Rupanshy commented on issue #349: URL: https://github.com/apache/couchdb-nano/issues/349#issuecomment-2604876579
Dear Maintainers, I hope this message finds you well. I wanted to follow up on the issue I raised regarding the nano package's compatibility with [email protected] due to the use of CommonJS syntax (require('axios')) in lib/nano.js. As highlighted earlier, projects relying on nano face runtime errors when attempting to upgrade to [email protected], which has transitioned to ES Modules (ESM). This has become a critical blocker, particularly for teams needing to address vulnerabilities in earlier versions of Axios (e.g., 0.28.x). Recap of the Issue Problem: require('axios') is incompatible with Axios 1.x, leading to runtime errors. Expected Behavior: nano should support Axios 1.x by transitioning to ESM syntax: import axios from 'axios'. Proposed Solution: Update the nano codebase to use import instead of require and declare axios@^1.0.0 as a peer dependency. Why This is Critical Security: Many organizations, including mine, are required to address vulnerabilities in earlier Axios versions. Ecosystem Alignment: Upgrading to Axios 1.x ensures compatibility with other modern libraries and benefits from performance improvements and security patches. Request for Update I understand that maintaining open-source projects requires significant time and effort, and I deeply appreciate the work you’ve done on nano. However, I’d like to inquire: Is there a timeline for addressing this compatibility issue? If assistance is needed, I’d be happy to contribute a pull request to help update the codebase for Axios 1.x compatibility. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
