superagent icon indicating copy to clipboard operation
superagent copied to clipboard

Published 20 hours ago verified publisher icon ladjs

Please upgrade to latest, formidable@v3! Check these notes: https://bit.ly/2ZEqIau

Open frankstevens1 opened this issue 2 years ago • 7 comments

https://github.com/ladjs/superagent/blob/83e92cbe6ea6c1e03095157a89d17f9c67dc1f57/package.json#L27

frankstevens1 avatar Aug 27 '23 11:08 frankstevens1

formidable v3 is ESM-only and can only be loaded async. it also drops support for v10 which superagen v8 still supports.

but that is about to change. One plan is to switch to using fetch (undici) later on in next major release which is going to require NodeJS v16.8+ (b/c of undici requirement)

then we will likely not need formidable anymore cuz we could just do: fd = await response.formData(); fd.get('field')

jimmywarting avatar Aug 27 '23 14:08 jimmywarting

any update about this issue?

GeekBerry avatar Sep 20 '23 06:09 GeekBerry

Hey @jimmywarting ,

Hope all's good! Just wanted to touch base on the progress of this ticket about removing Formidable from Superagent. We know it's a priority due to the impending Formidable v2 deprecation and those pesky security issues.

While we're in the process of fully ditching Formidable, how about we temporarily upgrade Superagent Formidable to version 3 (v3)?

  1. Security: We all know v2 has some security hiccups. Upgrading to v3 should patch those up, keeping our app safer.
  2. Deprecation: v2's on its way out. Going v3 now saves us from potential headaches when v2 gets officially put out to pasture.
  3. Stability: v3 probably comes with fixes and improvements that can boost our code's stability.

I'd love to hear your thoughts on this idea.

Oh, and here's the link to the Formidable Deprecation Notice for reference.

Thanks a bunch for your attention to this!

rajatnt avatar Oct 05 '23 16:10 rajatnt

Yea, that would be a sensible thing to do. Quick to upgrade. Same functionality.

one thing that formidable has that response.formData() don't have is the possibility to also select a upload dir setting max file size and so on. so in a sense formidable dose some things better than response.formData() that is just all sitting in memory.

jimmywarting avatar Oct 08 '23 17:10 jimmywarting

If you have plans for a major release, it would be great if the deprecated function url.parse(value) will be replaced with new URL(value). It is available in node 10+ and it will also solve the issues in escaping certain characters (e.g. ` for which you already have a workaround and ').

alumni avatar Oct 25 '23 16:10 alumni

It's possible that upgrading would also fix this bug: https://github.com/ladjs/superagent/issues/1786

jeremyhaile avatar Nov 30 '23 20:11 jeremyhaile

From version 3.5.0 package: Can be imported as ES module and required as commonjs module. https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md#350

bmitmanski avatar Jan 02 '24 08:01 bmitmanski

🚀 v9.0.0 released to npm 🚀

https://github.com/ladjs/superagent/releases/tag/v9.0.0

ref: https://github.com/ladjs/superagent/pull/1800

Forward Email https://forwardemail.net

titanism avatar Apr 23 '24 17:04 titanism