2026 05 27 update#6784
Draft
mikea wants to merge 39 commits into
Draft
Conversation
Contributor
|
LGTM |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #6784 +/- ##
==========================================
- Coverage 66.61% 66.46% -0.15%
==========================================
Files 402 404 +2
Lines 115914 116468 +554
Branches 19425 19512 +87
==========================================
+ Hits 77212 77415 +203
- Misses 27112 27415 +303
- Partials 11590 11638 +48 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
NOUPSTREAM gitlab CI See merge request cloudflare/ew/workerd!1 GitOrigin-RevId: 7213247
Apply edgeworker patches See merge request cloudflare/ew/workerd!68 GitOrigin-RevId: 722b1d1
Bump capnp-cpp past AnyStruct schema change and fix compatibility-date See merge request cloudflare/ew/workerd!70 GitOrigin-RevId: fcdfc2e
Make wd_tests run in predictable mode by default See merge request cloudflare/ew/workerd!74 GitOrigin-RevId: 13b8a40
Use Vector::add() in X509Certificate::getKeyUsage() to avoid use of uninitialized memory. See merge request cloudflare/ew/workerd!72 GitOrigin-RevId: a1d38e9
VULN-136585: fix(worker-loader): replace raw IoContext& capture with WeakRef in get() inner .then() continuation See merge request cloudflare/ew/workerd!23 GitOrigin-RevId: eb8e512
Add RFC 9440 mTLS fields to `IncomingRequestCfPropertiesTLSClientAuth` See merge request cloudflare/ew/workerd!76 GitOrigin-RevId: e1a5328
Add visitForGc to CompressionStream to fix zlib slow-path leak See merge request cloudflare/ew/workerd!69 GitOrigin-RevId: 227b222
Use Gitlab job ID as run_id for workerd-robot See merge request cloudflare/ew/workerd!79 GitOrigin-RevId: 0b697cd
Multple streams cleanups See merge request cloudflare/ew/workerd!73 GitOrigin-RevId: f664ec5
STOR-5202: Account for external memory used by connections to DOs See merge request cloudflare/ew/workerd!75 GitOrigin-RevId: c0ee3e6
Add traceFlags to SpanContext type definition See merge request cloudflare/ew/workerd!78 GitOrigin-RevId: 17914f3
Propagate user span context across hibernation See merge request cloudflare/ew/workerd!97 GitOrigin-RevId: a18d201
VULN-136584: fix(headers): validate header values in Headers::setCommon to prevent CRLF injection See merge request cloudflare/ew/workerd!22 GitOrigin-RevId: 8a2c0a4
VULN-136584: fix(streams): guard ByteQueue handleMaybeClose against re-entrant consumer destruction See merge request cloudflare/ew/workerd!21 GitOrigin-RevId: 314837e
VULN-136576: fix(jsg): bound proxy chain depth in JsObject::getPrototype() to prevent stack overflow See merge request cloudflare/ew/workerd!13 GitOrigin-RevId: 3c7b4c2
VULN-136578: fix(node:http): prevent Host header from overriding transport destination See merge request cloudflare/ew/workerd!15 GitOrigin-RevId: b58eab9
VULN-136579: fix(streams): add isWaiting() guard to readHelper() WriteRequest branch See merge request cloudflare/ew/workerd!16 GitOrigin-RevId: f7a8531
VULN-136571: fix(server): prevent process abort when unnamed WorkerStub is GC'd during getCode callback See merge request cloudflare/ew/workerd!8 GitOrigin-RevId: 302da76
[build] Fix GitLab CI configuration See merge request cloudflare/ew/workerd!110 GitOrigin-RevId: 759f17a
VULN-136999: fix(server): reject unresolved wrapped binding module with error instead of abort See merge request cloudflare/ew/workerd!83 GitOrigin-RevId: aac2b79
Add Jsg GC visitor lint rule and fix various cases See merge request cloudflare/ew/workerd!77 GitOrigin-RevId: fd29500
Revert "Multple streams cleanups" See merge request cloudflare/ew/workerd!111 GitOrigin-RevId: 24850b3
VULN-136590: fix(node): preserve DataView key material in createSecretKey() See merge request cloudflare/ew/workerd!27 GitOrigin-RevId: c432ae0
