search

cloudant / nodejs-cloudant

Cloudant Node.js client library
Apache License 2.0
255 stars 90 forks source link

This package is using deprecated request package as dependency #441

Closed mumeshr closed 3 years ago

mumeshr commented 3 years ago

Please read these guidelines before opening an issue.

Bug Description

This package is using deprecated request package as dependency

1. Steps to reproduce and the simplest code sample possible to demonstrate the issue

This package is using deprecated request package as dependency, no code issue, but vulnerabilities are showing in audit.

2. What you expected to happen

Update the package to use alternatives of request package that will fix the issue.

3. What actually happened

Deprecation of request package.

Environment details

10.24.0.

emlaver commented 3 years ago

Hello @mumeshr, a similar issue was already opened with this request. See #415 for more details.

We have a new cloudant-node-sdk(beta) library available and it does not have a dependency on request.

From the #415 ticket: Nano 9.x is also recently released and replaces request with axios - we won't be getting that new Nano version as a dependency for nodejs-cloudant because of incompatibilities with our existing plugin structures.

mumeshr commented 3 years ago

Thanks for the update Esteban. I'm using nano also for handling attachments from cloudant DB. Do you have any solution for that without request package dependency. Thanks,Umesh

On Friday, April 9, 2021, 3:01:58 PM EDT, Esteban Laver ***@***.***> wrote:

Closed #441.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

emlaver commented 3 years ago

@mumeshr I would suggest using the latest couchdb-nano 9.x version which replaces request with axios.

mumeshr commented 3 years ago

Thanks @emlaver I tried above option, when I moved my API from .insert to .post (As I need insert + Update). Sometime for same level of transactions DB is returning conflict error, because of first update was in process and second update tries it again. So updating documenting using new API suggested @ibm-cloud/cloudant postDocument is slower than insert. While using insert I used basic-auth to authenticate but now I'm using IAMAuthenticator. Please suggest some solution.

mumeshr commented 3 years ago

@emlaver I found that IamTokenAuth is not supporting caching token and it is slow. I implemented using our own token manager and sending BearerToken to DB. This request matches the speed of basic auth. So we are good now.