Skip to content

Commit 341f2e9

Browse files
stwinamestwiname
authored
Lock down VM2 version (#2959)
* Lock down VM2 version * Add test, tidy up * Update changelogs
1 parent 79a2c35 commit 341f2e9

File tree

6 files changed

+46
-11
lines changed

6 files changed

+46
-11
lines changed

packages/node-core/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
55
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66

77
## [Unreleased]
8+
### Fixed
9+
- Lock down VM2 version to avoid a breaking change (#2959)
810

911
## [18.5.0] - 2025-10-15
1012
### Changed

packages/node-core/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
"source-map": "^0.7.4",
5252
"tar": "^7.4.3",
5353
"toposort-class": "^1.0.1",
54-
"vm2": "^3.9.19",
54+
"vm2": "3.9.19",
5555
"yargs": "^16.2.0"
5656
},
5757
"devDependencies": {

packages/node-core/src/indexer/sandbox.spec.ts

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,38 @@ import {existsSync, writeFileSync, mkdirSync, rmSync} from 'fs';
55
import {tmpdir} from 'os';
66
import * as path from 'path';
77
import {join} from 'path';
8-
import {VMScript} from 'vm2';
8+
import {NodeVM, VMScript} from 'vm2';
99
import {NodeConfig} from '../configure/NodeConfig';
1010
import {IndexerSandbox, TestSandbox} from './sandbox';
1111

1212
describe('sandbox for subql-node', () => {
1313
let vm: IndexerSandbox;
1414

1515
afterEach(() => {
16-
vm.removeAllListeners();
16+
vm?.removeAllListeners();
17+
});
18+
19+
// This was caused by vm2@3.10.0 changes that were breaking in a minor release.
20+
it('Can use older libraries that use prototypes to set properties', () => {
21+
const script = `
22+
const util = require('util');
23+
const EventEmitter = require('events');
24+
25+
function MyStream() {
26+
console.log("This is sha1");
27+
}
28+
29+
util.inherits(MyStream, EventEmitter);
30+
`;
31+
32+
const vmScript = new VMScript(script);
33+
const vm = new NodeVM({
34+
console: 'inherit',
35+
require: {
36+
builtin: ['util', 'events'],
37+
},
38+
});
39+
expect(() => vm.run(vmScript)).not.toThrow();
1740
});
1841

1942
it('wait until promise resolved', async () => {
@@ -232,7 +255,7 @@ describe('Sandbox Environment Variable Support', () => {
232255
apiKey: process.env.API_KEY,
233256
hasProcess: typeof process !== 'undefined'
234257
};
235-
258+
236259
global.subqlTests = [result];
237260
`;
238261
const testPath = join(srcDir, 'test.js');
@@ -269,7 +292,7 @@ describe('Sandbox Environment Variable Support', () => {
269292
hasProcess: typeof process !== 'undefined',
270293
processType: typeof process
271294
};
272-
295+
273296
global.subqlTests = [result];
274297
`;
275298
const testPath = join(srcDir, 'test.js');

packages/node-core/src/indexer/sandbox.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ import {SourceMapConsumer, NullableMappedPosition} from 'source-map';
1111
import {NodeVM, NodeVMOptions, VMError, VMScript} from 'vm2';
1212
import {NodeConfig} from '../configure/NodeConfig';
1313
import {getLogger} from '../logger';
14-
import {loadProjectEnvConfig, createSandboxProcessEnv} from '../utils/env';
1514
import {timeout} from '../utils/promise';
1615

1716
export const SANDBOX_DEFAULT_BUILTINS = ['assert', 'buffer', 'crypto', 'util', 'path', 'url', 'stream'];

packages/node/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
55
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66

77
## [Unreleased]
8+
### Fixed
9+
- Lock down VM2 version to avoid a breaking change (#2959)
810

911
## [6.4.2] - 2025-10-22
1012
### Changed

yarn.lock

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10264,7 +10264,7 @@ __metadata:
1026410264
source-map: "npm:^0.7.4"
1026510265
tar: "npm:^7.4.3"
1026610266
toposort-class: "npm:^1.0.1"
10267-
vm2: "npm:^3.9.19"
10267+
vm2: "npm:3.9.19"
1026810268
yargs: "npm:^16.2.0"
1026910269
languageName: unknown
1027010270
linkType: soft
@@ -12574,14 +12574,23 @@ __metadata:
1257412574
languageName: node
1257512575
linkType: hard
1257612576

12577-
"acorn-walk@npm:^8.1.1, acorn-walk@npm:^8.2.0":
12577+
"acorn-walk@npm:^8.1.1":
1257812578
version: 8.2.0
1257912579
resolution: "acorn-walk@npm:8.2.0"
1258012580
checksum: 10/e69f7234f2adfeb16db3671429a7c80894105bd7534cb2032acf01bb26e6a847952d11a062d071420b43f8d82e33d2e57f26fe87d9cce0853e8143d8910ff1de
1258112581
languageName: node
1258212582
linkType: hard
1258312583

12584-
"acorn@npm:^8.14.0, acorn@npm:^8.15.0":
12584+
"acorn-walk@npm:^8.2.0":
12585+
version: 8.3.4
12586+
resolution: "acorn-walk@npm:8.3.4"
12587+
dependencies:
12588+
acorn: "npm:^8.11.0"
12589+
checksum: 10/871386764e1451c637bb8ab9f76f4995d408057e9909be6fb5ad68537ae3375d85e6a6f170b98989f44ab3ff6c74ad120bc2779a3d577606e7a0cd2b4efcaf77
12590+
languageName: node
12591+
linkType: hard
12592+
12593+
"acorn@npm:^8.11.0, acorn@npm:^8.14.0, acorn@npm:^8.15.0, acorn@npm:^8.7.0":
1258512594
version: 8.15.0
1258612595
resolution: "acorn@npm:8.15.0"
1258712596
bin:
@@ -12590,7 +12599,7 @@ __metadata:
1259012599
languageName: node
1259112600
linkType: hard
1259212601

12593-
"acorn@npm:^8.4.1, acorn@npm:^8.7.0, acorn@npm:^8.7.1":
12602+
"acorn@npm:^8.4.1, acorn@npm:^8.7.1":
1259412603
version: 8.7.1
1259512604
resolution: "acorn@npm:8.7.1"
1259612605
bin:
@@ -28268,7 +28277,7 @@ __metadata:
2826828277
languageName: node
2826928278
linkType: hard
2827028279

28271-
"vm2@npm:^3.9.19":
28280+
"vm2@npm:3.9.19":
2827228281
version: 3.9.19
2827328282
resolution: "vm2@npm:3.9.19"
2827428283
dependencies:

0 commit comments

Comments
 (0)