digitalbazaar / jsonld.js

A JSON-LD Processor and API implementation in JavaScript

https://json-ld.org/

Other

1.65k stars 195 forks source link

Update to `@digitalbazaar/http-client@3`. #484

Closed davidlehn closed 2 years ago

davidlehn commented 2 years ago

Pulls in newer ky and ky-universal that should address security alerts and provide other improvements.
Newer ky will throw errors on redirects even when in manual redirect mode. Now using throwHttpErrors option to turn off errors.
One of the updated dependencies can cause tests to rewrite redirect Location URLs to be relative references. The global URL interface is now used to rebuild a full URL for further redirect processing.
Newer node-forge will output a one-time warning if code even accesses response.data. @digitalbazar/http-client will forcefully set data if it detects a JSON content type. Calling code can't know if that happened, so currently needs to redo content detection to know if JSON data can be accessed. This is an issue for sites where JSON-LD was requested but the response is non-JSON with a Link header pointing to the JSON-LD.

davidlehn commented 2 years ago

Looks like ky-universal index.js doesn't make it past node 12 parser. If we have to remove node 12 support, this will need to be a major release.

codecov-commenter commented 2 years ago

Codecov Report

Merging #484 (69e0582) into v5.x (ee976d2) will decrease coverage by 0.06%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             v5.x     #484      +/-   ##
==========================================
- Coverage   92.71%   92.64%   -0.07%     
==========================================
  Files          23       23              
  Lines        2856     2857       +1     
==========================================
- Hits         2648     2647       -1     
- Misses        208      210       +2

Impacted Files	Coverage Δ
lib/documentLoaders/node.js	`92.30% <100.00%> (-3.01%)`	:arrow_down:
lib/util.js	`88.48% <100.00%> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update ee976d2...69e0582. Read the comment docs.

davidlehn commented 2 years ago

The top-level await issue was a blocker. Node.js 12 won't even parse that syntax so pre loading libraries would not work. Removing Node.js 12 support and planning a major release. Will retarget to a v6.x branch. The only part that doesn't work with older versions is the included node document loader. If a solution presents itself we can backport if needed.