Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cli] Update @vercel/fun to v1.1.1 #11332

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[cli] Update @vercel/fun to v1.1.1 #11332

wants to merge 7 commits into from

Conversation

G-Rath
Copy link

@G-Rath G-Rath commented Mar 26, 2024
edited

This is a repeat of #10946 - v1.1.1 was released specifically to address the security vulnerabilities in downstream dependencies due to using exact constraints (vercel/fun#98 and vercel/fun#95).

I have not created a changeset as I assume this change is too small to be worth bumping any packages for, but can include one if desired.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 26, 2024
edited

🦋 Changeset detected

Latest commit: a55a846

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
vercel Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@G-Rath G-Rath force-pushed the codespace-crispy-acorn-g59xgxvw4r3p64q branch from 0161c92 to 082e53a Compare March 28, 2024 20:24
@G-Rath G-Rath requested a review from erikareads as a code owner April 9, 2024 20:32
@TooTallNate TooTallNate changed the title [cli] update @vercel/fun for security [cli] Update @vercel/fun to v1.1.1 Apr 9, 2024
TooTallNate
TooTallNate previously approved these changes Apr 9, 2024
View reviewed changes
@EndangeredMassa
Copy link
Contributor

Test failure:

● [vercel dev] Use `@vercel/python` with Flask requirements.txt
  Failed to fetch "http://localhost:3009/api/user?name=Alice", received 502, expected 200, id: dev1::dev1::mumeo-1712944062140-18999544fcdb:
  An error occurred with this application.
  NO_RESPONSE_FROM_FUNCTION
    42 |       if (res.status !== opts.status) {
    43 |         const text = await res.text();
  > 44 |         throw new Error(
       |               ^
    45 |           `Failed to fetch "${url}", received ${res.status}, expected ${
    46 |             opts.status
    47 |           }, id: ${res.headers.get('x-vercel-id')}:\n\n${text}\n\n`
    at retry.retries (test/dev/utils.js:44:15)
        at runMicrotasks (<anonymous>)
    at testPath (test/dev/utils.js:175:15)
    at helperTestPath (test/dev/utils.js:513:9)
    at test/dev/integration-2.test.ts:119:5
    at Object.<anonymous> (test/dev/utils.js:515:7)

@EndangeredMassa
Copy link
Contributor

EndangeredMassa commented Apr 12, 2024
edited

The error from vc dev is: "ModuleNotFoundError: No module named 'dataclasses'"

> Building @vercel/python@latest:api/user.py
Installing required dependencies...
> Built @vercel/python@latest:api/user.py [6s]
Traceback (most recent call last):
  File "/Users/smassa/Library/Caches/com.vercel.fun/runtimes/python3/../python/bootstrap.py", line 147, in <module>
    lambda_runtime_main()
  File "/Users/smassa/Library/Caches/com.vercel.fun/runtimes/python3/../python/bootstrap.py", line 127, in lambda_runtime_main
    fn = lambda_runtime_get_handler()
  File "/Users/smassa/Library/Caches/com.vercel.fun/runtimes/python3/../python/bootstrap.py", line 113, in lambda_runtime_get_handler
    mod = importlib.import_module(module_name)
  File "/Users/smassa/Library/Caches/com.vercel.fun/runtimes/python3/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/var/folders/gy/4wttbrqd7r58_c4pwb6hv4p80000gn/T/zeit-fun-7637276ea946a/vc__handler__python.py", line 13, in <module>
    __vc_spec.loader.exec_module(__vc_module)
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "./api/user.py", line 1, in <module>
    from flask import Flask, Response, request
  File "/var/folders/gy/4wttbrqd7r58_c4pwb6hv4p80000gn/T/zeit-fun-7637276ea946a/flask/__init__.py", line 3, in <module>
    from werkzeug.exceptions import abort as abort
  File "/var/folders/gy/4wttbrqd7r58_c4pwb6hv4p80000gn/T/zeit-fun-7637276ea946a/werkzeug/__init__.py", line 2, in <module>
    from .test import Client as Client
  File "/var/folders/gy/4wttbrqd7r58_c4pwb6hv4p80000gn/T/zeit-fun-7637276ea946a/werkzeug/test.py", line 30, in <module>
    from .sansio.multipart import Data
  File "/var/folders/gy/4wttbrqd7r58_c4pwb6hv4p80000gn/T/zeit-fun-7637276ea946a/werkzeug/sansio/multipart.py", line 2, in <module>
    from dataclasses import dataclass
ModuleNotFoundError: No module named 'dataclasses'
LambdaError: RequestId: 5f5b4917-f06f-4584-8651-86f5400a97b1 Process exited before completing request
    at Lambda.<anonymous> (/Users/smassa/source/vercel/vercel-2/node_modules/.pnpm/@vercel+fun@1.1.1/node_modules/@vercel/fun/src/index.ts:103:10)
    at Generator.next (<anonymous>)
    at fulfilled (/Users/smassa/source/vercel/vercel-2/node_modules/.pnpm/@vercel+fun@1.1.1/node_modules/@vercel/fun/dist/src/index.js:24:58)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

@G-Rath
Copy link
Author

G-Rath commented Apr 22, 2024

@EndangeredMassa is it possible that those errors are unrelated or due to the PR being opened by me? (i.e. my CI runs might not have permission to access particular resources).

It seems surprising to me that minor updates to packages that are considered extremely stable would cause errors in Python based tests, and when the vercel/fun CI passed for this change

@G-Rath G-Rath mentioned this pull request May 4, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TooTallNate TooTallNate TooTallNate left review comments

@EndangeredMassa EndangeredMassa Awaiting requested review from EndangeredMassa EndangeredMassa is a code owner

@trek trek Awaiting requested review from trek trek is a code owner

@onsclom onsclom Awaiting requested review from onsclom onsclom is a code owner

@jeffsee55 jeffsee55 Awaiting requested review from jeffsee55 jeffsee55 is a code owner

@erikareads erikareads Awaiting requested review from erikareads erikareads is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@G-Rath @EndangeredMassa @TooTallNate