polyfill-service icon indicating copy to clipboard operation
polyfill-service copied to clipboard

Published 20 hours ago verified publisher icon polyfillpolyfill

upgrade compute at edge library

Open wheresrhys opened this issue 2 years ago • 2 comments

to fix vulnerability SEC-35031

wheresrhys avatar Sep 20 '22 16:09 wheresrhys

Ah so we're using @fastly/js-compute to build a package to fastly/c-at-e/pkg: https://github.com/Financial-Times/polyfill-service/blob/d1cad0a5f0617133edec2302a48deb8e183a509a/fastly/c-at-e/package.json#L8

But that was removed in 0.3.0: https://github.com/fastly/js-compute-runtime/pull/108

Looks like we can use the fastly cli instead: https://developer.fastly.com/reference/cli/compute/

notlee avatar Sep 23 '22 08:09 notlee

Good morning @JakeChampion. Do you mind if I ask you a polyfill.io / Fastly c@e question?

Looks like to upgrade js-compute-runtime we're going to need to update the build script so it uses the fastly cli, since creating a tarball was removed from js-compute-runtime.

Running fastly compute build locally within fastly/c-at-e creates pkg/polyfill-service-c-at-e.tar.gz 🙌 So I'm thinking I'll update the Github action to use fastly/compute-actions/setup@main so fastly's cli is installed, and update the build script there. Just wanted to check with you that's sensible? I'm not sure its output is equivalent to js-compute-runtime bin/index.js bin/main.wasm.

notlee avatar Sep 23 '22 08:09 notlee

See https://github.com/Financial-Times/polyfill-service/pull/2712/

notlee avatar Sep 26 '22 08:09 notlee