Replace node-fetch dependency with undici

[DellaBitta]

Discussion

Update our dependency on aging node-fetch v2.6.7 to undici 5.26.5.

This should fix some security vulnerabilities within node-fetch as well as fix user issue #7660.

Testing

• CI Tests
• Local tests, adding console.log output to ensure the undici paths are either executed and/or don't have any resolution conflicts in non-node based apps. Scenarios tested:
  • Node.js test app.
  • JavaScript test app (browser only).
  • Next.JS app, tested with SSR and CSR.
  • React app.

API Changes

N/A

[changeset-bot]

🦋 Changeset detected

Latest commit: fcb842c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@firebase/auth-compat	Minor
@firebase/firestore	Minor
@firebase/functions	Minor
@firebase/storage	Minor
@firebase/auth	Minor
firebase	Minor
@firebase/storage-compat	Patch
@firebase/firestore-compat	Patch
@firebase/functions-compat	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[google-oss-bot]

Size Report ¹

Affected Products

• @firebase/app

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  browser	14.4 kB	14.5 kB	+108 B (+0.8%)
  esm5	18.9 kB	19.0 kB	+108 B (+0.6%)
  main	19.8 kB	19.9 kB	+108 B (+0.5%)
  module	14.4 kB	14.5 kB	+108 B (+0.8%)

• @firebase/auth

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  browser	176 kB	177 kB	+559 B (+0.3%)
  cordova	204 kB	205 kB	+875 B (+0.4%)
  esm5	229 kB	230 kB	+875 B (+0.4%)
  main	174 kB	174 kB	+604 B (+0.3%)
  module	176 kB	177 kB	+559 B (+0.3%)
  react-native	193 kB	194 kB	+1.03 kB (+0.5%)

• @firebase/auth-compat

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  main	29.6 kB	29.5 kB	-105 B (-0.4%)

• @firebase/auth/cordova

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  browser	204 kB	205 kB	+875 B (+0.4%)
  module	204 kB	205 kB	+875 B (+0.4%)

• @firebase/auth/internal

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  browser	187 kB	187 kB	+559 B (+0.3%)
  esm5	243 kB	244 kB	+875 B (+0.4%)
  main	210 kB	210 kB	+618 B (+0.3%)
  module	187 kB	187 kB	+559 B (+0.3%)

• @firebase/firestore-lite

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  main	150 kB	150 kB	-173 B (-0.1%)

• @firebase/functions

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  main	12.9 kB	12.7 kB	-173 B (-1.3%)

• @firebase/storage

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  browser	57.8 kB	57.8 kB	-18 B (-0.0%)
  esm5	64.4 kB	64.3 kB	-18 B (-0.0%)
  main	59.6 kB	59.4 kB	-189 B (-0.3%)
  module	57.8 kB	57.8 kB	-18 B (-0.0%)

