-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Stop testing Koa on Node.js v6 in order to update `koa-bodypars… (#3240)
Since Node.js v6 is no longer supported by the Node.js Foundation, it was going to come to this sooner or later since transitive packages are inching their ECMAScript compilation targets to more and more recent versions of the language. While Apollo Server itself will drop support for Node.js v6 in 3.x, the current Koa integration necessitates a more immediate exception since, after bringing #3229 (2dd0592), the `koa-bodyparser` package was updated to a new major version which, itself, dropped Node.js 6 support. That update to `koa-bodyparser`, which fixes an incorrect/malformed `Content-length` header calculation is important enough on its own, but there's also a [CVE][1] for the [`qs`][2] dependency, which makes it even more pressing. We should make sure both of those are included in Apollo Server, which currently drives the underlying version of Koa for all users because of its close coupling with Koa itself (via the `apollo-server-koa` package). This doesn't necessarily mean that those who are still on Node.js v6 are completely out of luck, since they could probably modify their `package-lock.json` files to use an older copy of `koa-bodyparser`, but anyone still using Node.js v6 should certainly make considerations - sooner rather than later — about upgrading to more recent and more supported versions of Node.js! Luckily, this micro-framework-management will soon no longer be a concern with Apollo Server, particularly because of the introduction of a transport abstraction, which I've proposed in #3184. Ref: #3184 [1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000048 [2]: https://npm.im/qs Fixes: #3050
- Loading branch information
Showing
4 changed files
with
95 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters