Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: removing dependancy for node-requests #311

Merged
merged 7 commits into from
Oct 23, 2023
Merged

fix: removing dependancy for node-requests #311

merged 7 commits into from
Oct 23, 2023

Conversation

manchuck
Copy link
Contributor

@manchuck manchuck commented Sep 19, 2023

This PR removes the 'requests' package, which has not been updated in over 6 years and has major security errors.

@manchuck manchuck requested a review from jeffswartz September 19, 2023 15:36
@codecov
Copy link

codecov bot commented Sep 19, 2023

Codecov Report

Merging #311 (a3a4b34) into main (111be34) will increase coverage by 16.6%.
Report is 3 commits behind head on main.
The diff coverage is 74.3%.

Files Coverage Δ
spec/opentok_spec.js 100.0% <100.0%> (ø)
lib/moderation.js 93.1% <88.8%> (-2.6%) ⬇️
lib/signaling.js 88.8% <90.9%> (ø)
lib/client.js 78.8% <82.7%> (-0.2%) ⬇️
lib/opentok.js 76.4% <28.5%> (-0.4%) ⬇️
lib/render.js 19.6% <12.5%> (-2.0%) ⬇️
lib/callbacks.js 74.6% <77.1%> (+1.6%) ⬆️
lib/archiving.js 75.4% <77.2%> (+66.8%) ⬆️

... and 1 file with indirect coverage changes

Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some tests in opentok_spec.js are failing.

Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some tests are failing: #311 (review).

Also, please rev the version (to 2.17.0) in package.json and package-lock.json.

@manchuck
Copy link
Contributor Author

manchuck commented Oct 9, 2023

Some tests are failing: #311 (review).

Also, please rev the version (to 2.17.0) in package.json and package-lock.json.

This should only be requested once the PR is ready to merge in. Otherwise the PR will always be rejected as we paly whack-a-mole with the release versions

@manchuck
Copy link
Contributor Author

manchuck commented Oct 9, 2023

Some tests in opentok_spec.js are failing.

These failures are inconsistent and intermittent. I am not familiar with these tests or how to resolve them. The reason for asking for your review on this PR is because there is not full coverage for all use cases with the SDK. Any guidance from you would be helpful

@manchuck manchuck requested a review from jeffswartz October 9, 2023 16:01
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

15 tests are failing ("Archiving listArchives should return an array of archives and a total count" and 14 others).

Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I install packages, I am alerted the get-func-name is audited with "high" vulnerability. And @babel/traverse is flagged as being critical. Can we update chai and nyc to update these sub-packages?

Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to rev the version of the library (to 2.16.1) in the package.json and package-lock.json files.

lib/archiving.js Outdated Show resolved Hide resolved
@manchuck manchuck mentioned this pull request Oct 20, 2023
@manchuck manchuck requested a review from jeffswartz October 20, 2023 17:56
@manchuck manchuck closed this Oct 20, 2023
@manchuck manchuck reopened this Oct 20, 2023
@manchuck manchuck closed this Oct 20, 2023
@manchuck manchuck reopened this Oct 20, 2023
@manchuck manchuck force-pushed the remove-requests branch 2 times, most recently from 894f350 to 5b77151 Compare October 20, 2023 18:03
if (response && response.statusCode === 404) {
try {
body = JSON.parse(body);
} catch {}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The linter complains that this (and other instances of catch {}) results in a parsing error. (Replace with catch (error) { }).

There are already existing linting errors in the main branch. But if you add /* eslint-env es2018 */ to the top of this file, you will see more linting errors.

Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rev the version (to 2.17.0) in package.json and package-lock.json. (I assume we are ready to release this.)

@manchuck manchuck merged commit 2e3c476 into main Oct 23, 2023
@manchuck manchuck deleted the remove-requests branch October 23, 2023 20:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants