Skip to content
This repository was archived by the owner on Mar 13, 2025. It is now read-only.

Bump undici version and minimum node version #333

Merged
mrbbot merged 4 commits into from
Aug 15, 2022
Merged

Bump undici version and minimum node version #333

mrbbot merged 4 commits into from
Aug 15, 2022

Conversation

@cameron-robey
Copy link
Contributor

@cameron-robey cameron-robey commented Aug 15, 2022

To target security vulnerabilities in undici, we update to the latest version.

From undici v5.7.0, we require a node >=16.8.0 - here we update the minimum to 16.13.0 (the first Node 16 LTS release)

@cameron-robey
Bump undici version and minimum node version
a9fd2a4 
To target security vulnerabilities in undici, we update to the latest version.

From undici v5.7.0, we require a node >=16.8.0 - here we update the minimum to 16.13.0 (the first Node 16 LTS release)
@cameron-robey
Pin undici version
7646912 
We should pin the version of undici
@cameron-robey cameron-robey mentioned this pull request Aug 15, 2022
Closed
JacobMGEvans
JacobMGEvans approved these changes Aug 15, 2022
View reviewed changes
Copy link

@JacobMGEvans JacobMGEvans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as @mrbbot is good with these changes, I think it is good to go.

@cameron-robey
Copy link
Contributor Author

cameron-robey commented Aug 15, 2022

Just worth noting that this will require some people to bump their version of node - I assume we have some precedent for a release like this

mrbbot
mrbbot approved these changes Aug 15, 2022
View reviewed changes
Copy link
Contributor

@mrbbot mrbbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thank you! 🙂 Added a couple tiny commits to fix tests, but otherwise... ✅

@mrbbot mrbbot merged commit 7894fa4 into cloudflare:master Aug 15, 2022
@mrbbot mrbbot mentioned this pull request Aug 15, 2022
Closed
@cameron-robey cameron-robey deleted the undici-version branch August 16, 2022 11:43
@cameron-robey cameron-robey mentioned this pull request Aug 19, 2022
Merged
@threepointone
Copy link
Contributor

threepointone commented Aug 22, 2022

Would you be ok using 16.8.0 as the minimum version instead? Makes the breaking change radius a little smaller.

@mrbbot
Copy link
Contributor

mrbbot commented Aug 22, 2022
edited
Loading

The thinking here was what if undici does this again? I'd rather we didn't have to make this kind of breaking change twice, and 16.13.0 was the first long-term support version of Node 16. We'd like people to be using the latest, supported versions of Node anyways, and there were just over 2 months between the releases of 16.7.0 and 16.13.0 so I don't think this will cause too many issues. When it does, they'll be a clear error telling people what's wrong. We, as developers of the packages, also get the option of using the newly added features ourselves if needed.

@threepointone
Copy link
Contributor

threepointone commented Aug 22, 2022

That's fair. Let's land this?

@threepointone
Copy link
Contributor

threepointone commented Aug 22, 2022

wait it was landed already ha

@mrbbot
Copy link
Contributor

mrbbot commented Aug 22, 2022

...and released in 2.7.0 😅

@CraigglesO CraigglesO mentioned this pull request Aug 31, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@mrbbot mrbbot mrbbot approved these changes

@JacobMGEvans JacobMGEvans JacobMGEvans approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cameron-robey @threepointone @mrbbot @JacobMGEvans