImmediate (node:internal/timers:478:21)

@43081j
Copy link
Contributor

43081j commented Apr 24, 2024

in chai-http in particular, i suspect its because superagent now wraps Agent in a proxy

so this line:

chai-http/lib/request.js

Line 310 in cc58a4b

(Agent || Request).call(this);

doesn't do what it looks like it does. it looks like its trying to call the super constructor, but it will actually call superagent's Proxy function which returns the instance (i.e. it won't mutate this)

tbh maybe chai-http just needs a modernisation in a major release - turn all the prototypes into classes, etc

@crisward
Copy link

turn all the prototypes into classes, etc

You may well be right. But to be honest, I just want to stop my npm install to stop yelling at me about 'critical' vulnerabilities. 😬

@43081j
Copy link
Contributor

43081j commented Apr 24, 2024

yeah i get that. unfortunately, superagent doesn't export the underlying Agent class for us to new up

they kinda borked things with that Proxy here:
https://github.com/ladjs/superagent/blob/b368f62b3d9beae564e8dca1eb1969fc7d10580e/src/node/agent.js#L102-L110

means it will new one up but unbound, i.e. not bound to thisArg

@thomashohn
Copy link
Contributor

This PR might fix it or can be used for further fixes @keithamus - #317

@keithamus
Copy link
Member

I'll close as this is resolved in #317 but we'll likely need to release this as breaking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@keithamus @crisward @thomashohn @43081j @BrunoHenriqueSouza @natlibfi-jonollil