WIP: Module Reloading Stratagies #3809
Conversation
…error in final update
|
✅ Deploy Preview for module-federation-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
| const vm = require('vm'); | ||
|
|
||
| // Webpack runtime code for in-memory HMR - only executed when webpack is available | ||
| function injectInMemoryHMRRuntime(__webpack_require__) { |
There was a problem hiding this comment.
copy over the runtime module from HMR plugin - the plugin (in node targets) is designed to read filesystem only to check for updates. I replace some of the methods to allow in-memory patches, so that i could fetch() the update from a KV store or database etc and not need to manually write to disk.
| /******/ | ||
| /******/ // no external install chunk | ||
| /******/ | ||
| /******/ function loadUpdateChunk(chunkId, updatedModulesList) { |
There was a problem hiding this comment.
node federation plugin already patches require.f.readFileVM but i never updated it to include the HMR stuff - in future this code could live in the node runtime plugin where other chunk loading stuff already exists.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| app.get('/admin', (req, res) => { | ||
| res.sendFile(path.join(__dirname, 'public', 'admin.html')); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Copilot Autofix
AI 7 days ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
| } | ||
| } catch (error) { | ||
| console.error( | ||
| `❌ [API HMR] Error applying update for ${filename}:`, |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 days ago
To fix the issue, the filename variable should be sanitized or safely included in the format string using a %s specifier. This ensures that the variable is treated as a string and prevents any unintended format specifiers from being interpreted.
Steps to fix:
- Replace the direct interpolation of
filenamein the format string with a%sspecifier. - Pass the
filenamevariable as an additional argument to the logging function, ensuring it is treated as a string.
Changes required:
- Modify the logging statement on line 625 in
apps/vm-hotreload/full-demo/client/custom-hmr-helpers.jsto use a%sspecifier and passfilenameas an argument.
| @@ -624,3 +624,4 @@ | ||
| console.error( | ||
| `❌ [API HMR] Error applying update for ${filename}:`, | ||
| '❌ [API HMR] Error applying update for %s:', | ||
| filename, | ||
| error, |
| lastAppliedId = Math.max(lastAppliedId, data.update.id); | ||
| } catch (updateError) { | ||
| console.error( | ||
| `❌ Failed to apply real-time update to ${data.update.filename}:`, |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 days ago
To fix the issue, sanitize the data.update.filename value before using it in the log message. This can be achieved by ensuring that the filename is treated as a string and escaping any potentially harmful characters. Alternatively, use the %s specifier in the format string and pass the untrusted data as a separate argument to console.error.
The best approach is to use the %s specifier, as it explicitly treats the untrusted input as a string and avoids any unintended interpretation of special characters.
| @@ -130,3 +130,4 @@ | ||
| console.error( | ||
| `❌ Failed to apply real-time update to ${data.update.filename}:`, | ||
| '❌ Failed to apply real-time update to %s:', | ||
| data.update.filename, | ||
| updateError, |
Description
Investigating better stratagies for hot reloading node servers when federated modules change.
Related Issue
Types of changes
Checklist