Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please upgrade to latest, formidable@v3! Check these notes: https://bit.ly/2ZEqIau #1781

Closed
frankstevens1 opened this issue Aug 27, 2023 · 8 comments
Closed

Please upgrade to latest, formidable@v3! Check these notes: https://bit.ly/2ZEqIau #1781

frankstevens1 opened this issue Aug 27, 2023 · 8 comments

Comments

@frankstevens1
Copy link

superagent/package.json

Line 27 in 83e92cb

"formidable": "^2.1.2",

@jimmywarting
Copy link
Contributor

jimmywarting commented Aug 27, 2023
edited
Loading

formidable v3 is ESM-only and can only be loaded async.
it also drops support for v10 which superagen v8 still supports.

but that is about to change. One plan is to switch to using fetch (undici) later on in next major release which is going to require NodeJS v16.8+ (b/c of undici requirement)

then we will likely not need formidable anymore cuz we could just do: fd = await response.formData(); fd.get('field')

@GeekBerry
Copy link

any update about this issue?

@rajattrt
Copy link

rajattrt commented Oct 5, 2023
edited
Loading

Hey @jimmywarting ,

Hope all's good! Just wanted to touch base on the progress of this ticket about removing Formidable from Superagent. We know it's a priority due to the impending Formidable v2 deprecation and those pesky security issues.

While we're in the process of fully ditching Formidable, how about we temporarily upgrade Superagent Formidable to version 3 (v3)?

  1. Security: We all know v2 has some security hiccups. Upgrading to v3 should patch those up, keeping our app safer.
  2. Deprecation: v2's on its way out. Going v3 now saves us from potential headaches when v2 gets officially put out to pasture.
  3. Stability: v3 probably comes with fixes and improvements that can boost our code's stability.

I'd love to hear your thoughts on this idea.

Oh, and here's the link to the Formidable Deprecation Notice for reference.

Thanks a bunch for your attention to this!

@jimmywarting
Copy link
Contributor

Yea, that would be a sensible thing to do. Quick to upgrade. Same functionality.

one thing that formidable has that response.formData() don't have is the possibility to also select a upload dir setting max file size and so on. so in a sense formidable dose some things better than response.formData() that is just all sitting in memory.

@alumni
Copy link
Contributor

alumni commented Oct 25, 2023

If you have plans for a major release, it would be great if the deprecated function url.parse(value) will be replaced with new URL(value). It is available in node 10+ and it will also solve the issues in escaping certain characters (e.g. ` for which you already have a workaround and ').

@jeremyhaile
Copy link

It's possible that upgrading would also fix this bug: #1786

@bmitmanski
Copy link

From version 3.5.0 package: Can be imported as ES module and required as commonjs module.
https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md#350

@kudlav kudlav mentioned this issue Apr 23, 2024
Closed
@titanism
Copy link
Collaborator

🚀 v9.0.0 released to npm 🚀

https://github.com/ladjs/superagent/releases/tag/v9.0.0

ref: #1800

Forward Email
https://forwardemail.net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@jeremyhaile @alumni @jimmywarting @rajattrt @GeekBerry @bmitmanski @frankstevens1 @titanism