Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite library to fix vulnerable dependencies #19

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Rewrite library to fix vulnerable dependencies #19

wants to merge 22 commits into from

Conversation

alexbrazier
Copy link

@alexbrazier alexbrazier commented Apr 4, 2024
edited
Loading

Closes #1
Closes #16
Closes #15
Closes #5

Rewrite library using swagger-typescript-api with only dependency being axios.

  • Auto generate api directly from swagger spec
  • Build scripts to auto update, verify generated files and publish

There is a test version published on npm at @groupcards/brevo

This is basically a full rewrite, but should be easy to maintain as it is fully generated by running yarn generate and is based on the swagger spec. It also has a github action check to make sure no-one has modified the generated file.

As in the updated readme, it is similar to the old api and fairly easy to use with full typescript support:

import BrevoApi from "@getbrevo/brevo";

const brevo = new BrevoApi({
  headers: {
    "api-key": "YOUR_API_KEY",
  },
});

const account = await brevo.account.getAccount()

Contributing

Please see the updated contributing file to explain how to regenerate api when there are new changes and publishing npm package https://github.com/squareda/brevo-node/blob/updates/CONTRIBUTING.md

@alexbrazier alexbrazier requested a review from aayush-sib as a code owner April 4, 2024 10:59
@alexbrazier alexbrazier mentioned this pull request Apr 4, 2024
Open
@johtso
Copy link

johtso commented Apr 12, 2024

Is it not possible to avoid the axios dependency and make it compatible with serverless environments?

@alexbrazier
Copy link
Author

Is it not possible to avoid the axios dependency and make it compatible with serverless environments?

Still waiting to hear back from Brevo about it, but it would be possible to switch by changing the generate file. Main question would be do you expect users to provide their own fetch version, or do you install a polyfill.

It would look something like this:

const brevo = new Brevo({
  baseApiParams: {
    headers: {
      "api-key": "",
    },
  },
  // optional fetch polyfill for node versions < 18
  customFetch: fetch,
});

@maxbraeutigam
Copy link

Hi @shubhamUpadhyayInBlue and @aayush-sib — you need to communicate with the community. Please, give us and @alexbrazier a feedback on how you gonna deal with his PR.

@alexbrazier
Copy link
Author

I've updated this PR to fix the merge conflicts and also switched to a newer version of the swagger url which has the new brevo domain.

I've also updated the description to include the contributing document which explains how to generate the new code when the swagger spec changes and how to easily release via github actions

@alexbrazier alexbrazier mentioned this pull request May 7, 2024
Open
@Mheaus
Copy link

Mheaus commented Oct 22, 2024

I think we could envisage using a fork instead of the official package at this point

@SergioNR
Copy link

Any updates on this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aayush-sib aayush-sib Awaiting requested review from aayush-sib aayush-sib is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@alexbrazier @johtso @maxbraeutigam @Mheaus @SergioNR