Please upgrade to latest, formidable@v3! Check these notes: https://bit.ly/2ZEqIau

ladjs / superagent

Ajax for Node.js and browsers (JS HTTP client). Maintained for @forwardemail, @ladjs, @spamscanner, @breejs, @cabinjs, and @lassjs.

https://ladjs.github.io/superagent/

MIT License

16.57k stars 1.33k forks source link

Please upgrade to latest, formidable@v3! Check these notes: https://bit.ly/2ZEqIau #1781

Closed frankstevens1 closed 2 months ago

frankstevens1 commented 10 months ago

https://github.com/ladjs/superagent/blob/83e92cbe6ea6c1e03095157a89d17f9c67dc1f57/package.json#L27

jimmywarting commented 10 months ago

formidable v3 is ESM-only and can only be loaded async. it also drops support for v10 which superagen v8 still supports.

but that is about to change. One plan is to switch to using fetch (undici) later on in next major release which is going to require NodeJS v16.8+ (b/c of undici requirement)

then we will likely not need formidable anymore cuz we could just do: fd = await response.formData(); fd.get('field')

GeekBerry commented 9 months ago

any update about this issue?

rajattrt commented 9 months ago

Hey @jimmywarting ,

Hope all's good! Just wanted to touch base on the progress of this ticket about removing Formidable from Superagent. We know it's a priority due to the impending Formidable v2 deprecation and those pesky security issues.

While we're in the process of fully ditching Formidable, how about we temporarily upgrade Superagent Formidable to version 3 (v3)?

Security: We all know v2 has some security hiccups. Upgrading to v3 should patch those up, keeping our app safer.
Deprecation: v2's on its way out. Going v3 now saves us from potential headaches when v2 gets officially put out to pasture.
Stability: v3 probably comes with fixes and improvements that can boost our code's stability.

I'd love to hear your thoughts on this idea.

Oh, and here's the link to the Formidable Deprecation Notice for reference.

Thanks a bunch for your attention to this!

jimmywarting commented 9 months ago

Yea, that would be a sensible thing to do. Quick to upgrade. Same functionality.

one thing that formidable has that response.formData() don't have is the possibility to also select a upload dir setting max file size and so on. so in a sense formidable dose some things better than response.formData() that is just all sitting in memory.

alumni commented 8 months ago

If you have plans for a major release, it would be great if the deprecated function url.parse(value) will be replaced with new URL(value). It is available in node 10+ and it will also solve the issues in escaping certain characters (e.g. ` for which you already have a workaround and ').

jeremyhaile commented 7 months ago

It's possible that upgrading would also fix this bug: https://github.com/ladjs/superagent/issues/1786

bmitmanski commented 6 months ago

From version 3.5.0 package: Can be imported as ES module and required as commonjs module. https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md#350

titanism commented 2 months ago

🚀 v9.0.0 released to npm 🚀

https://github.com/ladjs/superagent/releases/tag/v9.0.0

ref: https://github.com/ladjs/superagent/pull/1800

Forward Email https://forwardemail.net