graphql-upload - npm Package Versions

17.0.0

Major

• Updated Node.js support to ^18.18.0 || ^20.9.0 || >=22.0.0.

• Updated dev dependencies, some of which require newer Node.js versions than previously supported.

• Use the TypeScript v5.5+ JSDoc tag @import to import types in modules.

• Removed JSDoc tag @typedef that were unintentionally re-exporting types; to migrate import TypeScript types from the correct module:

  - import type { GraphQLUpload } from "graphql-upload/Upload.mjs";
  + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
  

  - import type { processRequest } from "graphql-upload/Upload.mjs";
  + import type processRequest from "graphql-upload/processRequest.mjs";
  

  - import type { GraphQLUpload } from "graphql-upload/processRequest.mjs";
  + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
  

• Refactored tests to use the standard AbortController, fetch, File, and FormData APIs available in modern Node.js and removed the dev dependencies node-abort-controller and node-fetch.

• Replaced the test utility function streamToString with the function text from node:stream/consumers that’s available in modern Node.js.

• Use the Node.js test runner API and remove the dev dependency test-director.

Minor

• Support Express v5 by updating the optional peer dependency @types/express to 4.0.29 - 5 and the dev dependency express to v5, via #389.

Patch

• Tweaked the package description.
• Updated the package.json field repository to conform to new npm requirements.
• Updated the package scripts:
  • Reordered the scripts.
  • Replaced npm run with node --run.
• Updated GitHub Actions CI config:
  • No longer run the workflow on pull request.
  • Enable manual workflow dispatching.
  • Run checks in seperate jobs.
  • Removed custom step names.
  • Replaced npm run with node --run.
  • Updated the tested Node.js versions to v18, v20, v22.
  • Updated actions/checkout to v4.
  • Updated actions/setup-node to v4.
• Migrated to the ESLint v9 CLI and “flat” config.
• Integrated a new dev dependency eslint-plugin-jsdoc and revised types.
• Removed the Node.js CLI option --unhandled-rejections=throw in the package script tests as it’s now the default for all supported Node.js versions.
• Avoid hardcoding a default value in the type FileUploadCreateReadStreamOptions property highWaterMark description and use the function getDefaultHighWaterMark from node:stream in tests.
• Replaced the test helper class Deferred with polyfilled Promise.withResolvers.
• Removed an unnecessary await in tests.
• Omit unused catch bindings in the function processRequest.
• Corrected the JSDoc type FileUploadCreateReadStreamOptions in the module processRequest.mjs.
• Avoid using return in the middleware.
• Added a new dev dependency async-listen to replace the test utility function listen.
• Enabled the TypeScript compiler options noUnusedLocals and noUnusedParameters and used the prefix _ for purposefully unused function parameters in tests.
• Updated the GitHub Markdown syntax for alerts in the readme.
• Tweaked wording in the readme and JSDoc descriptions.

16.0.2

Patch

• Updated dev dependencies.
• Use the node: URL scheme for Node.js builtin module imports.
• Improved JSDoc in the module GraphQLUpload.mjs.
• Revamped the readme:
  • Removed the badges.
  • More detailed installation instructions.
  • Added information about TypeScript config and optimal JavaScript module design.

16.0.1

Patch

• Support non latin1 characters in file names by setting the busboy option defParamCharset to utf8, fixing #328.
• Removed a redundant @ts-ignore comment.

16.0.0

Major

• Updated the fs-capacitor dependency to v8, fixing #318.

• The type FileUploadCreateReadStreamOptions from the processRequest.mjs module now uses types from fs-capacitor that are slightly more specific.

• The API is now ESM in .mjs files instead of CJS in .js files, accessible via import but not require. To migrate imports:

  - import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";
  

  - import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.mjs";
  

  - import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.mjs";
  

  - import processRequest from "graphql-upload/processRequest.js";
  + import processRequest from "graphql-upload/processRequest.mjs";
  

  - import Upload from "graphql-upload/Upload.js";
  + import Upload from "graphql-upload/Upload.mjs";
  

Patch

• Updated dev dependencies.
• Updated examples in JSDoc comments.
• Updated the changelog entry for v14.0.0 to show how to migrate imports.

15.0.2

Patch

• Updated dev dependencies.
• Corrected the TypeScript type for the Koa context ctx parameter for the Koa middleware created by the function graphqlUploadKoa, from import("koa").Context to import("koa").ParameterizedContext.

15.0.1

Patch

• Don’t import and link types from the middlware modules graphqlUploadExpress.js and graphqlUploadKoa.js within the module processRequest.js, fixing #314.

15.0.0

Major

• Updated the busboy dependency to v1, fixing #311.
  • This important update addresses the vulnerability CVE-2022-24434 (GHSA-wm7h-9275-46v2).
  • Some error messages have changed.
  • Temporarily until mscdex/busboy#297 is fixed upstream, for the function processRequest and the middleware graphqlUploadExpress and graphqlUploadKoa the option maxFileSize is actually 1 byte less than the amount specified.

Patch

• Updated the typescript dev dependency.
• In the function processRequest use the on method instead of once to listen for error events on the busboy parser, as in edge cases the same parser could have multiple error events and all must be handled to prevent the Node.js process exiting with an error.
• Simplified error handling within the function processRequest.
• Added a test for the function processRequest with a maliciously malformed multipart request.

