Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: removing dependancy for node-requests #311

Merged
merged 7 commits into from
Oct 23, 2023
Merged

fix: removing dependancy for node-requests #311

merged 7 commits into from
Oct 23, 2023

Conversation

manchuck
Copy link
Contributor

@manchuck manchuck commented Sep 19, 2023
edited
Loading

This PR removes the 'requests' package, which has not been updated in over 6 years and has major security errors.

@codecov
Copy link

codecov bot commented Sep 19, 2023
edited
Loading

Codecov Report

Merging #311 (a3a4b34) into main (111be34) will increase coverage by 16.6%.
Report is 3 commits behind head on main.
The diff coverage is 74.3%.

Files Coverage Δ
spec/opentok_spec.js 100.0% <100.0%> (ø)
lib/moderation.js 93.1% <88.8%> (-2.6%) ⬇️
lib/signaling.js 88.8% <90.9%> (ø)
lib/client.js 78.8% <82.7%> (-0.2%) ⬇️
lib/opentok.js 76.4% <28.5%> (-0.4%) ⬇️
lib/render.js 19.6% <12.5%> (-2.0%) ⬇️
lib/callbacks.js 74.6% <77.1%> (+1.6%) ⬆️
lib/archiving.js 75.4% <77.2%> (+66.8%) ⬆️

... and 1 file with indirect coverage changes

@cpettet cpettet mentioned this pull request Sep 22, 2023
Closed
jeffswartz
jeffswartz reviewed Oct 6, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some tests in opentok_spec.js are failing.

jeffswartz
jeffswartz requested changes Oct 6, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some tests are failing: #311 (review).

Also, please rev the version (to 2.17.0) in package.json and package-lock.json.

@manchuck
Copy link
Contributor Author

manchuck commented Oct 9, 2023

Some tests are failing: #311 (review).

Also, please rev the version (to 2.17.0) in package.json and package-lock.json.

This should only be requested once the PR is ready to merge in. Otherwise the PR will always be rejected as we paly whack-a-mole with the release versions

@manchuck
Copy link
Contributor Author

manchuck commented Oct 9, 2023

Some tests in opentok_spec.js are failing.

These failures are inconsistent and intermittent. I am not familiar with these tests or how to resolve them. The reason for asking for your review on this PR is because there is not full coverage for all use cases with the SDK. Any guidance from you would be helpful

jeffswartz
jeffswartz requested changes Oct 16, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

15 tests are failing ("Archiving listArchives should return an array of archives and a total count" and 14 others).

jeffswartz
jeffswartz reviewed Oct 16, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I install packages, I am alerted the get-func-name is audited with "high" vulnerability. And @babel/traverse is flagged as being critical. Can we update chai and nyc to update these sub-packages?

jeffswartz
jeffswartz requested changes Oct 18, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to rev the version of the library (to 2.16.1) in the package.json and package-lock.json files.

jeffswartz
jeffswartz reviewed Oct 18, 2023
View reviewed changes
lib/archiving.js Outdated Show resolved Hide resolved
@manchuck manchuck mentioned this pull request Oct 20, 2023
Closed
@manchuck manchuck closed this Oct 20, 2023
@manchuck manchuck reopened this Oct 20, 2023
@manchuck manchuck closed this Oct 20, 2023
@manchuck manchuck reopened this Oct 20, 2023
@manchuck manchuck force-pushed the remove-requests branch 2 times, most recently from 894f350 to 5b77151 Compare October 20, 2023 18:03
jeffswartz
jeffswartz reviewed Oct 23, 2023
View reviewed changes
lib/archiving.js
if (response && response.statusCode === 404) {
try {
body = JSON.parse(body);
} catch {}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The linter complains that this (and other instances of catch {}) results in a parsing error. (Replace with catch (error) { }).

There are already existing linting errors in the main branch. But if you add /* eslint-env es2018 */ to the top of this file, you will see more linting errors.

jeffswartz
jeffswartz requested changes Oct 23, 2023
View reviewed changes
Copy link
Collaborator

@jeffswartz jeffswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rev the version (to 2.17.0) in package.json and package-lock.json. (I assume we are ready to release this.)

@manchuck manchuck merged commit 2e3c476 into main Oct 23, 2023
13 of 14 checks passed
@manchuck manchuck deleted the remove-requests branch October 23, 2023 20:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffswartz jeffswartz jeffswartz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manchuck @jeffswartz