chore: remove old deps from sqitch test fixtures (pg@6, babel-cli@6, pg-promise@6)#945
Conversation
… mutations + downloadUrl field Phase 2A Step 2: Presigned URL plugin for PostGraphile v5 - requestUploadUrl mutation: presigned PUT URL generation with SHA-256 content-hash keys, bucket validation (RLS), MIME type enforcement, file size limits, deduplication - confirmUpload mutation: S3 HEAD verification, content-type check, status transition (pending -> ready), upload_request tracking - downloadUrl computed field: presigned GET URLs for private files, public URL prefix for public - StorageModuleCache: per-database LRU cache for storage module config (TTL-based) - S3 signer wrapper: AWS SDK v3 presigned URL generation (PUT/GET/HEAD) - PresignedUrlPreset factory for easy integration into ConstructivePreset Follows existing patterns: - extendSchema + grafast plans (same as PublicKeySignature) - GraphQLObjectType_fields hook for downloadUrl (same as graphile-search) - LRU cache with TTL (same as graphile-cache)
… detection Uses codec.extensions.tags.storageFiles instead of checking for 6 specific column names. The storage module generator in constructive-db will set this tag on the generated files table via a smart comment.
…hema_public.database The server middleware already sets jwt.claims.database_id in pgSettings, so jwt_private.current_database_id() is a cheap function call vs the previous approach of querying metaschema_public.database on every request.
…nitize filename in Content-Disposition
…le table, fix RC versions to stable
…pg-promise@6, etc.)
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
1 participant
Summary
Two changes in this PR (branched off PR #944):
1. Fixture cleanup: Removes all outdated dependencies from 6
__fixtures__/sqitch/package.json files. These are static test fixtures for sqitch migration tooling — not installed, not run, not in the pnpm workspace. They were triggering Socket security warnings due to ancient versions:pg@6.4.0,pg-promise@6.10.3,babel-cli@6.24.1,babel-jest@20.0.3,babel-preset-react-app@3.0.0,@launchql/db-testing@latest. ThedevDependenciesanddependenciesobjects are emptied (kept as{}) so the fixture file structure remains valid.2. New
graphile-presigned-url-pluginpackage (carried over from PR #944): AddsrequestUploadUrl/confirmUploadmutations anddownloadUrlcomputed field for direct client-to-S3 presigned URL uploads. Not yet wired into ConstructivePreset — plugin code only, no runtime behavior change.Review & Testing Checklist for Human
postgres/pgsql-test/andpgpm/core/test-utils/TestPlan.tsthat reference__fixtures__/sqitch/don't read dependencies from the affected packages (totp, utils, utilities, verify, secrets). They appear to only usesimple/andsqitch-plans/fixtures, but worth double-checking.@aws-sdk/client-s3and resolution changes. Spot-check that no unexpected packages were added.Notes
constructive/packages/{totp,utils,utilities,verify,secrets}andbroken/packages/secretsscriptsblocks are preserved — onlydependenciesanddevDependenciescontents were removedLink to Devin session: https://app.devin.ai/sessions/4c882ba2dfbf4045adf85fb83cde6f77
Requested by: @pyramation