Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest version of Parse Server.
Issue Description
Some GraphQL file tests needed to be disabled for Node >=17 to bring Parse Server forward for Node 17 / 18 compatibility, see #7896 (comment).
Disabled tests:
parse-server/spec/ParseGraphQLServer.spec.js
Line 9099 in 68b15c2
parse-server/spec/ParseGraphQLServer.spec.js
Line 6796 in 68b15c2
The node-fetch package became incompatible with its use in GraphQL Parse Server in Node 17/18. Either there is a fix, or node-fetch needs to be replaced with another package.
Going back and using old version of node-fetch 2.x is not an attractive option; the upgrade to 3.x was done previously by dependabot due to a security vulnerability. Even though it's a dev dependency, in a CI/CD pipeline outdated packages can be a security risk, depending on the type of vulnerability. It may also impact Parse Server's vulnerability score, as devDependencies may not always be excluded from that calculation. In addition, we'll keep getting automatic upgrade PRs for node-fetch from dependabot and Snky if we go back to 2.x.
The tests currently run on Node <17; since the Node 16 LTS end date is Apr 2024, we are at least keeping an eye on the tests until then, although we are not running them for Node >16.
Suggested solution:
- Run the tests only for Node <17 for now
- Do not run the tests on Node 17, which is an odd-intermediate version where LTS ends 2022-06 anyway
- Over time (until Node 16 LTS end Apr 2024), create a PR to run the tests on Node 18 using Node's built-in
fetch
Steps to reproduce
n/a
Actual Outcome
Tests are disabled.
Expected Outcome
Tests should be enabled.
Environment
n/a