miniflare icon indicating copy to clipboard operation
miniflare copied to clipboard
verified publisher icon cloudflare

Upgrade undici to `v5.8.0`

Open yusukebe opened this issue 3 years ago • 1 comments

Hi! Upgraded undici to v5.8.0. This release fixed the vulnerabilities.

https://github.com/nodejs/undici/releases/tag/v5.8.0

yusukebe avatar Jul 21 '22 23:07 yusukebe

This undici updating has breaking changes. We can't adapt as it is. But, I think we should fix the vulnerabilities. Hmm...

yusukebe avatar Jul 28 '22 22:07 yusukebe

Hey! 👋 Apologies for the delayed response. I've recently returned from a long holiday and am catching up on issues and PRs now.

It looks like undici's fetch implementation now requires at least Node 16.8.0 as opposed to 16.7.0, hence most of the test failures.

There's also another issue with the File constructor which I've PRed a fix for: https://github.com/nodejs/undici/pull/1601. Hopefully that gets merged & released soon.

Will check we can bump the minimum supported Node version (in Wrangler too), but these security issues are unlikely to affect Miniflare users, as it's only intended as a local development and testing tool.

mrbbot avatar Aug 13 '22 10:08 mrbbot

Hi @mrbbot ! Thank you for checking this PR.

Will check we can bump the minimum supported Node version (in Wrangler too)

Please!

but these security issues are unlikely to affect Miniflare users, as it's only intended as a local development and testing tool.

Ah, you're definitely right!

yusukebe avatar Aug 13 '22 21:08 yusukebe

Closed in favour of #333. Thanks again for bringing these issues to our attention. 🙂

mrbbot avatar Aug 15 '22 20:08 mrbbot