Wrong Dynamic Code Evaluation errors
#36715
Labels
bug
Issue was opened via the bug report template.
Comments
10 tasks
kodiakhq bot
pushed a commit
that referenced
this issue
May 17, 2022
…36955) ## What's in there? Partially fixes vercel/edge-functions#82 Relates to #36715 Our webpack plugin for middleware leverages static analysis to detect Dyanamic code evaluation in user `_middleware.js` file (and depedencies). Since edge function runtime do not allow them, the build is aborted. The use of `Function.bind` is considered invalid, while it is legit. A customer using `@aws-sdk/client-s3` reported it. This PR fixes it. Please note that this check is too strict: some dynamic code may be in the bundle (despite treeshaking), but may never be used (because of code branches). Since this point is under discussion, this PR adds tests covering some false positives (`@apollo/react-hook`, `qs` and `has`), but does not change the behavior (consider them as errors). ## Notes to reviewer I looked for test facilities allowing to download the required 3rd party modules. `createNext()` in production context made my day, but showed two issues: - `cliOutput` is not cleaned in between tests. While clearance during `stop()` would be annoying, I hope that clearance during `start()` is better. - if `start()` fails while building, the created instance can never be stopped. This is because we don't clear `childProcess` after `build`. ## Bug - [x] Related issues linked using `fixes #number` - [x] Integration tests added - [ ] Errors have helpful link attached, see `contributing.md` ## Feature - [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR. - [ ] Related issues linked using `fixes #number` - [ ] Integration tests added - [ ] Documentation added - [ ] Telemetry added. In case of a feature if it's used or not. - [ ] Errors have helpful link attached, see `contributing.md` ## Documentation / Examples - [x] Make sure the linting passes by running `yarn lint`
|
This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Verify canary release
Provide environment information
Operating System:
Platform: darwin
Arch: x64
Version: Darwin Kernel Version 21.4.0: Fri Mar 18 00:46:32 PDT 2022; root:xnu-8020.101.4~15/RELEASE_ARM64_T6000
Binaries:
Node: 14.17.6
npm: 8.5.1
Yarn: 1.22.17
pnpm: 6.32.3
Relevant packages:
next: 12.1.6
react: 17.0.2
react-dom: 17.0.2
What browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
Vercel
Describe the Bug
A few examples from Next.js Live. These are libraries that we've used, and this code runs in CF, but upgrading to the latest Next.js, fails at build-time because of
Dynamic Code Evaluation.So, either these are detected by mistake or the tree-shaking is including these in the bundle, but they are never used.
@aws-sdk/client-s3(source)qsthrough these dependencies:get-intrinsic(source)function-bind(source)has(source)Expected Behavior
Build would not fail
To Reproduce
Try to build a middleware route that uses
qsor@aws-sdk/client-s3The text was updated successfully, but these errors were encountered: