Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use teeny-request instead of deprecated request dependency #1590

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: use teeny-request instead of deprecated request dependency #1590

wants to merge 2 commits into from

Conversation

wvanderdeijl
Copy link

@wvanderdeijl wvanderdeijl commented Apr 24, 2024
edited

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #1584

This is my suggested fix to #1584. Having a dependency on request is not wise as it is deprecated and has security issues. But it also poses an issue with bundlers (such as webpack) that will try to include request that is not installed in node_modules. Hence this solution with an explicit dependency to teeny-request

@product-auto-label product-auto-label bot added the size: s Pull request size is small. label Apr 24, 2024
wvanderdeijl
wvanderdeijl commented Apr 24, 2024
View reviewed changes
gax/package.json
@@ -20,6 +20,7 @@
"object-hash": "^3.0.0",
"proto3-json-serializer": "^2.0.0",
"retry-request": "^7.0.0",
"teeny-request": "^9.0.0",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

retry-requestsince 7.0.0 itself already has a dependency on teeny-request. So, we're not even introducing a new dependency here.
The documentation of retry-request itself now also suggests to use teeny-request and no longer rely on the deprecated request

wvanderdeijl
wvanderdeijl commented Apr 24, 2024
View reviewed changes
gax/src/streamingRetryRequest.ts
@@ -22,6 +22,7 @@ const DEFAULTS = {
Max # of retries
*/
maxRetries: 2,
request: require('teeny-request'),
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to keep the require statement conditional, I could revert to doing this around line 44 in if (opts.request === undefined)

wvanderdeijl
wvanderdeijl commented Apr 24, 2024
View reviewed changes
gax/src/streamingRetryRequest.ts
// eslint-disable-next-line node/no-unpublished-require
opts.request = require('request');
} catch (e) {
throw new Error('A request library must be provided to retry-request.');
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error will be thrown by retry-request itself if opts.request is empty

@wvanderdeijl wvanderdeijl marked this pull request as ready for review April 24, 2024 11:25
@wvanderdeijl wvanderdeijl requested review from a team as code owners April 24, 2024 11:25
@wvanderdeijl wvanderdeijl mentioned this pull request May 8, 2024
Open
@nicole0707
Copy link

Is anyone available to review the PR? @leahecole 🙏. It's blocking us for a while, Thanks!

@leahecole
Copy link
Contributor

thanks for the ping! I want @sofisl to take a look at this first but Sofia, ping me if you want to chat about it

@leahecole leahecole added the kokoro:run Add this label to force Kokoro to re-run the tests. label May 15, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:run Add this label to force Kokoro to re-run the tests. label May 15, 2024
@leahecole
Copy link
Contributor

Just had a brain blast, wasn't @danielbankhead doing work to migrate us from teeny-request to gaxios? Wondering if we may want to use that instead here.

@danielbankhead
Copy link
Member

@leahecole yep! We will want to migrate away from both retry-request and teeny-request to gaxios.

@sofisl
Copy link
Contributor

sofisl commented May 20, 2024

Since gaxios is used in auth, it won't make the package any bigger :) I think this is in the next phase of @danielbankhead's project so we should be working on it soon. As an FYI, I am planning on deprecating teeny and retry within the next few months, will put up a deprecation notice on the README to alert users long before we deprecate so that they can start preparing.

@leahecole leahecole added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label May 21, 2024
@leahecole
Copy link
Contributor

Putting a do not merge on this given all of the shifting that's going on with teeny-request and gaxios right now, and because @danieljbruce may end up consolidating streamingRetryRequest into streaming.ts, rendering it obsolete. I'll make a note to look into this after that happens though - we do need to remove the request dependency!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sofisl sofisl

Labels
do not merge Indicates a pull request not ready for merge, due to either quality or timing. size: s Pull request size is small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependency request is missing and vulnerable
6 participants
@wvanderdeijl @nicole0707 @leahecole @danielbankhead @sofisl @yoshi-kokoro