-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: use esbuild-plugins-node-modules-polyfill
#3832
refactor: use esbuild-plugins-node-modules-polyfill
#3832
Conversation
|
A wrangler prerelease is available for testing. You can install this latest build in your project with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-wrangler-3832 You can reference the automatically updated head of this PR with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/3832/npm-package-wrangler-3832 Or you can use npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-wrangler-3832 dev path/to/script.js Additional artifacts:npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-create-cloudflare-3832 --no-auto-update npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-cloudflare-kv-asset-handler-3832 npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-miniflare-3832 npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-cloudflare-pages-shared-3832 npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/8279466977/npm-package-cloudflare-vitest-pool-workers-3832 Note that these links will no longer work once the GitHub Actions artifact expires.
Please ensure constraints are pinned, and |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## v4 #3832 +/- ##
==========================================
+ Coverage 70.35% 71.48% +1.13%
==========================================
Files 298 309 +11
Lines 15567 16083 +516
Branches 4007 4103 +96
==========================================
+ Hits 10952 11497 +545
+ Misses 4615 4586 -29
|
f2c0092
to
5e2436c
Compare
Failing CI seems to be unrelated |
Hey! 👋 Thanks for this PR! We discussed this as a team, and I think we're going to hold off merging this until we're ready to do a major release: #1232 (comment). We're also going to do an audit of these polyfills and our natively supported Node builtins added with the |
@mrbbot It would be nice if we could drop the polyfills, but I don't think it hurts to switch to a more up-to-date & maintained version for now either 🤷♂️ |
hey @MichaelDeBoey :) definitely agree it's good to stay up to date in the meantime. however per #1232 (comment), we believe this represents a breaking change and as such will hold off for now. as @mrbbot noted, we plan to audit the polyfills -- if this update is still necessary we'll schedule it as part of the next major release 👍 |
7781535
to
5370d39
Compare
e60d42c
to
66d6f54
Compare
These new polyfills are higher fidelity than the old ones, which causes the Cloudflare socket detection to fail in the node-postgres library. I have created a fix there to tighten that detection up - brianc/node-postgres#3170 But we will need that fix to go hand in hand with landing this PR. |
if you want to exclude |
That sounds like a good solution for now. Thanks |
fc5895a
to
abd6eee
Compare
79f36c0
to
38e08fc
Compare
Emptying the Here is a link to other projects that might rely upon these polyfills: https://github.com/search?q=node_compat+%3D+true+language%3ATOML&type=code&l=TOML We should contact these projects and ask them to test out the prerelease of v4. |
(There was no need to avoid polyfilling the tls library because the |
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
9997298 | Triggered | Generic Database Assignment | bd935cf | packages/wrangler/src/tests/hyperdrive.test.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
9da3533
to
defb3d5
Compare
Oops - sorry. I accidentally closed this by pushing the wrong commits when rebasing. |
This PR replaces
@esbuild-plugins/node-globals-polyfill
&@esbuild-plugins/node-modules-polyfill
with the up-to-date & maintainedesbuild-plugins-node-modules-polyfill
The
esbuild-plugins
repo itself points towards usingesbuild-plugin-polyfill-node
insteadhttps://github.com/remorses/esbuild-plugins/blob/373b44902ad3e669f7359c857de09a930ce1ce90/README.md?plain=1#L15-L16
After doing this in the Remix repo (see remix-run/remix#5274), we got quite some new bugs, so we chose to go for @imranbarbhuiya's
esbuild-plugins-node-modules-polyfill
instead (see remix-run/remix#6562), which is an up-to-date and well maintained alternativeAdded benefit is that we won't get the following deprecation warnings when installing
@esbuild-plugins/node-modules-polyfill
:Resolves #1232