Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Chai-Http version to get package updates #292

Open
jakebrown58 opened this issue Jun 4, 2021 · 10 comments
Open

Bump Chai-Http version to get package updates #292

jakebrown58 opened this issue Jun 4, 2021 · 10 comments

Comments

@jakebrown58
Copy link

SuperAgent was updated in this PR: #281
But the version of chai-http was not modified along with it.

The result is that the npm registries still are using the old version of the package.json:

"chai-http": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/chai-http/-/chai-http-4.3.0.tgz", "integrity": "sha512-zFTxlN7HLMv+7+SPXZdkd5wUlK+KxH6Q7bIEMiEx0FK3zuuMqL7cwICAQ0V1+yYRozBburYuxN1qZstgHpFZQg==", "dev": true, "requires": { "@types/chai": "4", "@types/superagent": "^3.8.3", "cookiejar": "^2.1.1", "is-ip": "^2.0.0", "methods": "^1.1.2", "qs": "^6.5.1", "superagent": "^3.7.0" } },

Any chance you can bump chai-http to 4.3.1?

@kinder-lab
Copy link

I need this as well. We run some security analysis tools on the code, and it's showing that superagent has a vulnerability.

@austince
Copy link
Contributor

austince commented Jun 5, 2021

Hi all – we're currently having issues with our release process (see https://github.com/chaijs/chai-http/runs/1995002882?check_suite_focus=true). I don't have the proper credentials to debug this locally and haven't had the time to set up my own npm package to debug there. I may in the next couple weeks, but it's tight. Is anyone able to do the same?

In summary, something is going wrong with the semantic-release npm plugin and our automation tokens. We've tried to fix this a few times (#287, #289, etc.) without success. I've also pinged the semantic-release team (semantic-release/npm#277 (comment)) but without a good response (admittedly a weak ping on my part).

@ostankin
Copy link

Is the release process still broken? There haven't been any releases since 4 years ago.

@austince
Copy link
Contributor

Yes, the process is still broken. I don't have the access needed to properly debug/maintain this. @keithamus is the only one I know of with those credentials, but it may be worth just formally marking this repo as unmaintained.

@keithamus
Copy link
Member

@chaijs/token-bearers is the team which has all credentials for the chai accounts.

Looks like those old log links are 404ing, so I can't see what the failures are. Happy to try to cut a release today but I'd prefer to see if we can get semantic release working so it doesn't require me or another token-bearer to cut a release.

@Trickfilm400
Copy link
Contributor

Any news on this one?

Besides that, for example superagent is again deprecated with version 6.x - Should I provide a PR with the updated dependency version?

@keithamus
Copy link
Member

Please do so. I’ll take a look tomorrow

@GustavoOS
Copy link

Superagent is again recommending update to version 9. Any chance for an upgrade?

@Trickfilm400
Copy link
Contributor

Its already commited, but only released as an pre-release 5.0.0-alpha2

@43081j
Copy link
Contributor

43081j commented Jun 4, 2024

if you can try out 5.0.0-alpha2 so im aware it all works well for you, ill publish 5.0.0 this weekend

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants