New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency package node-fetch has a new version available #19231
Comments
This task should be taken up along with #19165 |
Hi just checking any update to upgrade node-fetch to 2.6.7 ? |
Hey @snuffykl Our current dependency on node-fetch is using the semver notation |
Hi @ramya-rao-a I am looking to get it to 2.6.7. Good to know it will give me 2.6.7. Thank you. |
Unfortunately we won't be able to upgrade to v3 in the short term. The reason is that node-fetch v3 dropped support on commonjs modules. In order to migrate we'd need to make our packages ESM-only which we are not ready to do at the moment. There seems to be a big number of community members impacted by the commonjs drop in node-fetch (for reference: node-fetch/node-fetch#1263) @praveenkuttappan is there any way to tell the Dependency checker to just look at new versions under 2.x.x for this package? |
We will only log issues for available major version updates. v2.x.x will be auto updated when our automation do We could move this to backlog then check back in the future. |
@joheredi Do you have long term plans to migrate to v3 and make the SDK packages ESM-only? |
@bterlson should be able to comment about the long-term plans for ESM-only packages in this repo. |
Please consider updating to patch v2.6.7 to address high vulnerability issue per: GHSA-r683-j2x4-v87g Update seems more urgent now. |
We already updated to 2.6.7. Also since our dependency on node-fetch is a caret one, running npm update on your side would get you the latest version 2.6.7 without core-http releasing a new version |
Hi @azure-sdk, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support. |
We have identified a dependency on version 2.7.0 of node-fetch. A new version (3.3.2) is available for upgrade.
Following are the steps to upgrade package dependency.
Understand the breaking changes between the version being used and the version you want to upgrade to.
Identify all packages that take a dependency on this package.
Go to the root folder for each such package (/sdk/service-name/package-name) and update package.json to have the new version.
Run rush update to ensure the new version is pulled in.
Make relevant changes to absorb the breaking changes.
Repeat steps 3 to 5 for each of the packages that have a dependency on this package.
The text was updated successfully, but these errors were encountered: