You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The node-fetch package became incompatible with its use in GraphQL Parse Server in Node 17/18. Either there is a fix, or node-fetch needs to be replaced with another package.
Going back and using old version of node-fetch 2.x is not an attractive option; the upgrade to 3.x was done previously by dependabot due to a security vulnerability. Even though it's a dev dependency, in a CI/CD pipeline outdated packages can be a security risk, depending on the type of vulnerability. It may also impact Parse Server's vulnerability score, as devDependencies may not always be excluded from that calculation. In addition, we'll keep getting automatic upgrade PRs for node-fetch from dependabot and Snky if we go back to 2.x.
The tests currently run on Node <17; since the Node 16 LTS end date is Apr 2024, we are at least keeping an eye on the tests until then, although we are not running them for Node >16.
Suggested solution:
Run the tests only for Node <17 for now
Do not run the tests on Node 17, which is an odd-intermediate version where LTS ends 2022-06 anyway
Over time (until Node 16 LTS end Apr 2024), create a PR to run the tests on Node 18 using Node's built-in fetch
Steps to reproduce
n/a
Actual Outcome
Tests are disabled.
Expected Outcome
Tests should be enabled.
Environment
n/a
The text was updated successfully, but these errors were encountered:
🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.
New Issue Checklist
Issue Description
Some GraphQL file tests needed to be disabled for Node >=17 to bring Parse Server forward for Node 17 / 18 compatibility, see #7896 (comment).
Disabled tests:
parse-server/spec/ParseGraphQLServer.spec.js
Line 9099 in 68b15c2
parse-server/spec/ParseGraphQLServer.spec.js
Line 6796 in 68b15c2
The
node-fetch
package became incompatible with its use in GraphQL Parse Server in Node 17/18. Either there is a fix, ornode-fetch
needs to be replaced with another package.Going back and using old version of node-fetch 2.x is not an attractive option; the upgrade to 3.x was done previously by dependabot due to a security vulnerability. Even though it's a dev dependency, in a CI/CD pipeline outdated packages can be a security risk, depending on the type of vulnerability. It may also impact Parse Server's vulnerability score, as devDependencies may not always be excluded from that calculation. In addition, we'll keep getting automatic upgrade PRs for node-fetch from dependabot and Snky if we go back to 2.x.
The tests currently run on Node <17; since the Node 16 LTS end date is Apr 2024, we are at least keeping an eye on the tests until then, although we are not running them for Node >16.
Suggested solution:
fetch
Steps to reproduce
n/a
Actual Outcome
Tests are disabled.
Expected Outcome
Tests should be enabled.
Environment
n/a
The text was updated successfully, but these errors were encountered: