-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: Bump graphql-upload from 15.0.2 to 17.0.0 #9342
base: alpha
Are you sure you want to change the base?
Conversation
I will reformat the title to use the proper commit message syntax. |
@Moumouls would you want to take on this GraphQL challenge? |
7519efc
to
452ad19
Compare
Hi @mtrezza ! hope you are doing well ! Yes, i need to dedicate some time to parse, during next weeks, my team really needed me and i struggled to find some time, but i've also some simple PRs ideas I'll keep you updated ! |
@Moumouls Always great to hear from you! Appreciate your efforts, curious to hear what you have in mind... |
0aac69e
to
cd3e902
Compare
Okay i investigated here, the issue is caused by the graphql-upload lib breaking change using ESM. ESM is quite a mess to use currently in CommonJS, and current code will need a weird and huge refactor with potential breaking change for current user if we opt out to use try to use this lib as ESM. Here i can suggest to just wait since Node is currently testing to support by default ESM via require https://nodejs.org/dist/latest/docs/api/modules.html#loading-ecmascript-modules-using-require Implemented in node 23 and will be LTS in node 24. I tested, Node 23 currently fix the issue without special tricks Node 23 is currenly fixing a huge headache in the ecosystem. |
So let's wait until Node 24 which will be released around April 2025 I guess. |
I think it's the current best approach for packages in ESM where the ESM trick with await import is not easy and may introduce a too big refactor. In the case of graphql-upload the package is safe for now with just 1 old CVE: https://security.snyk.io/package/npm/graphql-upload |
cd3e902
to
b37f3d8
Compare
Also, graphql-upload requires at least node 18.18.0, so we couldn't merge this before Parse Server 8 anyway. |
f4a8339
to
7b386d0
Compare
2540322
to
be1c5bb
Compare
c11b166
to
85aecbf
Compare
Bumps [graphql-upload](https://github.com/jaydenseric/graphql-upload) from 15.0.2 to 17.0.0. - [Release notes](https://github.com/jaydenseric/graphql-upload/releases) - [Changelog](https://github.com/jaydenseric/graphql-upload/blob/master/changelog.md) - [Commits](jaydenseric/graphql-upload@v15.0.2...v17.0.0) --- updated-dependencies: - dependency-name: graphql-upload dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
85aecbf
to
1506e92
Compare
Bumps graphql-upload from 15.0.2 to 17.0.0.
Release notes
Sourced from graphql-upload's releases.
... (truncated)
Changelog
Sourced from graphql-upload's changelog.
... (truncated)
Commits
421707f
Version 17.0.0.db00563
Update the GitHub Actions CI workflow.218bc95
Replacenpm run
withnode --run
.352f3fe
Reorder the package scripts.284410c
Update the GitHub Action CI workflow.1cf3d56
Tweak wording.3ddf628
Update the GitHub Markdown syntax for alerts in the readme.e7a051c
Remove an unnecessaryawait
in tests.1135035
Replace the test helper classDeferred
with polyfilled `Promise.withResolve...1bc03b9
Account for different Node.js version default stream high water mark values.You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)