From cd9d01e27a59a9fa4faabf1fb84e785944ae6726 Mon Sep 17 00:00:00 2001 From: Runzhi He <46741383+12f23eddde@users.noreply.github.com> Date: Mon, 13 Dec 2021 16:55:29 +0800 Subject: [PATCH 1/4] fix: incomplete binary (#2149) closes #2148 --- npm/binary-install.js | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/npm/binary-install.js b/npm/binary-install.js index cb84e0aab..d29314377 100644 --- a/npm/binary-install.js +++ b/npm/binary-install.js @@ -92,7 +92,21 @@ class Binary { return axios({ url: this.url, responseType: "stream" }) .then(res => { - res.data.pipe(tar.x({ strip: 1, C: this.binaryDirectory })); + const writer = tar.x({ strip: 1, C: this.binaryDirectory }); + + return new Promise((resolve, reject) => { + res.data.pipe(writer); + let error = null; + writer.on('error', err => { + error = err; + reject(err); + }); + writer.on('close', () => { + if (!error) { + resolve(true); + } + }); + }) }) .then(() => { console.log( From f41ec5e1baf0a357278577a8363532c89482b4df Mon Sep 17 00:00:00 2001 From: Joshua Nelson Date: Mon, 13 Dec 2021 03:19:35 -0600 Subject: [PATCH 2/4] Get the audit CI job passing (#2151) * Update `tokio` This fixes the following `cargo audit` warning: ``` Crate: tokio Version: 1.13.0 Title: Data race when sending and receiving after closing a `oneshot` channel Date: 2021-11-16 ID: RUSTSEC-2021-0124 URL: https://rustsec.org/advisories/RUSTSEC-2021-0124 Solution: Upgrade to >=1.8.4, <1.9.0 OR >=1.13.1 ``` Versions changed: ``` Updating tokio v1.13.0 -> v1.14.0 Updating tokio-macros v1.5.1 -> v1.6.0 ``` * Ignore warnings about `localtime_r` not actually being threadsafe These can't be fixed for now, and are causing us to miss more important audit vulnerabilities. Co-authored-by: Sunil Pai --- .cargo/audit.toml | 6 ++++++ .github/workflows/audit.yml | 1 + Cargo.lock | 10 +++++----- 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 000000000..c5dde87a4 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,6 @@ +[advisories] +# See https://github.com/cloudflare/wrangler/issues/2117 +ignore = [ + "RUSTSEC-2020-0159", # Potential segfault in `localtime_r` invocations + "RUSTSEC-2020-0071", # Potential segfault in the time crate +] diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index d211cf462..4135c61e2 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -6,6 +6,7 @@ on: paths: - "**/Cargo.toml" - "**/Cargo.lock" + - ".cargo/audit.toml" - "**/package-lock.json" - "**/npm-shrinkwrap.json" schedule: diff --git a/Cargo.lock b/Cargo.lock index 27d4f6f0c..b8c339ccb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2795,9 +2795,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.13.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "588b2d10a336da58d877567cd8fb8a14b463e2104910f8132cd054b4b96e29ee" +checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" dependencies = [ "autocfg", "bytes 1.1.0", @@ -2814,9 +2814,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.5.1" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "114383b041aa6212c579467afa0075fbbdd0718de036100bc0ba7961d8cb9095" +checksum = "c9efc1aba077437943f7515666aa2b882dfabfbfdf89c819ea75a8d6e9eaba5e" dependencies = [ "proc-macro2", "quote", @@ -2993,7 +2993,7 @@ version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f559b464de2e2bdabcac6a210d12e9b5a5973c251e102c44c585c71d51bd78e" dependencies = [ - "cfg-if 1.0.0", + "cfg-if 0.1.10", "rand 0.8.4", "static_assertions", ] From 4c2c7849328541389f4f5376dce78b8e54c700dc Mon Sep 17 00:00:00 2001 From: Joshua Nelson Date: Mon, 13 Dec 2021 07:45:22 -0600 Subject: [PATCH 3/4] Don't look for background updates unless Wrangler finished successfully (#2150) This works around a segfault due to Openssl's exit handlers not being thread-safe. Co-authored-by: Sunil Pai --- src/main.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index bf6c97442..ec2bf0ca6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -22,7 +22,6 @@ fn main() -> Result<()> { } env_logger::init(); - let latest_version_receiver = background_check_for_updates(); if let Ok(me) = env::current_exe() { // If we're actually running as the installer then execute our // self-installation, otherwise just continue as usual. @@ -36,7 +35,7 @@ fn main() -> Result<()> { } } run()?; - if let Ok(latest_version) = latest_version_receiver.try_recv() { + if let Ok(latest_version) = background_check_for_updates().try_recv() { let latest_version = styles::highlight(latest_version.to_string()); let new_version_available = format!( "A new version of Wrangler ({}) is available!", From 5131a94559b0948704c3ea6e1eaa19d8139db0c1 Mon Sep 17 00:00:00 2001 From: Josh Duff Date: Mon, 13 Dec 2021 08:03:35 -0600 Subject: [PATCH 4/4] Add `wrangler1` as an alias (#2139) So that when @cloudflare/wrangler is installed along wrangler2, they can each be referenced in npm run scripts. See https://github.com/cloudflare/wrangler2/pull/40 Co-authored-by: Sunil Pai --- npm/package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/npm/package.json b/npm/package.json index f13346c8a..06b6c94a9 100644 --- a/npm/package.json +++ b/npm/package.json @@ -7,7 +7,8 @@ "postinstall": "node ./install-wrangler.js" }, "bin": { - "wrangler": "./run-wrangler.js" + "wrangler": "./run-wrangler.js", + "wrangler1": "./run-wrangler.js" }, "repository": { "type": "git",