• bundle

  43 size changes

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  analytics (logEvent)	43.8 kB	43.9 kB	+100 B (+0.2%)
  app-check (CustomProvider)	36.6 kB	36.7 kB	+100 B (+0.3%)
  app-check (ReCaptchaEnterpriseProvider)	39.1 kB	39.2 kB	+100 B (+0.3%)
  app-check (ReCaptchaV3Provider)	39.1 kB	39.2 kB	+100 B (+0.3%)
  auth (Anonymous)	73.1 kB	73.5 kB	+413 B (+0.6%)
  auth (EmailAndPassword)	80.9 kB	81.4 kB	+413 B (+0.5%)
  auth (GoogleFBTwitterGitHubPopup)	99.7 kB	100 kB	+413 B (+0.4%)
  auth (GooglePopup)	97.0 kB	97.4 kB	+413 B (+0.4%)
  auth (GoogleRedirect)	97.2 kB	97.6 kB	+413 B (+0.4%)
  auth (Phone)	83.3 kB	83.8 kB	+413 B (+0.5%)
  database (Append to a list of data)	148 kB	148 kB	+100 B (+0.1%)
  database (Filtering data)	147 kB	147 kB	+100 B (+0.1%)
  database (Listen for child events)	164 kB	164 kB	+100 B (+0.1%)
  database (Listen for value events + Detach listeners)	164 kB	164 kB	+100 B (+0.1%)
  database (Listen for value events)	163 kB	164 kB	+100 B (+0.1%)
  database (Read data once)	163 kB	163 kB	+100 B (+0.1%)
  database (Save data as transactions)	166 kB	166 kB	+100 B (+0.1%)
  database (Sort data)	149 kB	149 kB	+100 B (+0.1%)
  database (Write data)	147 kB	148 kB	+100 B (+0.1%)
  firestore (Persistence)	302 kB	302 kB	+100 B (+0.0%)
  firestore (Query Cursors)	238 kB	238 kB	+100 B (+0.0%)
  firestore (Query)	236 kB	236 kB	+100 B (+0.0%)
  firestore (Read data once)	224 kB	224 kB	+100 B (+0.0%)
  firestore (Realtime updates)	226 kB	226 kB	+100 B (+0.0%)
  firestore (Transaction)	204 kB	204 kB	+100 B (+0.0%)
  firestore (Write data)	204 kB	204 kB	+100 B (+0.0%)
  firestore-lite (Query Cursors)	88.8 kB	88.9 kB	+100 B (+0.1%)
  firestore-lite (Query)	85.0 kB	85.1 kB	+100 B (+0.1%)
  firestore-lite (Read data once)	61.3 kB	61.4 kB	+100 B (+0.2%)
  firestore-lite (Transaction)	86.2 kB	86.3 kB	+100 B (+0.1%)
  firestore-lite (Write data)	70.9 kB	71.0 kB	+100 B (+0.1%)
  functions (call)	31.2 kB	31.3 kB	+100 B (+0.3%)
  messaging (send + receive)	46.5 kB	46.6 kB	+100 B (+0.2%)
  performance (trace)	51.0 kB	51.1 kB	+100 B (+0.2%)
  remote-config (getAndFetch)	45.5 kB	45.6 kB	+100 B (+0.2%)
  storage (getBytes)	41.3 kB	41.4 kB	+100 B (+0.2%)
  storage (getDownloadURL)	43.4 kB	43.5 kB	+100 B (+0.2%)
  storage (getMetadata)	42.8 kB	42.9 kB	+100 B (+0.2%)
  storage (list + listAll)	42.2 kB	42.3 kB	+100 B (+0.2%)
  storage (updateMetadata)	43.1 kB	43.2 kB	+100 B (+0.2%)
  storage (uploadBytes)	48.2 kB	48.0 kB	-153 B (-0.3%)
  storage (uploadBytesResumable)	58.1 kB	58.0 kB	-153 B (-0.3%)
  storage (uploadString)	48.4 kB	48.2 kB	-153 B (-0.3%)

• firebase

  Type	Base (ff1a6ec)	Merge (8696194)	Diff
  firebase-app-compat.js	28.9 kB	29.0 kB	+94 B (+0.3%)
  firebase-app.js	93.4 kB	93.5 kB	+152 B (+0.2%)
  firebase-auth-compat.js	136 kB	136 kB	+277 B (+0.2%)
  firebase-auth-cordova.js	173 kB	174 kB	+745 B (+0.4%)
  firebase-auth.js	146 kB	147 kB	+432 B (+0.3%)
  firebase-compat.js	778 kB	778 kB	+365 B (+0.0%)
  firebase-performance-standalone-compat.es2017.js	90.1 kB	90.2 kB	+100 B (+0.1%)
  firebase-performance-standalone-compat.js	67.3 kB	67.4 kB	+100 B (+0.1%)
  firebase-storage-compat.js	41.3 kB	40.3 kB	-986 B (-2.4%)
  firebase-storage.js	46.4 kB	46.2 kB	-246 B (-0.5%)

Test Logs

• Base (ff1a6ec): https://github.com/firebase/firebase-js-sdk/actions/runs/6724921045
• Merge (8696194): https://github.com/firebase/firebase-js-sdk/actions/runs/6829174286

1. https://storage.googleapis.com/firebase-sdk-metric-reports/zhO69fk9gC.html

[google-oss-bot]

Size Analysis Report ¹

This report is too large (359,154 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

• Base (ff1a6ec): https://github.com/firebase/firebase-js-sdk/actions/runs/6724921045
• Merge (8696194): https://github.com/firebase/firebase-js-sdk/actions/runs/6829174286

1. https://storage.googleapis.com/firebase-sdk-metric-reports/Q0VivttV5N.html

[hsubox76]

This should be invisible from the user's perspective but it is a big change under the hood, so I am leaning towards minor. If users notice any bugs or incompatibilities with the upgrade (we have tested this pretty thoroughly so it would be in an environment or use case we haven't thought of) it's feels like it makes more sense to point to this happening with a minor bump.

[hsubox76]

I think the outstanding failed test is just flaky - looks like timeouts.

[MarkDuckworth]

Firestore changes LGTM.

[github-actions]

Changeset File Check ⚠️

• Warning: This PR modifies files in the following packages but they have not been included in the changeset file:%0A - @firebase/rules-unit-testing%0A%0A Make sure this was intentional.