Skip to content

Bump undici due to security issue #8044

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 5 commits into from
Feb 27, 2024
Merged

Bump undici due to security issue #8044

merged 5 commits into from
Feb 27, 2024

Conversation

hsubox76
Copy link
Contributor

See GHSA-3787-6prv-h9w3

For reference, undici is used to polyfill fetch in our Node bundles, as we are not restricting Node support to 18+ yet.

Fixes #8038

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 26, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 180f9ab

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@firebase/auth-compat Patch
@firebase/firestore Patch
@firebase/functions Patch
@firebase/storage Patch
@firebase/auth Patch
firebase Patch
@firebase/storage-compat Patch
@firebase/firestore-compat Patch
@firebase/functions-compat Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@hsubox76 hsubox76 requested a review from a team as a code owner February 26, 2024 17:51
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 26, 2024
edited
Loading

Changeset File Check ✅

  • No modified packages are missing from the changeset file.
  • No changeset formatting errors detected.

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Feb 26, 2024
edited
Loading

Size Report 1

Affected Products

No changes between base commit (e5a1a34) and merge commit (12d5172).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/l6xYb99lnL.html

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Feb 26, 2024
edited
Loading

Size Analysis Report 1

Affected Products

No changes between base commit (e5a1a34) and merge commit (12d5172).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/D4m0wBYi2x.html

@danny-avila danny-avila mentioned this pull request Feb 26, 2024
Merged
@hsubox76 hsubox76 requested a review from DellaBitta February 27, 2024 01:18
@DellaBitta DellaBitta merged commit f3cec28 into master Feb 27, 2024
@DellaBitta DellaBitta deleted the ch-undici-bump branch February 27, 2024 14:11
@google-oss-bot google-oss-bot mentioned this pull request Feb 27, 2024
Merged
@firebase firebase locked and limited conversation to collaborators Mar 29, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@DellaBitta DellaBitta DellaBitta approved these changes

@lisajian lisajian Awaiting requested review from lisajian

@Xiaoshouzi-gh Xiaoshouzi-gh Awaiting requested review from Xiaoshouzi-gh

@renkelvin renkelvin Awaiting requested review from renkelvin

@sam-gc sam-gc Awaiting requested review from sam-gc

@zwu52 zwu52 Awaiting requested review from zwu52

@maneesht maneesht Awaiting requested review from maneesht

@tonyjhuang tonyjhuang Awaiting requested review from tonyjhuang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Known vulnerability in undici subdependency
3 participants
@hsubox76 @google-oss-bot @DellaBitta