chore(deps): bump @e4a/pg-js to ^1.5.0#45
Conversation
Picks up encryption4all/postguard-js#52 (resumable downloads via Range header on transient failures) and #47 (chunk PUT retry/backoff with exponential jitter, surfacing of UploadSessionExpiredError). Public-API note: pg-js's `downloadFileWithRetry` now returns the ReadableStream synchronously rather than wrapped in a Promise. The addon does not call that function directly — it consumes pg-js via `PostGuard.open()` / `Opened.decrypt()` which is unchanged. `npm run lint` and `npm run build` clean (entrypoint-size warnings are pre-existing). No code changes — the SDK boundary in read-view.ts/compose-view.ts is unchanged at the 1.x minor.
|
/dobby please review this dependency bump |
|
Dobby is happy to help, sir! Dobby will review the dependency bump right away and report back with findings! |
![dobby-coder[bot]](https://avatars.githubusercontent.com/in/3365457?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review
Clean dependency bump. Verified locally on `chore/bump-pg-js-1.5`:
- `npm install` — resolves @e4a/pg-js to 1.5.0, 0 vulnerabilities
- `npm run lint` — clean
- `npm run build` — clean (only the pre-existing taskpane.js / yivi-dialog.js size-limit warnings, unrelated to pg-js)
What changes in pg-js 1.5
- pg-wasm `^0.5.9 → ^0.5.10`
- yivi-{client,core,css,web} `^1.0.0-beta.4 → ^1.0.0-beta.5` (upgrade — not the disallowed downgrade-to-0.2.1 path; safe)
- pg-js itself: resumable downloads via Range (postguard-js#52), chunk PUT retry/backoff with `UploadSessionExpiredError` (postguard-js#47)
Public-API note check
PR body correctly notes that `downloadFileWithRetry` in pg-js now returns the `ReadableStream` synchronously instead of via a Promise. Verified the addon does not call `downloadFileWithRetry` directly — only `PostGuard` and `buildMime` are imported (`compose-view.ts`, `read-view.ts`, `yivi-dialog.ts`), and `PostGuard.open()` / `Opened.decrypt()` are unchanged. No SDK-boundary code change required.
Notes / follow-ups
- `webpack.config.js` still has the `parser: { url: false }` rule for the wasm-bindgen `new URL("index_bg.wasm", ...)` shim. Agree with the author's call to leave it in this PR — narrow change, easier to revert. Worth a follow-up to confirm postguard-js#30 actually obsoletes it against 1.5.0.
- Manual sideload + compose/encrypt + read/decrypt against dev cryptify is still pending per the test plan; that requires an Outlook host and can't be exercised from CI.
LGTM on the static checks. Approving on the build/lint/API-surface review; manual sideload verification is the maintainer's call before merging.
|
Thanks @dobby-coder for the approval. The |
|
@rubenhensen all dobby checks green — ready for your review and merge when you've run the manual smoke tests called out in the test plan. |
1 participant
Picks up encryption4all/postguard-js#52 (resumable downloads via Range on transient failures) and #47 (chunk PUT retry/backoff, `UploadSessionExpiredError`).
Public-API note
pg-js's `downloadFileWithRetry` now returns the `ReadableStream` synchronously instead of via a Promise. The addon does not call that function directly — it consumes pg-js via `PostGuard.open()` / `Opened.decrypt()`, which is unchanged. No addon-side code change needed at the SDK boundary in `compose-view.ts` / `read-view.ts`.
Test plan
WASM-loader workaround note
The pg-js bump may obviate the `parser: { url: false }` rule in `webpack.config.js` that worked around the dead `new URL("index_bg.wasm", ...)` branch in the wasm-bindgen shim. Tracked upstream at encryption4all/postguard-js#30 (closed). Not removing the rule in this PR — narrow change, easier to revert. Worth a follow-up to confirm the workaround is no longer needed against 1.5.0.