New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace deprecated request
package with Fetch API
#2858
Conversation
fce623f
to
cf1d46b
Compare
request
packagerequest
package with Fetch API
Just to check, is there any connection between removing |
@36degrees Yeah it's a child dependency that they recently removed:
|
cf1d46b
to
89db1b3
Compare
Rebased with #2857 and rebuilt package-lock.json |
Just to flag as this confused me – although request has been removed in node-sass'
It looks like this is because 7.0.2 broke compatibility with Node 16 and so they yanked the release and released 7.0.3 as a hotfix. |
Looks like #2856 also bumps |
@36degrees I'm happy with this PR, and let the Dependabot one auto-close. Thanks for checking |
89db1b3
to
c783d90
Compare
@36degrees Good spot on the hot fix branch though I've updated my commit message to say "Begin removing" If you can review? Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't used undici
before – from a quick look at their docs it looks like there's some best practise for using it in tests which suggest reducing the keep alive timeouts, which we may want to consider.
Otherwise I'm happy with these changes 👍🏻
Actually, just a thought – given the |
@36degrees Yeah course, your call. I'll rebase after |
c783d90
to
c68163a
Compare
} | ||
}) | ||
// Reduce test keep-alive | ||
setGlobalDispatcher(new Agent({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@36degrees Thanks for the link on this bit, hopefully keeps the test runs short and sweet
Ready to review again now
I've split this change from #2850 so it's easier to review
The changes resolve 3x vulnerabilities in
node-sass
and removes this message on install:We'll see to check for CSS changes from
node-sass@7.01
→node-sass@7.03
I've replaced
request()
with Fetch API following this approach (until native support arrives in Node.js 17):https://blog.logrocket.com/fetch-api-node-js/#undici