14.0.0

Major

• Updated Node.js support to ^14.17.0 || ^16.0.0 || >= 18.0.0.

• Updated the graphql peer dependency to ^16.3.0.

• Updated the http-errors dependency to v2.

• Public modules are now individually listed in the package files and exports fields.

• Removed the package main index module; deep imports must be used. To migrate imports:

  - import { GraphQLUpload } from "graphql-upload";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
  

  - import { graphqlUploadExpress } from "graphql-upload";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
  

  - import { graphqlUploadKoa } from "graphql-upload";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
  

  - import { processRequest } from "graphql-upload";
  + import processRequest from "graphql-upload/processRequest.js";
  

  - import { Upload } from "graphql-upload";
  + import Upload from "graphql-upload/Upload.js";
  

• Shortened public module deep import paths, removing the /public/. To migrate imports:

  - import GraphQLUpload from "graphql-upload/public/GraphQLUpload.js";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
  

  - import graphqlUploadExpress from "graphql-upload/public/graphqlUploadExpress.js";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
  

  - import graphqlUploadKoa from "graphql-upload/public/graphqlUploadKoa.js";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
  

  - import processRequest from "graphql-upload/public/processRequest.js";
  + import processRequest from "graphql-upload/processRequest.js";
  

  - import Upload from "graphql-upload/public/Upload.js";
  + import Upload from "graphql-upload/Upload.js";
  

• Implemented TypeScript types via JSDoc comments, closing #282.

• The GraphQLUpload scalar no longer uses deprecated GraphQLError constructor parameters.

Patch

• Updated dev dependencies.
• Simplified dev dependencies and config for ESLint.
• Check TypeScript types via a new package types script.
• Removed the jsdoc-md dev dependency and the related package scripts, replacing the readme “API” section with a manually written “Exports” section.
• Removed the hard-rejection dev dependency. Instead, tests are run with the Node.js CLI flag --unhandled-rejections=throw to make Node.js v14 behave like newer versions.
• Removed the formdata-node dev dependency. Instead, File and FormData are imported from node-fetch.
• Updated GitHub Actions CI config:
  • Run tests with Node.js v14, v16, v18.
  • Updated actions/checkout to v3.
  • Updated actions/setup-node to v3.
• Reorganized the test file structure.
• Use the .js file extension in require paths.
• Use the Node.js Readable property readableEncoding instead of _readableState.encoding in tests.
• Use substring instead of the deprecated string method substr in tests.
• Fixed a typo in a code comment.
• Updated documentation.
• Added a license.md MIT License file, closing #86.

13.0.0

Major

• Updated Node.js support to ^12.22.0 || ^14.17.0 || >= 16.0.0.
• Updated dev dependencies, some of which require newer Node.js versions than previously supported.
• Removed ./package from the package exports field; the full package.json filename must be used in a require path.

Patch

• Updated the graphql peer dependency to 0.13.1 - 16.
• Updated dependencies.
• Also run GitHub Actions CI with Node.js v17.
• Simplified package scripts.
• Renamed imports in the test index module.
• Test the processRequest function with a GraphQL multipart request that has no files.
• Test the processRequest function with an unparsable multipart request.
• Replaced the form-data dev dependency with formdata-node, formdata-node, and node-abort-controller and refactored tests to align with web standards.
• Refactored the processRequest function to remove the isobject dependency.
• Improved the processRequest function, via #273:
  • Fixed ending requests from being handled incorrectly as aborting in edge cases, closing #272.
  • Fixed read streams created via the resolved Upload scalar value createReadStream method:
    • Not emitting the error event when the multipart request is aborted certain ways while the file is uploading.
    • Emitting incorrect error event details for multipart request file field parse errors.
• Configured Prettier option singleQuote to the default, false.
• Documentation tweaks.

12.0.0

Major

• Updated Node.js support to ^12.20 || >= 14.13.
• Updated dev dependencies, some of which require newer Node.js versions than previously supported.
• The tests are now ESM in .mjs files instead of CJS in .js files.
• Replaced the the package.json exports field public subpath folder mapping (deprecated by Node.js) with a subpath pattern. Deep require paths must now include the .js file extension.

Minor

• Added a package sideEffects field.

Patch

• Updated dependencies.
• Lint fixes for the updated Prettier version.
• Updated GitHub Actions CI config:
  • Updated the tested Node.js versions to v12, v14, v16.
  • Updated actions/checkout to v2.
  • Updated actions/setup-node to v2.
  • Simplify config with the npm install-test command.
  • Don’t specify the CI environment variable as it’s set by default.
• Removed npm-debug.log from the .gitignore file as npm v4.2.0+ doesn’t create it in the current working directory.
• Updated the EditorConfig URL.
• Updated the package keywords field.
• More specific package main field path.
• Simplified JSDoc related package scripts now that jsdoc-md v10 automatically generates a Prettier formatted readme.
• Added a package test:jsdoc script that checks the readme API docs are up to date with the source JSDoc.
• Refactored private constants from exports of a single module to individual modules.
• Fixed test name and comment typos.
• Updated external URLs in docs.
• Prettier format for a JSDoc code example.
• Updated a GraphQLUpload code example to use @graphql-tools/schema instead of graphql-tools.
• Removed from the readme the notice that the package was previously published as apollo-upload-server.
• Simplified the readme “Setup” and “Support” sections.