Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Chai-Http version to get package updates #292

Open
jakebrown58 opened this issue Jun 4, 2021 · 7 comments
Open

Bump Chai-Http version to get package updates #292

jakebrown58 opened this issue Jun 4, 2021 · 7 comments

Comments

@jakebrown58
Copy link

SuperAgent was updated in this PR: #281
But the version of chai-http was not modified along with it.

The result is that the npm registries still are using the old version of the package.json:

"chai-http": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/chai-http/-/chai-http-4.3.0.tgz", "integrity": "sha512-zFTxlN7HLMv+7+SPXZdkd5wUlK+KxH6Q7bIEMiEx0FK3zuuMqL7cwICAQ0V1+yYRozBburYuxN1qZstgHpFZQg==", "dev": true, "requires": { "@types/chai": "4", "@types/superagent": "^3.8.3", "cookiejar": "^2.1.1", "is-ip": "^2.0.0", "methods": "^1.1.2", "qs": "^6.5.1", "superagent": "^3.7.0" } },

Any chance you can bump chai-http to 4.3.1?
@kinder-lab
Copy link

I need this as well. We run some security analysis tools on the code, and it's showing that superagent has a vulnerability.

@austince
Copy link
Contributor

austince commented Jun 5, 2021

Hi all – we're currently having issues with our release process (see https://github.com/chaijs/chai-http/runs/1995002882?check_suite_focus=true). I don't have the proper credentials to debug this locally and haven't had the time to set up my own npm package to debug there. I may in the next couple weeks, but it's tight. Is anyone able to do the same?

In summary, something is going wrong with the semantic-release npm plugin and our automation tokens. We've tried to fix this a few times (#287, #289, etc.) without success. I've also pinged the semantic-release team (semantic-release/npm#277 (comment)) but without a good response (admittedly a weak ping on my part).

@ostankin
Copy link

Is the release process still broken? There haven't been any releases since 4 years ago.

@austince
Copy link
Contributor

Yes, the process is still broken. I don't have the access needed to properly debug/maintain this. @keithamus is the only one I know of with those credentials, but it may be worth just formally marking this repo as unmaintained.

@keithamus
Copy link
Member

@chaijs/token-bearers is the team which has all credentials for the chai accounts.

Looks like those old log links are 404ing, so I can't see what the failures are. Happy to try to cut a release today but I'd prefer to see if we can get semantic release working so it doesn't require me or another token-bearer to cut a release.

@Trickfilm400
Copy link
Contributor

Any news on this one?

Besides that, for example superagent is again deprecated with version 6.x - Should I provide a PR with the updated dependency version?

@keithamus
Copy link
Member

Please do so. I’ll take a look tomorrow

@Trickfilm400 Trickfilm400 mentioned this issue Jun 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@keithamus @jakebrown58 @austince @ostankin @Trickfilm400 @kinder-lab