VULN-136627: fix(streams): defer promise resolutions in ByteQueue::handlePush to prevent UAF See merge request cloudflare/ew/workerd!65 GitOrigin-RevId: b40f8e8
VULN-136595: fix(global-scope): neuter NeuterableIoStream in connect() handler on promise settlement See merge request cloudflare/ew/workerd!32 GitOrigin-RevId: eee1250
VULN-136634: fix(memory-cache): prevent use-after-free in cross-isolate fallback callback See merge request cloudflare/ew/workerd!101 GitOrigin-RevId: 30812f6
VULN-136580: fix(node): reject absolute-form and network-path request targets in node:http ClientRequest See merge request cloudflare/ew/workerd!17 GitOrigin-RevId: 3f40c67
VULN-136618: fix(worker-loader): copy data/wasm module bytes before async compilation See merge request cloudflare/ew/workerd!55 GitOrigin-RevId: 38a3f70
Guard IoContext::current() in memory-cache eviction path. See merge request cloudflare/ew/workerd!109 GitOrigin-RevId: c414e74
fix(jsg): correct pointer arithmetic in const BackingStore::asArrayPtr<T>() See merge request cloudflare/ew/workerd!93 GitOrigin-RevId: 630f72e
VULN-136583: fix(streams): preserve entry offset when buffering partial BYOB data in handlePush See merge request cloudflare/ew/workerd!20 GitOrigin-RevId: 848416a
fix EventSource memory tracking See merge request cloudflare/ew/workerd!86 GitOrigin-RevId: 259786d
[build] silence protobuf warning See merge request cloudflare/ew/workerd!114 GitOrigin-RevId: d4ab405
This mostly reverts commit 0d86b66. This removes the new `debugContext` string that was being passed around to distinguish params from results. Now that we've debugged the issue, this is more noise than it is worth. We do keep the `cap.debugInfo()` debug log on failures, since that's not so invasive and is more useful anyway. GitOrigin-RevId: 31bc441
DO NOT MERGE until the autogate has been rolled to all of production! GitOrigin-RevId: 5e05af1
This allows ExternalPusher methods to continue to be invoked after the top-level RPC call(). (DO NOT MERGE until jsrpc-session-handle autogate is rolled out in prod.) GitOrigin-RevId: 19fce33
There are cases where it is difficult to acquire the channel token for a SubrequestChannel or ActorClassChannel synchronously, but until now we have needed to do so in order to serialize `Fetcher`s and `DurableObjectClass`es. We can't make serialization itself be async, because this would mess up e-order: A call that needs to wait for something while serializing params might end up being delayed until after some subsequent call which didn't wait, and so would be delivered out-of-order. To avoid this, we make it possible for a call to be sent with an IOU for the channel tokens. This uses `ExternalPusher`. The call embeds an external which is a promise capability. Later, the caller invokes the callee's `ExternalPusher` to push the channel token to it, and resolves the IOU promise to the resulting object. The callee can then unwrap the promise to get their token. (Opus 4.7 wrote the new test cases in channel-token-test but the rest of the code was by hand.) GitOrigin-RevId: 185af23
This makes it so `getSubrequestChannel()` and similar methods of `IoChannelFactory` make sure that the contents of a `props` cap table are fully resolved before forwarding on to the `IoChannelFactory` implementation. This means that the underlying implementation of `getSubrequestChannelResolved()` et al doens't need to change to start calling `getResolved()` before trying to downcast channel objects to implementation-specific subclasses. This otherwise would have been really annoying to do in the internal codebase. Relatedly, this adds an `ensureAllResolved()` method to `DynamicWorkerSource`, for resolving channels there. GitOrigin-RevId: 2809a74
mikea
force-pushed
the
upstream-2026-05-27
branch
from
3083f0b to
72f4a27
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
2ab8992 to 2ab8992