Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: Bump graphql-upload from 15.0.2 to 17.0.0 #9342

Open
wants to merge 1 commit into
base: alpha
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 14, 2024

Bumps graphql-upload from 15.0.2 to 17.0.0.

Release notes

Sourced from graphql-upload's releases.

Version 17.0.0

Major

  • Updated Node.js support to ^18.18.0 || ^20.9.0 || >=22.0.0.

  • Updated dev dependencies, some of which require newer Node.js versions than previously supported.

  • Use the TypeScript v5.5+ JSDoc tag @import to import types in modules.

  • Removed JSDoc tag @typedef that were unintentionally re-exporting types; to migrate import TypeScript types from the correct module:

    - import type { GraphQLUpload } from "graphql-upload/Upload.mjs";
    + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
    - import type { processRequest } from "graphql-upload/Upload.mjs";
    + import type processRequest from "graphql-upload/processRequest.mjs";
    - import type { GraphQLUpload } from "graphql-upload/processRequest.mjs";
    + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
  • Refactored tests to use the standard AbortController, fetch, File, and FormData APIs available in modern Node.js and removed the dev dependencies node-abort-controller and node-fetch.

  • Replaced the test utility function streamToString with the function text from node:stream/consumers that’s available in modern Node.js.

  • Use the Node.js test runner API and remove the dev dependency test-director.

Minor

  • Support Express v5 by updating the optional peer dependency @types/express to 4.0.29 - 5 and the dev dependency express to v5, via #389.

Patch

  • Tweaked the package description.
  • Updated the package.json field repository to conform to new npm requirements.
  • Updated the package scripts:
    • Reordered the scripts.
    • Replaced npm run with node --run.
  • Updated GitHub Actions CI config:
    • No longer run the workflow on pull request.
    • Enable manual workflow dispatching.
    • Run checks in seperate jobs.
    • Removed custom step names.
    • Replaced npm run with node --run.
    • Updated the tested Node.js versions to v18, v20, v22.
    • Updated actions/checkout to v4.
    • Updated actions/setup-node to v4.
  • Migrated to the ESLint v9 CLI and “flat” config.
  • Integrated a new dev dependency eslint-plugin-jsdoc and revised types.
  • Removed the Node.js CLI option --unhandled-rejections=throw in the package script tests as it’s now the default for all supported Node.js versions.

... (truncated)

Changelog

Sourced from graphql-upload's changelog.

17.0.0

Major

  • Updated Node.js support to ^18.18.0 || ^20.9.0 || >=22.0.0.

  • Updated dev dependencies, some of which require newer Node.js versions than previously supported.

  • Use the TypeScript v5.5+ JSDoc tag @import to import types in modules.

  • Removed JSDoc tag @typedef that were unintentionally re-exporting types; to migrate import TypeScript types from the correct module:

    - import type { GraphQLUpload } from "graphql-upload/Upload.mjs";
    + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
    - import type { processRequest } from "graphql-upload/Upload.mjs";
    + import type processRequest from "graphql-upload/processRequest.mjs";
    - import type { GraphQLUpload } from "graphql-upload/processRequest.mjs";
    + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
  • Refactored tests to use the standard AbortController, fetch, File, and FormData APIs available in modern Node.js and removed the dev dependencies node-abort-controller and node-fetch.

  • Replaced the test utility function streamToString with the function text from node:stream/consumers that’s available in modern Node.js.

  • Use the Node.js test runner API and remove the dev dependency test-director.

Minor

  • Support Express v5 by updating the optional peer dependency @types/express to 4.0.29 - 5 and the dev dependency express to v5, via #389.

Patch

  • Tweaked the package description.
  • Updated the package.json field repository to conform to new npm requirements.
  • Updated the package scripts:
    • Reordered the scripts.
    • Replaced npm run with node --run.
  • Updated GitHub Actions CI config:
    • No longer run the workflow on pull request.
    • Enable manual workflow dispatching.
    • Run checks in seperate jobs.
    • Removed custom step names.
    • Replaced npm run with node --run.
    • Updated the tested Node.js versions to v18, v20, v22.
    • Updated actions/checkout to v4.
    • Updated actions/setup-node to v4.
  • Migrated to the ESLint v9 CLI and “flat” config.
  • Integrated a new dev dependency eslint-plugin-jsdoc and revised types.

