chai-http icon indicating copy to clipboard operation
chai-http copied to clipboard

Published 20 hours ago verified publisher icon chaijs

Bump Chai-Http version to get package updates

Open jakebrown58 opened this issue 3 years ago • 10 comments

SuperAgent was updated in this PR: https://github.com/chaijs/chai-http/pull/281 But the version of chai-http was not modified along with it.

The result is that the npm registries still are using the old version of the package.json:

"chai-http": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/chai-http/-/chai-http-4.3.0.tgz", "integrity": "sha512-zFTxlN7HLMv+7+SPXZdkd5wUlK+KxH6Q7bIEMiEx0FK3zuuMqL7cwICAQ0V1+yYRozBburYuxN1qZstgHpFZQg==", "dev": true, "requires": { "@types/chai": "4", "@types/superagent": "^3.8.3", "cookiejar": "^2.1.1", "is-ip": "^2.0.0", "methods": "^1.1.2", "qs": "^6.5.1", "superagent": "^3.7.0" } },

Any chance you can bump chai-http to 4.3.1?

jakebrown58 avatar Jun 04 '21 16:06 jakebrown58

I need this as well. We run some security analysis tools on the code, and it's showing that superagent has a vulnerability.

kinder-lab avatar Jun 05 '21 04:06 kinder-lab

Hi all – we're currently having issues with our release process (see https://github.com/chaijs/chai-http/runs/1995002882?check_suite_focus=true). I don't have the proper credentials to debug this locally and haven't had the time to set up my own npm package to debug there. I may in the next couple weeks, but it's tight. Is anyone able to do the same?

In summary, something is going wrong with the semantic-release npm plugin and our automation tokens. We've tried to fix this a few times (https://github.com/chaijs/chai-http/pull/287, https://github.com/chaijs/chai-http/pull/289, etc.) without success. I've also pinged the semantic-release team (https://github.com/semantic-release/npm/issues/277#issuecomment-787123017) but without a good response (admittedly a weak ping on my part).

austince avatar Jun 05 '21 17:06 austince

Is the release process still broken? There haven't been any releases since 4 years ago.

ostankin avatar Jan 27 '23 12:01 ostankin

Yes, the process is still broken. I don't have the access needed to properly debug/maintain this. @keithamus is the only one I know of with those credentials, but it may be worth just formally marking this repo as unmaintained.

austince avatar Jan 27 '23 14:01 austince

@chaijs/token-bearers is the team which has all credentials for the chai accounts.

Looks like those old log links are 404ing, so I can't see what the failures are. Happy to try to cut a release today but I'd prefer to see if we can get semantic release working so it doesn't require me or another token-bearer to cut a release.

keithamus avatar Jan 27 '23 15:01 keithamus

Any news on this one?

Besides that, for example superagent is again deprecated with version 6.x - Should I provide a PR with the updated dependency version?

Trickfilm400 avatar Jun 08 '23 17:06 Trickfilm400

Please do so. I’ll take a look tomorrow

keithamus avatar Jun 08 '23 17:06 keithamus