chore: Upgrade axios dep - Githubissues

PostHog / posthog-js-lite

Reimplementation of posthog-js to be as light and modular as possible.

https://posthog.com/docs/libraries

MIT License

70 stars 36 forks source link

chore: Upgrade axios dep #122

Closed benjackwhite closed 1 year ago

benjackwhite commented 1 year ago

Problem

Fixes https://github.com/PostHog/posthog-js-lite/issues/121

Changes

User mentioned our axios dep is somewhat outdated. The vulnerability mentioned shouldn't affect us given we only call our own endpoint, but nonetheless worth keeping up to date.

Release info Sub-libraries affected

Bump level

[ ] Major
[ ] Minor
[x] Patch

Libraries affected

[ ] All of them
[ ] posthog-web
[x] posthog-node
[ ] posthog-react-native

Testing

Tested locally with the example and all seemed fine

huw commented 1 year ago

Ack! This breaks all non-Node runtimes (ex. Cloudflare) because Axios v1 doesn’t provide the correct non-Node ESM exports, which leads them to try and import a bunch of node modules, which they can’t.

A few potential fixes off the top of my head:

Replace Axios with fetch (now that fetch is in all LTS versions, this might not be unreasonable; it would also mean non-Node runtimes don’t have to add fetch as a parameter when instantiating PostHog)
Agitate Axios to fix axios/axios#5495
Patch it
Split the package into Node and non-Node in package.json#exports