Skip to content

fix: update dependencies via npm audit fix#1705

Merged
arthurschreiber merged 3 commits intomasterfrom
arthur/npm-audit
Nov 15, 2025
Merged

fix: update dependencies via npm audit fix#1705
arthurschreiber merged 3 commits intomasterfrom
arthur/npm-audit

Conversation

@arthurschreiber
Copy link
Collaborator

@arthurschreiber arthurschreiber commented Nov 15, 2025

Before submitting a PR :

  1. Ensure your fork is created from master branch of the repository.
  2. Run npm install in the root folder.
  3. After bug fix/code change, ensure all the existing tests and new tests (if any) pass (npm run-script test-all). During development, to run individual test use node_modules/nodeunit test/<test_file.js> -t <test_name>.
  4. Build the driver (npm run build).
  5. Run eslint and flow typechecker (npm run lint).
  6. Run commitlint (node_modules/.bin/commitlint --from origin/master --to HEAD). Refer commit conventions and commit rules.

Thank you for Contributing!

@codecov
Copy link

codecov bot commented Nov 15, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.84%. Comparing base (a2053ff) to head (b7c8879).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1705   +/-   ##
=======================================
  Coverage   78.84%   78.84%           
=======================================
  Files          90       90           
  Lines        4887     4887           
  Branches      920      920           
=======================================
  Hits         3853     3853           
  Misses        736      736           
  Partials      298      298

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@arthurschreiber arthurschreiber merged commit 9e27684 into master Nov 15, 2025
24 of 25 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Nov 15, 2025

🎉 This PR is included in version 19.1.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

@prashantemerson
Copy link

prashantemerson commented Nov 26, 2025
edited
Loading

@arthurschreiber
Looks like this has some breaking changes. Our SQL connection broke with this new release. had to manually revert to previous version. Not sure what is wrong. but reverting it to previous version worked.

v19.1.3 - Sql connection throws SequelizeConnectionError (when used with Sequelize) code ESOCKKET
v19.1.2 - Work fine without issue

@arthurschreiber
Copy link
Collaborator Author

arthurschreiber commented Nov 26, 2025

Are you sure it's this specific PR that broke something? The changes in here shouldn't have any effect really.

@prashantemerson
Copy link

prashantemerson commented Nov 26, 2025

Are you sure it's this specific PR that broke something? The changes in here shouldn't have any effect really.

I am not 100% sure but I see in V19.1.3 only this PR has merged. Correct me if I am wrong.

@prashantemerson
Copy link

prashantemerson commented Nov 26, 2025

I compared versions v19.1.2 and v19.1.3, and the changes are not limited to this PR alone, so adding the message here wouldn’t be appropriate.
However, it’s confirmed that the issue occurs with v19.1.3.
From a high-level diff between the two versions, I don’t see any obvious changes that should cause this breakage.

@prashantemerson
Copy link

prashantemerson commented Nov 26, 2025
edited
Loading

Not an issue with Tedious V19.1.3 but it is package compatibly issue with @azure/identity v4.13.0

After further analysis, this appears to be a package compatibility issue rather than a problem with tedious. My apologies for initially attributing the issue here without a complete investigation.
While I’m not entirely certain, the root cause seems related to the combination of @azure/identity and tedious at the versions we are using.

Evidence from @azure/identity v4.13.0 Release

Release Date: October 2024
Key Changes in v4.13.0:

  • Updated @azure/core-rest-pipeline dependency from ^1.16.0 to ^1.17.0
  • Changes in connection pooling and keep-alive behavior
  • Modified DefaultAzureCredential error handling (credential chain errors now propagate differently, potentially causing earlier socket closures)

Specific Breaking Behavior in @azure/core-rest-pipeline v1.17.0:

  • Agent Reuse Policy Changed: Stricter socket cleanup
  • Connection Timeout Handling: Sockets are destroyed (not just closed) on timeout
  • Keep-Alive Defaults: More aggressive cleanup

Technical Root Cause

When tedious and @azure/identity run in the same Node.js process:

  • @azure/identity v4.13.0 makes an HTTPS request to https://login.microsoftonline.com/ for token acquisition.
  • The updated @azure/core-rest-pipeline creates an HTTPS agent with aggressive socket cleanup.
  • After token acquisition, the agent destroys the socket instead of closing it gracefully.
  • This can lead to race conditions in the Node.js event loop, corrupting socket state.
  • When tedious attempts to establish a SQL connection immediately after, it encounters ESOCKET errors because the socket pool is invalid.

Evidence URLs

@iomariani iomariani mentioned this pull request Jan 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arthurschreiber @prashantemerson