... (truncated)

Commits
  • 421707f Version 17.0.0.
  • db00563 Update the GitHub Actions CI workflow.
  • 218bc95 Replace npm run with node --run.
  • 352f3fe Reorder the package scripts.
  • 284410c Update the GitHub Action CI workflow.
  • 1cf3d56 Tweak wording.
  • 3ddf628 Update the GitHub Markdown syntax for alerts in the readme.
  • e7a051c Remove an unnecessary await in tests.
  • 1135035 Replace the test helper class Deferred with polyfilled `Promise.withResolve...
  • 1bc03b9 Account for different Node.js version default stream high water mark values.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Bot label; pull requests that updates a dependency file label Oct 14, 2024
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title refactor: bump graphql-upload from 15.0.2 to 17.0.0 refactor: Bump graphql-upload from 15.0.2 to 17.0.0 Oct 14, 2024
@mtrezza
Copy link
Member

mtrezza commented Oct 14, 2024

@Moumouls would you want to take on this GraphQL challenge?

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch 3 times, most recently from 7519efc to 452ad19 Compare October 15, 2024 21:58
@Moumouls
Copy link
Member

Hi @mtrezza ! hope you are doing well !

Yes, i need to dedicate some time to parse, during next weeks, my team really needed me and i struggled to find some time, but i've also some simple PRs ideas

I'll keep you updated !

@mtrezza
Copy link
Member

mtrezza commented Oct 18, 2024

@Moumouls Always great to hear from you! Appreciate your efforts, curious to hear what you have in mind...

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch 4 times, most recently from 0aac69e to cd3e902 Compare October 22, 2024 20:32
@Moumouls
Copy link
Member

Okay i investigated here, the issue is caused by the graphql-upload lib breaking change using ESM.

ESM is quite a mess to use currently in CommonJS, and current code will need a weird and huge refactor with potential breaking change for current user if we opt out to use try to use this lib as ESM.

Here i can suggest to just wait since Node is currently testing to support by default ESM via require https://nodejs.org/dist/latest/docs/api/modules.html#loading-ecmascript-modules-using-require

Implemented in node 23 and will be LTS in node 24.

I tested, Node 23 currently fix the issue without special tricks

Node 23 is currenly fixing a huge headache in the ecosystem.

@mtrezza
Copy link
Member

mtrezza commented Oct 23, 2024

So let's wait until Node 24 which will be released around April 2025 I guess.

@Moumouls
Copy link
Member

I think it's the current best approach for packages in ESM where the ESM trick with await import is not easy and may introduce a too big refactor.

In the case of graphql-upload the package is safe for now with just 1 old CVE: https://security.snyk.io/package/npm/graphql-upload

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch from cd3e902 to b37f3d8 Compare October 23, 2024 17:02
@mtrezza
Copy link
Member

mtrezza commented Oct 23, 2024

Also, graphql-upload requires at least node 18.18.0, so we couldn't merge this before Parse Server 8 anyway.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch 11 times, most recently from f4a8339 to 7b386d0 Compare October 29, 2024 14:39
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch 9 times, most recently from 2540322 to be1c5bb Compare November 5, 2024 17:57
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch 9 times, most recently from c11b166 to 85aecbf Compare November 11, 2024 19:00
Bumps [graphql-upload](https://github.com/jaydenseric/graphql-upload) from 15.0.2 to 17.0.0.
- [Release notes](https://github.com/jaydenseric/graphql-upload/releases)
- [Changelog](https://github.com/jaydenseric/graphql-upload/blob/master/changelog.md)
- [Commits](jaydenseric/graphql-upload@v15.0.2...v17.0.0)

---
updated-dependencies:
- dependency-name: graphql-upload
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/graphql-upload-17.0.0 branch from 85aecbf to 1506e92 Compare November 12, 2024 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Bot label; pull requests that updates a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants