tests: make npm audit happy by inlining apollo-fetch

Our tests use the deprecated `apollo-fetch` package. This depends on an old version of the `cross-fetch` polyfill package which itself depends on a version of `node-fetch` with a minor CVE. This makes `npm audit` noisy, which is sad. There's no real vulnerability from `node-fetch` here since it's only used in tests, but it would be nice to quiet `npm audit`. Plus, in #5165 we grudgingly added `"dom"` to the `lib` in `tsconfig.test.base.json` just to support `apollo-fetch`. Updating `cross-fetch` in `apollo-fetch` is not enticing because it does pull in major version bumps of dependent packages; I wouldn't want to release a new version of a dead project that makes bad changes in some obscure contexts. But `apollo-fetch` is a pretty simple package. So instead, I just inlined `apollo-fetch` into `apollo-server-integration-testsuite`, deleted a bunch of features we aren't using like batch support, and made it use the `apollo-server-env` `fetch` rather than a global polyfill. The only use of `apollo-fetch` that didn't already depend on `apollo-server-integration-testsuite` was `apollo-server`, so add that devDependency.
apollographql · May 5, 2021 · 1254d68 · 1254d68
1 parent 93d586b
commit 1254d68
Show file tree

Hide file tree

Showing 17 changed files with 225 additions and 96 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -88,7 +88,6 @@
     "@types/type-is": "1.6.3",
     "@types/uuid": "8.3.0",
     "@types/ws": "7.4.1",
-    "apollo-fetch": "0.7.0",
     "apollo-link": "1.2.14",
     "apollo-link-http": "1.5.17",
     "apollo-link-persisted-queries": "0.2.2",

diff --git a/packages/apollo-server-express/src/__tests__/ApolloServer.test.ts b/packages/apollo-server-express/src/__tests__/ApolloServer.test.ts
@@ -3,7 +3,6 @@ import express from 'express';
 import http from 'http';
 
 import request from 'request';
-import { createApolloFetch } from 'apollo-fetch';
 
 import { gql, AuthenticationError } from 'apollo-server-core';
 import {
@@ -15,6 +14,7 @@ import {
 import {
   testApolloServer,
   createServerInfo,
+  createApolloFetch,
 } from 'apollo-server-integration-testsuite';
 
 const typeDefs = gql`

diff --git a/packages/apollo-server-express/src/__tests__/datasource.test.ts b/packages/apollo-server-express/src/__tests__/datasource.test.ts
@@ -4,10 +4,9 @@ import http, { Server } from 'http';
 
 import { RESTDataSource } from 'apollo-datasource-rest';
 
-import { createApolloFetch } from 'apollo-fetch';
 import { ApolloServer } from '../ApolloServer';
 
-import { createServerInfo } from 'apollo-server-integration-testsuite';
+import { createServerInfo, createApolloFetch } from 'apollo-server-integration-testsuite';
 import { gql } from '../index';
 import { AddressInfo } from 'net';
 import type { GraphQLResolverMap } from 'apollo-graphql';

diff --git a/packages/apollo-server-fastify/src/__tests__/ApolloServer.test.ts b/packages/apollo-server-fastify/src/__tests__/ApolloServer.test.ts
@@ -4,14 +4,14 @@ import fastify from 'fastify';
 import http from 'http';
 
 import request from 'request';
-import { createApolloFetch } from 'apollo-fetch';
 
 import { gql, AuthenticationError, Config } from 'apollo-server-core';
 import { ApolloServer, ServerRegistration } from '../ApolloServer';
 
 import {
   testApolloServer,
   createServerInfo,
+  createApolloFetch,
 } from 'apollo-server-integration-testsuite';
 
 const typeDefs = gql`

diff --git a/packages/apollo-server-fastify/src/__tests__/datasource.test.ts b/packages/apollo-server-fastify/src/__tests__/datasource.test.ts
@@ -2,10 +2,9 @@ import fastify, { FastifyInstance } from 'fastify';
 
 import { RESTDataSource } from 'apollo-datasource-rest';
 
-import { createApolloFetch } from 'apollo-fetch';
 import { ApolloServer } from '../ApolloServer';
 
-import { createServerInfo } from 'apollo-server-integration-testsuite';
+import { createServerInfo, createApolloFetch } from 'apollo-server-integration-testsuite';
 import { gql } from '../index';
 
 const restPort = 4003;

diff --git a/packages/apollo-server-hapi/src/__tests__/ApolloServer.test.ts b/packages/apollo-server-hapi/src/__tests__/ApolloServer.test.ts
@@ -1,11 +1,11 @@
 import {
   testApolloServer,
   createServerInfo,
+  createApolloFetch,
 } from 'apollo-server-integration-testsuite';
 
 import http = require('http');
 import request = require('request');
-import { createApolloFetch } from 'apollo-fetch';
 
 import { gql, AuthenticationError } from 'apollo-server-core';
 import { ApolloServer } from '../ApolloServer';

diff --git a/packages/apollo-server-integration-testsuite/src/ApolloServer.ts b/packages/apollo-server-integration-testsuite/src/ApolloServer.ts
@@ -28,7 +28,7 @@ import {
   ApolloFetch,
   GraphQLRequest,
   ParsedResponse,
-} from 'apollo-fetch';
+} from './apolloFetch';
 import {
   AuthenticationError,
   UserInputError,
@@ -40,7 +40,7 @@ import {
   GraphQLExecutor,
   GraphQLServiceConfig,
 } from 'apollo-server-core';
-import { Headers } from 'apollo-server-env';
+import { Headers, fetch } from 'apollo-server-env';
 import { TracingFormat } from 'apollo-tracing';
 import ApolloServerPluginResponseCache from 'apollo-server-plugin-response-cache';
 import { BaseContext, GraphQLRequestContext, GraphQLRequestContextExecutionDidStart } from 'apollo-server-types';
@@ -1167,11 +1167,6 @@ export function testApolloServer<AS extends ApolloServerBase>(
             const hash = sha256.create().update(TEST_STRING_QUERY).hex();
 
             const result = await apolloFetch({
-              // @ts-ignore The `ApolloFetch` types don't allow `extensions` to be
-              // passed in, in the same way as `variables`, with a request. This
-              // is a typing omission in `apollo-fetch`, as can be seen here:
-              // https://git.io/Jeb63  This will all be going away soon (and
-              // that package is already archived and deprecated.
               extensions: {
                 persistedQuery: {
                   version: VERSION,