Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade undici to v5.8.0 #320

Closed
wants to merge 1 commit into from

Conversation

yusukebe
Copy link

Hi! Upgraded undici to v5.8.0. This release fixed the vulnerabilities.

https://github.com/nodejs/undici/releases/tag/v5.8.0

@yusukebe
Copy link
Author

This undici updating has breaking changes. We can't adapt as it is.
But, I think we should fix the vulnerabilities. Hmm...

@mrbbot
Copy link
Contributor

mrbbot commented Aug 13, 2022

Hey! 👋 Apologies for the delayed response. I've recently returned from a long holiday and am catching up on issues and PRs now.

It looks like undici's fetch implementation now requires at least Node 16.8.0 as opposed to 16.7.0, hence most of the test failures.

There's also another issue with the File constructor which I've PRed a fix for: nodejs/undici#1601. Hopefully that gets merged & released soon.

Will check we can bump the minimum supported Node version (in Wrangler too), but these security issues are unlikely to affect Miniflare users, as it's only intended as a local development and testing tool.

@yusukebe
Copy link
Author

Hi @mrbbot ! Thank you for checking this PR.

Will check we can bump the minimum supported Node version (in Wrangler too)

Please!

but these security issues are unlikely to affect Miniflare users, as it's only intended as a local development and testing tool.

Ah, you're definitely right!

@mrbbot
Copy link
Contributor

mrbbot commented Aug 15, 2022

Closed in favour of #333. Thanks again for bringing these issues to our attention. 🙂

@mrbbot mrbbot closed this Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants