deps: inline binary-install, with updated axios version #1819
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes a security vulnerability warning. Users were never affected by the vulnerability.
o0Ignition0o
approved these changes
Jan 25, 2024
Closed
Merged
Geal
added a commit
that referenced
this pull request
Mar 26, 2024
## 🚀 Features - **Add `--no-url` shorthand to `subgraph publish` - @lennyburdette PR #1809** This is slightly more convenient and less awkward than `--routing-url "" --allow-invalid-routing-url` - **Support unix socket URLs - @Geal PR #1879** Since its [1.43.0 release](https://github.com/apollographql/router/releases/tag/v1.43.0), the Router can now connect to subgraph over unix sockets. This removes a warning when publishing a schema with a `unix://` URL. ## 🐛 Fixes - **Use task specific `rayon` threadpools and not the global threadpool - @garypen PR #1872** This increases rover's reliability by executing independent tasks in different thread pools. - **Prevent an infinite loop when restarting the router - @Geal PR #1855** When restarting a Router on schema updates, it could happen that an internal task of Rover would go in an infinite loop and consume CPU needlessly. This is now fixed and should make `rover dev` more reliable. - **Use `proposalCoverage`` in addition to `severityLevel`` to build correct proposal check messaging - @swcollard PR #1845** This updates the message on proposal checks depending on the `proposalCoverage` field ## 🛠 Maintenance - **Upgrade axios to address a security warning - @goto-bus-stop PR #1819** The vulnerability didn't affect rover, but now you won't get a warning for it! - **Remove yanked online check - @dylan-apollo PR #1803** ## 📚 Documentation - **Update dev docs about which Router version is used - @smyrick PR #1822** - **Update warning about `federation_version` in `rover compose` - @smyrick, @Meschreiber PR #1806** - **Document how to use `subgraph fetch` with proposals - @Meschreiber PR #1823** --------- Co-authored-by: Geoffroy Couprie <apollo@geoffroycouprie.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is currently an open security warning on axios versions < 1.0, used by binary-install. Users were never affected by this issue (it's only relevant for cross-site requests, which installation packages never do), but they do get scary warnings when they install rover.
There are some open PRs on binary-install that address this but it may be easier to fix it by copying the code into the rover installer. I updated axios to 1.0. We can also remove the
rimrafdependency as its functionality is built-in to all our target versions of Node.js (14.14+).It seems like axios 1.0 has some proxy environment related code built in now, but I opted to keep the
axios-proxy-builderpackage so we don't need to spend time comparing the two.IMO, it would be great to go back to using binary-install in the future when it's updated.
Closes #1812