Update project's dependencies to latest compatible versions #111
Conversation
oleiade
force-pushed
the
dependency_updates
branch
from
d696e2c
to
ae53929
Compare
oleiade
force-pushed
the
dependency_updates
branch
from
ae53929
to
c6bf07b
Compare
|
|
||
| import { v4 as uuidv4 } from 'uuid' |
There was a problem hiding this comment.
I'm not sure I'm getting what's the problem with this dependency. Can we just keep it without applying the change?
There was a problem hiding this comment.
Apologies, I should have been more explicit about this specifically 🙇🏻
So far, k6-jslib-aws relied on the uuid package to generate uuids. We were using version 3.4.0, which is quite old, but had the advantage of not relying on node's crypto.getRandomValues API. This version is now deprecated, and the newer versions (from 7.0.0, to 10.0.0) all rely on the node API exclusively (as far as I can tell), meaning we can't rely on it in a k6 context anymore.
Hence, switching to k6-utils instead. (Which coincidentally makes me realize there is a secure flag to activate to use a cryptographic random source instead)
There was a problem hiding this comment.
Thanks for the explanation @oleiade, all clear now! Looks great! 👍🏻
oleiade
force-pushed
the
dependency_updates
branch
from
c6bf07b
to
f2b00ee
Compare
The uuid version we use to rely upon (3.4.0) is now marked as deprecated. Newer versions of the package rely on node APIs that are not available in k6, and as a result, we cannot use it anymore.
In this PR, we update the project's dependencies to their latest compatible versions. This was overdue.
As we update to a much more recent version of k6, we also take this opportunity to switch to using WebCrypto's
crypto.RandomUUIDin the secrets manager too.