Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security upgrade node-fetch #17009

Merged
merged 5 commits into from
Sep 11, 2020
Merged

Security upgrade node-fetch #17009

merged 5 commits into from
Sep 11, 2020

Conversation

sakit0
Copy link
Contributor

@sakit0 sakit0 commented Sep 11, 2020

There was a security update for node-fetch.

This is an important security release. It is strongly recommended to update as soon as possible.
https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261

@ijjk ijjk added examples Issue/PR related to examples type: next labels Sep 11, 2020
@sakit0 sakit0 changed the title security upgrade node-fetch Security upgrade node-fetch Sep 11, 2020
@ijjk
Copy link
Member

ijjk commented Sep 11, 2020

Stats from current PR

Default Server Mode (Decrease detected ✓)
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 12.6s 12.8s ⚠️ +119ms
nodeModulesSize 57 MB 57 MB ⚠️ +1 B
Page Load Tests Overall decrease ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
/ failed reqs 0 0
/ total time (seconds) 2.207 2.316 ⚠️ +0.11
/ avg req/sec 1132.86 1079.45 ⚠️ -53.41
/error-in-render failed reqs 0 0
/error-in-render total time (seconds) 1.231 1.272 ⚠️ +0.04
/error-in-render avg req/sec 2030.47 1964.93 ⚠️ -65.54
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Rendered Page Sizes
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
index.html gzip 1 kB 1 kB
link.html gzip 1.01 kB 1.01 kB
withRouter.html gzip 994 B 994 B
Overall change 3 kB 3 kB
Serverless Mode
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 14.3s 14.2s -93ms
nodeModulesSize 57 MB 57 MB ⚠️ +1 B
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Serverless bundles
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_error.js 1.03 MB 1.03 MB
404.html 4.34 kB 4.34 kB
hooks.html 3.92 kB 3.92 kB
index.js 1.04 MB 1.04 MB
link.js 1.08 MB 1.08 MB
routerDirect.js 1.07 MB 1.07 MB
withRouter.js 1.07 MB 1.07 MB
Overall change 5.31 MB 5.31 MB
Commit: f3a67d8

sakit0 and others added 2 commits September 11, 2020 16:13
@sakit0 @timneutkens
Update examples/with-zeit-fetch/package.json
956b26d 
Co-authored-by: Tim Neutkens <tim@timneutkens.nl>
@sakit0 @timneutkens
Update packages/next/package.json
a838664 
Co-authored-by: Tim Neutkens <tim@timneutkens.nl>
@sakit0
Copy link
Contributor Author

sakit0 commented Sep 11, 2020

@timneutkens
Thank you. It has changed.

@ijjk
Copy link
Member

ijjk commented Sep 11, 2020

Stats from current PR

Default Server Mode (Decrease detected ✓)
General
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 11.2s 11.9s ⚠️ +726ms
nodeModulesSize 57 MB 57 MB
Page Load Tests Overall decrease ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
/ failed reqs 0 0
/ total time (seconds) 2.096 2.14 ⚠️ +0.04
/ avg req/sec 1192.99 1168.41 ⚠️ -24.58
/error-in-render failed reqs 0 0
/error-in-render total time (seconds) 1.182 1.174 -0.01
/error-in-render avg req/sec 2114.74 2129.65 +14.91
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Rendered Page Sizes
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
index.html gzip 1 kB 1 kB
link.html gzip 1.01 kB 1.01 kB
withRouter.html gzip 994 B 994 B
Overall change 3 kB 3 kB
Serverless Mode
General
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 12.9s 12.3s -562ms
nodeModulesSize 57 MB 57 MB
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Serverless bundles
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_error.js 1.03 MB 1.03 MB
404.html 4.34 kB 4.34 kB
hooks.html 3.92 kB 3.92 kB
index.js 1.04 MB 1.04 MB
link.js 1.08 MB 1.08 MB
routerDirect.js 1.07 MB 1.07 MB
withRouter.js 1.07 MB 1.07 MB
Overall change 5.31 MB 5.31 MB
Commit: 956b26d

@ijjk
Copy link
Member

ijjk commented Sep 11, 2020

Stats from current PR

Default Server Mode (Increase detected ⚠️)
General
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 13.5s 13.5s -35ms
nodeModulesSize 57 MB 57 MB
Page Load Tests Overall increase ✓
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
/ failed reqs 0 0
/ total time (seconds) 2.455 2.407 -0.05
/ avg req/sec 1018.14 1038.68 +20.54
/error-in-render failed reqs 0 0
/error-in-render total time (seconds) 1.553 1.467 -0.09
/error-in-render avg req/sec 1609.3 1703.9 +94.6
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Rendered Page Sizes
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
index.html gzip 1 kB 1 kB
link.html gzip 1.01 kB 1.01 kB
withRouter.html gzip 994 B 994 B
Overall change 3 kB 3 kB
Serverless Mode
General
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 14.8s 15.1s ⚠️ +278ms
nodeModulesSize 57 MB 57 MB
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Serverless bundles
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_error.js 1.03 MB 1.03 MB
404.html 4.34 kB 4.34 kB
hooks.html 3.92 kB 3.92 kB
index.js 1.04 MB 1.04 MB
link.js 1.08 MB 1.08 MB
routerDirect.js 1.07 MB 1.07 MB
withRouter.js 1.07 MB 1.07 MB
Overall change 5.31 MB 5.31 MB
Commit: a838664

