Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump undici due to security issue #8044

Merged
merged 5 commits into from Feb 27, 2024
Merged

Bump undici due to security issue #8044

merged 5 commits into from Feb 27, 2024

Conversation

hsubox76
Copy link
Contributor

See GHSA-3787-6prv-h9w3

For reference, undici is used to polyfill fetch in our Node bundles, as we are not restricting Node support to 18+ yet.

Fixes #8038

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 26, 2024
edited

🦋 Changeset detected

Latest commit: 180f9ab

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@firebase/auth-compat Patch
@firebase/firestore Patch
@firebase/functions Patch
@firebase/storage Patch
@firebase/auth Patch
firebase Patch
@firebase/storage-compat Patch
@firebase/firestore-compat Patch
@firebase/functions-compat Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@hsubox76 hsubox76 requested a review from a team as a code owner February 26, 2024 17:51
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 26, 2024
edited

Changeset File Check ✅

  • No modified packages are missing from the changeset file.
  • No changeset formatting errors detected.

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Feb 26, 2024
edited

Size Report 1

Affected Products

No changes between base commit (e5a1a34) and merge commit (12d5172).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/l6xYb99lnL.html

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Feb 26, 2024
edited

Size Analysis Report 1

Affected Products

No changes between base commit (e5a1a34) and merge commit (12d5172).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/D4m0wBYi2x.html

@danny-avila danny-avila mentioned this pull request Feb 26, 2024
Merged
@DellaBitta DellaBitta merged commit f3cec28 into master Feb 27, 2024
44 checks passed
@DellaBitta DellaBitta deleted the ch-undici-bump branch February 27, 2024 14:11
@google-oss-bot google-oss-bot mentioned this pull request Feb 27, 2024
Merged
@firebase firebase locked and limited conversation to collaborators Mar 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@DellaBitta DellaBitta DellaBitta approved these changes

@lisajian lisajian Awaiting requested review from lisajian lisajian is a code owner

@Xiaoshouzi-gh Xiaoshouzi-gh Awaiting requested review from Xiaoshouzi-gh Xiaoshouzi-gh is a code owner

@renkelvin renkelvin Awaiting requested review from renkelvin

@sam-gc sam-gc Awaiting requested review from sam-gc sam-gc is a code owner

@zwu52 zwu52 Awaiting requested review from zwu52 zwu52 is a code owner

@maneesht maneesht Awaiting requested review from maneesht maneesht is a code owner

@tonyjhuang tonyjhuang Awaiting requested review from tonyjhuang tonyjhuang is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Known vulnerability in undici subdependency
3 participants
@hsubox76 @google-oss-bot @DellaBitta