Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix axios peer dependency version #1188

Merged
merged 1 commit into from
Jun 15, 2022
Merged

Fix axios peer dependency version #1188

merged 1 commit into from
Jun 15, 2022

Conversation

mohd-akram
Copy link
Contributor

@mohd-akram mohd-akram commented Jun 9, 2022
edited
Loading

This fixes the issue mentioned in #1180. It should remain a peer dependency since its types are exposed by this library, but the version restriction should be loosened. Hopefully this can be released soon as the current version of the library cannot be installed if a user has a direct dependency on a newer version of axios.

@jsdevel
Copy link
Collaborator

jsdevel commented Jun 15, 2022

i agree with this approach. we'll move forward with this and see how it goes. if we absolutely must add it back as a dependency, then we will.

@jsdevel jsdevel merged commit 424bd37 into vpulim:master Jun 15, 2022
@jsdevel
Copy link
Collaborator

jsdevel commented Jun 15, 2022
edited
Loading

closes #1180

@jsdevel jsdevel mentioned this pull request Jun 15, 2022
Closed
@mohd-akram mohd-akram deleted the fix-axios-dep branch June 16, 2022 15:49
@alfaproject
Copy link

alfaproject commented Jun 24, 2022
edited
Loading

I don't know exactly what you guys did, but the latest version of soap doesn't work for us anymore. I tried adding axios as explicit dependency but it doesn't seem to help either. Our repository has a few different versions of axios added by other dependencies and probably the wrong one is being picked up by webpack... Can you be explicit about exactly what your node module requires? Later versions of axios don't seem to be compatible either because they don't follow semver...

This is the runtime error that we get when we try to open any endpoing that imports soap:

TypeError: hexoid is not a function

@jsdevel
Copy link
Collaborator

jsdevel commented Jun 25, 2022

alright, i think we need to add axios as an explicit dependency (i.e. merge #1180). @alfaproject please monitor #1180 .

@mohd-akram
Copy link
Contributor Author

This doesn't seem related to axios, it seems related to formidable and webpack.

@alfaproject see node-formidable/formidable#337.

@alfaproject
Copy link

Ok my bad, but either way I won’t be able to upgrade node-soap, meh ):

sandrozbinden-axa pushed a commit to axa-health/node-soap that referenced this pull request Oct 6, 2022
@mohd-akram @sandrozbinden-axa
Fix axios peer dependency version (vpulim#1188)
9fbcc7d
@MegaSpaceHamlet
Copy link 

node_modules/nestjs-soap/node_modules/axios
  soap  0.40.0 - 0.44.0 || >=1.0.0
  Depends on vulnerable versions of axios
  node_modules/nestjs-soap/node_modules/soap
    nestjs-soap  2.0.0 - 2.2.1 || >=3.0.1
    Depends on vulnerable versions of soap
    node_modules/nestjs-soap

soap 0.40.0 - 0.44.0 || >=1.0.0 depends on axios 0.27.2 as a peer dependency, which is apparently vulnerable, and definitely outdated. Is it possible to update the peer dependency? Or at least make it >=0.27.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mohd-akram @jsdevel @alfaproject @MegaSpaceHamlet