timneutkens
timneutkens previously approved these changes Sep 11, 2020
View reviewed changes
@timneutkens timneutkens mentioned this pull request Sep 11, 2020
Closed
@ijjk
Copy link
Member

ijjk commented Sep 11, 2020

Stats from current PR

Default Server Mode (Decrease detected ✓)
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 12.2s 12.1s -89ms
nodeModulesSize 57 MB 57 MB ⚠️ +157 B
Page Load Tests Overall decrease ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
/ failed reqs 0 0
/ total time (seconds) 2.224 2.248 ⚠️ +0.02
/ avg req/sec 1124.06 1112.26 ⚠️ -11.8
/error-in-render failed reqs 0 0
/error-in-render total time (seconds) 1.374 1.375 0
/error-in-render avg req/sec 1819.39 1818.11 ⚠️ -1.28
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Rendered Page Sizes
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
index.html gzip 1 kB 1 kB
link.html gzip 1.01 kB 1.01 kB
withRouter.html gzip 994 B 994 B
Overall change 3 kB 3 kB
Serverless Mode (Increase detected ⚠️)
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 13.7s 13.8s ⚠️ +130ms
nodeModulesSize 57 MB 57 MB ⚠️ +157 B
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Serverless bundles Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_error.js 1.03 MB 1.03 MB ⚠️ +157 B
404.html 4.34 kB 4.34 kB
hooks.html 3.92 kB 3.92 kB
index.js 1.04 MB 1.04 MB ⚠️ +157 B
link.js 1.08 MB 1.08 MB ⚠️ +157 B
routerDirect.js 1.07 MB 1.07 MB ⚠️ +157 B
withRouter.js 1.07 MB 1.07 MB ⚠️ +157 B
Overall change 5.31 MB 5.31 MB ⚠️ +785 B
Commit: 25bfa28

@ijjk
Copy link
Member

ijjk commented Sep 11, 2020

Stats from current PR

Default Server Mode (Increase detected ⚠️)
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 12.5s 12.6s ⚠️ +178ms
nodeModulesSize 57 MB 57 MB ⚠️ +157 B
Page Load Tests Overall increase ✓
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
/ failed reqs 0 0
/ total time (seconds) 2.278 2.209 -0.07
/ avg req/sec 1097.28 1131.61 +34.33
/error-in-render failed reqs 0 0
/error-in-render total time (seconds) 1.207 1.222 ⚠️ +0.01
/error-in-render avg req/sec 2071.95 2044.99 ⚠️ -26.96
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Rendered Page Sizes
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
index.html gzip 1 kB 1 kB
link.html gzip 1.01 kB 1.01 kB
withRouter.html gzip 994 B 994 B
Overall change 3 kB 3 kB
Serverless Mode (Increase detected ⚠️)
General Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
buildDuration 13.9s 14.1s ⚠️ +188ms
nodeModulesSize 57 MB 57 MB ⚠️ +157 B
Client Bundles (main, webpack, commons)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..68c9.js gzip 10.9 kB 10.9 kB
framework.HASH.js gzip 39 kB 39 kB
main-7ae8495..db56.js gzip 7 kB 7 kB
webpack-e067..f178.js gzip 751 B 751 B
Overall change 57.6 kB 57.6 kB
Client Bundles (main, webpack, commons) Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
677f882d2ed8..dule.js gzip 6.77 kB 6.77 kB
framework.HA..dule.js gzip 39 kB 39 kB
main-5a735ed..dule.js gzip 6.07 kB 6.07 kB
webpack-07c5..dule.js gzip 751 B 751 B
Overall change 52.6 kB 52.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
polyfills-4b..e242.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-9a0b9e1..b37e.js gzip 1.28 kB 1.28 kB
_error-ed1b0..8fbd.js gzip 3.44 kB 3.44 kB
hooks-89731c..c609.js gzip 887 B 887 B
index-17468f..5d83.js gzip 227 B 227 B
link-d2344ce..8b36.js gzip 1.3 kB 1.3 kB
routerDirect..924c.js gzip 284 B 284 B
withRouter-7..c13d.js gzip 284 B 284 B
Overall change 7.71 kB 7.71 kB
Client Pages Modern
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_app-75d3a82..dule.js gzip 625 B 625 B
_error-4469a..dule.js gzip 2.29 kB 2.29 kB
hooks-cbf13f..dule.js gzip 387 B 387 B
index-b9a643..dule.js gzip 226 B 226 B
link-f8c0daf..dule.js gzip 1.26 kB 1.26 kB
routerDirect..dule.js gzip 284 B 284 B
withRouter-f..dule.js gzip 282 B 282 B
Overall change 5.36 kB 5.36 kB
Client Build Manifests
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_buildManifest.js gzip 322 B 322 B
_buildManife..dule.js gzip 329 B 329 B
Overall change 651 B 651 B
Serverless bundles Overall increase ⚠️
vercel/next.js canary sakito21/next.js updatae-node-fetch Change
_error.js 1.03 MB 1.03 MB ⚠️ +157 B
404.html 4.34 kB 4.34 kB
hooks.html 3.92 kB 3.92 kB
index.js 1.04 MB 1.04 MB ⚠️ +157 B
link.js 1.08 MB 1.08 MB ⚠️ +157 B
routerDirect.js 1.07 MB 1.07 MB ⚠️ +157 B
withRouter.js 1.07 MB 1.07 MB ⚠️ +157 B
Overall change 5.31 MB 5.31 MB ⚠️ +785 B
Commit: 75c16c0

