-
Notifications
You must be signed in to change notification settings - Fork 1.3k
request has gone into maintenance mode. Maybe replace it. #2851
Comments
That is not a big issue. We could possibly drop the usage of request completely but this could mean some issues for users connecting via proxy. |
ftw I used node-fetch |
As your message shows, "request" is also used by node-gyp, so removing it here wouldn't remove the transitive dependency or that second warning. Updating node-gyp is something we're not looking at till the next major version because of breaking changes, but it looks like the latest node-gyp is also still using request https://github.com/nodejs/node-gyp/blob/dab030536b6a70ecae37debc74c581db9e5280fd/package.json#L31 |
Doing a quick look shows it doesn't have any support for proxies, and wouldn't be a suitable replacement |
@nschonni Thanks for a response and a wonderful lib used by me and thousands. I do think it puts pressure on gyp if they are the only ones not solving it. However, I have no awareness of the effort, so no matter what, thank you for your efforts! |
We've looked at this a few times in the past. Previously we've been blocked on backwards compatibility since most request alternatives would require us to drop legacy Node support. With v5 coming up we're in a position to make this breaking change. I've re-surveyed the http library landscape based the following resources: The most viable alternatives IMHO in order of preference are: There are some shinier, newer options but most refuse to support proxies out right. For this reason |
@xzyfer just to throw my two cents in, I don't think backwards compatibility should be a factor whatsoever for a major release when it means keeping deprecated packages. My personal vote would be to remove the dependency completely, and people who rely on legacy node versions (who probably aren't updating a lot of things anyways) can use the older versions. I'd also say proxy support should be added in its own separately maintained package if it causes this much headache in updating the main package to not rely on deprecated packages |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Just got it myself, any update on this or.... ? Thanks |
Just got it myself too, any plan to update it? Thank you! |
@saper as a solution for proxy you could use standard node API and pass a hook for Agent, so people could easily use proxy-agent. |
One more deprecation from request... npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported |
Any progress on this? |
AFAIK there is still no alternative with proxy support. If that situation
changes we will happily switch over.
…On Fri, 12 Feb 2021, 1:19 pm Alessandro Barbieri, ***@***.***> wrote:
Any progress on this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2851 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAENSWGESBH45WLAEHI3WR3S6SF4BANCNFSM4KVWQI3Q>
.
|
@xzyfer what's wrong with I still return to proxy support should be its own separate add-on if it causes this much of a problem in getting rid of deprecated insecure packages for the majority of users |
FWIW |
According to #2851 (comment) and #2851 (comment) it's obvious that |
Hi. I need some hit which |
Dear team,
thanks for your work!
I would like to report that the package
request
which you are loading has went into maintenance mode request/request#3142Therefore, yarn is currently giving me:
Maybe you find time (and a good replacement) to replace it for your upcoming major release.
Thanks!
The text was updated successfully, but these errors were encountered: