Stop testing Koa on Node.js v6 in order to update koa-bodyparser
.
#3240
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Support for Koa on Node.js v6 was dropped as of
apollo-server-koa@2.9.2
whenkoa-bodyparser
was updated in #3229. This PR only stops testing Koa on Node.js v6, which took a bit more work in order to continue testing on Koa on newer versions of Node.js while maintaining testing Node.js v6 for non-Koa frameworks.Since Node.js v6 is no longer supported by the Node.js Foundation, it was going to come to this sooner or later since transitive packages are inching their ECMAScript compilation targets to more and more recent versions of the language.
While Apollo Server itself will drop support for Node.js v6 in 3.x, the current Koa integration necessitates a more immediate exception since, after bringing #3229 (2dd0592), the
koa-bodyparser
package was updated to a new major version which, itself, dropped Node.js 6 support.That update to
koa-bodyparser
, which fixes an incorrect/malformedContent-length
header calculation is important enough on its own, but there's also a CVE for theqs
dependency, which makes it even more pressing.We should make sure both of those are included in Apollo Server, which currently drives the underlying version of
koa-bodyparser
(andkoa
, itself) for all users because of its close coupling within theapollo-server-koa
package).This doesn't necessarily mean that those who are still on Node.js v6 are completely out of luck, since they could probably modify their
package-lock.json
files to use an older copy ofkoa-bodyparser
, but anyone still using Node.js v6 should certainly make considerations - sooner rather than later — about upgrading to more recent and more supported versions of Node.js!Luckily, this micro-framework-management will soon no longer be a concern with Apollo Server, particularly because of the introduction of a transport abstraction, which is proposed in #3184.
Ref: #3184
Fixes: #3050