@kodiakhq kodiakhq bot merged commit 7efa3ba into vercel:canary Sep 11, 2020
@soundstep
Copy link

@sakito21 thanks for the quick fix, how can I find out in which stable version it will be included?

@sakit0
Copy link
Contributor Author

sakit0 commented Sep 11, 2020

@soundstep
I'm sorry, I don't know.

@timneutkens Do you know about this?

@sakit0 sakit0 deleted the updatae-node-fetch branch September 14, 2020 22:11
@sakit0 sakit0 changed the title Security upgrade node-fetch Security update node-fetch Sep 15, 2020
@sakit0 sakit0 changed the title Security update node-fetch Security upgrade node-fetch Sep 15, 2020
@FarazPatankar
Copy link

Looks like this will be one of the changes that make it to 9.5.4. That said, do we have an ETA on it? Also, does Next in general have a page where we can see what goes in a release and when it can be expected? cc @timneutkens

@lfades
Copy link
Member

lfades commented Sep 22, 2020

@FarazPatankar Feel free to use canary for now until we are ready for a release.

HitoriSensei pushed a commit to HitoriSensei/next.js that referenced this pull request Sep 26, 2020
@sakit0
Security upgrade node-fetch (vercel#17009)
a6052ae 
There was a security update for node-fetch.

> This is an important security release. It is strongly recommended to update as soon as possible.
https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261
@deniapps
Copy link

deniapps commented Oct 8, 2020
edited
Loading

I ran npm list node-fetch, and it printed:

└─┬ next@9.5.4
  └─┬ @ampproject/toolbox-optimizer@2.6.0
    ├─┬ @ampproject/toolbox-core@2.6.1
    │ └─┬ cross-fetch@3.0.6
    │   └── node-fetch@2.6.1 
    ├─┬ cross-fetch@3.0.5
    │ └── node-fetch@2.6.0  deduped
    └── node-fetch@2.6.0

I am wondering why there is not node-fetch @2.6.1 (which is a dependency of next) right under next@9.5.4? On the other hand, I don't see @ampproject/toolbox-optimizer@2.6.0 in the package.json of next@9.5.4, but why it shows up?

Updated (10/10): Actually, I realized that the last node-fetch@2.6.0 is the dependency of @ampproject/toolbox-optimizer, which has not upgraded its dependency completely. Including ampproject/amp-toolbox#934 (comment)
Updated (10/11): To answer my own question. We need to check npm_module/next/package.json for the dependencies of next, where @ampproject/toolbox-optimizer@2.6.0 is listed. We should not use this file: https://github.com/vercel/next.js/blob/canary/package.json

@ambuznego
Copy link

Experiencing the same as @deniapps 👆

@xosupernova
Copy link

@deniapps looks like they are getting ready to release the next version with all these commits Click Here to see Node-Fetch update

@deniapps
Copy link

@deniapps looks like they are getting ready to release the next version with all these commits Click Here to see Node-Fetch update

Thank you! @TheRealHeyJack. Finally, it has been a month. :-) But then, we would have to wait for another update from next.

@vercel vercel locked as resolved and limited conversation to collaborators Jan 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@timneutkens timneutkens timneutkens approved these changes

@chibicode chibicode Awaiting requested review from chibicode

@ijjk ijjk Awaiting requested review from ijjk

@lfades lfades Awaiting requested review from lfades

@Timer Timer Awaiting requested review from Timer

Assignees
No one assigned
Labels
examples Issue/PR related to examples type: next
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@sakit0 @ijjk @soundstep @FarazPatankar @lfades @deniapps @ambuznego @xosupernova @timneutkens