wait-on

Update axios from 0.27.2 to latest 1.6.1 which fixes security vulnerability CVE-2023-45857.

Thanks @AndrewMax for the PR #147 and also for those that confirmed it.

Update dependencies.

Add ability to specify timeout, httpTimeout, and tcpTimeout with a unit (ms, m, s, h), defaults to ms if not specified. Thanks @ntkoopman

Removed unnecessary eslint-plugin-standard. It was no longer needed since already included in another package.

Updated dependencies:

• minimist
• eslint
• minimatch
• axios
• mocha
• rxjs

The update to latest mocha removed support for Node.js below 12.

Updated minor dependencies to fix vulnerabilities

Other than dropping support for Node.js v8 there should be no other breaking changes.

Node.js v8 was no longer supported by the yargs parser. Node.js v8 users should use v5.3.0

Allow resources to be passed in via config file. Thanks @michaelmerrill for the PR.

Example config.js file with resources

module.exports = {
  resources: ['http://localhost:8123', 'http://localhost:8123/foo'],
};

Updated [email protected]

Updated lodash dependency to close vulnerability

Update dependencies

• expose the remaining resources in the timeout error message (thanks @jmealo)
• update from the deprecated @hapi/joi to joi (thanks @AleF83)

Add proxy option which can override the http(s) proxy which might be configured in environment variables.

• opts.proxy: undefined, false, or object as defined in axios. Default is undefined. If not set (undefined) axios detects proxy from env vars http_proxy and https_proxy. https://github.com/axios/axios#config-defaults

  // example proxy object
  {
    host: '127.0.0.1',
    port: 9000,
    auth: {
      username: 'mikeymike',
      password: 'rapunz3l'
    }
  }

update to [email protected]

[email protected] update which resolved some potential lodash vulnerabilities

Force axios to use http adapter to keep logs clean if jest/jsdom are used with the wait-on API.

If jest/jsdom is used then a polyfill for xhr is created which will cause axios to default the adapter to it. Since jsdom logs all errors use of wait-on will have any failed attempts to connect logged which is rather noisy and misleading.

By forcing axios to use the node.js http adapter instead this problem is bypassed keeping logs clean.

Switch HTTP client from request to axios

Since the request package is no longer receiving updates, wait-on switched to using axios. Attempt to keep the same wait-on options as much as possible.

These breaking changes occurred in the switch:

1. There is only one option for redirects followRedirect: true|false (defaults to true).
2. httpSignature is not implemented in axios and now not available. (If this feature is still desired, please help by providing a pull request to implement it.)
3. auth allows only username and password but not the previous aliases user and pass

add optional validateStatus fn property

If validateStatus property is provided in the
config and set to a function, it will use this to
validate whether a status is valid.

The default validateStatus if not provided is

validateStatus: function (status) {
  return status >= 200 && status < 300;
}

To also allow a 401 unauthorized as a valid status

validateStatus: function (status) {
  return status === 401 || (status >= 200 && status < 300);
}

Since the request package is no longer receiving updates, wait-on switched to using axios. Attempt to keep the same wait-on options as much as possible.

These breaking changes occurred in the switch:

1. There is only one option for redirects followRedirect: true|false (defaults to true).
2. httpSignature is not implemented in axios and now not available. (If this feature is still desired, please help by providing a pull request to implement it.)
3. auth allows only username and password but not the previous aliases user and pass

Updated dependencies which closed security vulnerability in minimist and acorn.

Rewrite of the main code to simplify the logic and reduce possibility for race conditions. Bumped the major version do to the rewrite and also a minor change in how the stability window is used. In the new version the stability window only applies to file resources (waiting for them to exist and stop changing), for other resources they are completed as soon as available.

Also in the new logic, once a resource becomes available the system doesn't continue to check it, it only continues checking the pending resources.

Logging was improved and simplified.

• -l / --log just indicate what resources are still pending
• -v / --verbose includes resources that are pending and debug info from checks

Updated many dependencies including rxjs, and joi. Removed core-js polyfill as no longer needed.

Added a -s / --simultaneous optional flag to the command. If provided it will limit the number of simultaneous or concurrent connections to an individual resource. It defaults to Infinity so it will make requests without caring about previous ones. If you were to set it to "1" then it wouldn't be sending new requests to http://foo before the previous one finished (success, failure, or timeout).

• Added --httpTimeout option

--httpTimeout

  Maximum time in ms to wait for an HTTP HEAD/GET request, default 0
  which results in using the OS default

• Upgraded dependencies: #38, thanks @matijagaspar

• Require Node Version +8.9.0: #33

Thanks to @valscion for summarizing the release notes.
Also thanks to @perry-mitchell for mentioning that this should have been a major release bump due to dropping support for Node 6. Node 6 users should use v3.2.0. In the future, I will bump major version when Node version support changes.

Added --tcpTimeout option

 --tcpTimeout

   Maximum time in ms for tcp connect, default 300ms

thanks @Sarithis