Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MaxListenersExceededWarning: Possible EventEmitter memory leak detected. #7660

Closed
marck283 opened this issue Sep 28, 2023 · 4 comments
Closed

MaxListenersExceededWarning: Possible EventEmitter memory leak detected. #7660

marck283 opened this issue Sep 28, 2023 · 4 comments
Labels
api: auth question

Comments

@marck283
Copy link

marck283 commented Sep 28, 2023
edited
Loading

Operating System

Windows 11

Browser Version

Google Chrome 117.0.5938.132

Firebase SDK Version

10.1.0

Firebase SDK Product:

Auth, Firestore, Functions, Storage

Describe your project's tooling

Node.js web application using Firebase tools to authenticate the user.

Describe the problem

Upgrading node-fetch to version 3.0.0 prompts a MaxListenersExceededWarning: Possible EventEmitter memory leak detected warning when a project depends on packages that depend on a version of node-fetch prior to 3.2.5. NPM's version of firebase-tools, firebase/auth, firebase/auth-compat, firebase/firestore, firebase/functions and firebase/storage all use version 2.6.7 of the package node-fetch or depend on packages that use a version of node-fetch prior to 3.2.5, which are known to be vulnerable to this MaxListenersExceededWarning. As stated here, upgrading to [email protected] or later should solve the issue.

Further information on the problem can be found here.

Steps and code to reproduce issue

Upgrade Node.js to version 20.7.0 while having some packages depending on node-fetch prior to version 3.2.5.
@marck283 marck283 added new A new issue that hasn't be categoirzed as question, bug or feature request question labels Sep 28, 2023
@jbalidiong jbalidiong added needs-attention and removed new A new issue that hasn't be categoirzed as question, bug or feature request labels Sep 28, 2023
@marck283
Copy link
Author

As a side-note, node-fetch's versions up to 3.2.10 also suffer from Regular Expression Denial of Service (as can be seen here), making [email protected] the earliest non-vulnerable version of that package.

@hsubox76
Copy link
Contributor

hsubox76 commented Oct 2, 2023

Thanks for the detailed info. We already have it on our list to upgrade to node-fetch 3+ in response to a previous issue: #7280 but we can increase the priority of this.

@marck283
Copy link
Author

marck283 commented Oct 2, 2023

Thank you for answering! Just in case, I have also left a comment on the PR #7359 associated to the issue #7280 which describes the proposed solution for the issues reported here.

@marck283 marck283 mentioned this issue Oct 2, 2023
Closed
@DellaBitta DellaBitta mentioned this issue Oct 29, 2023
Merged
DellaBitta added a commit that referenced this issue Nov 12, 2023
@DellaBitta
Replace node-fetch dependency with undici (#7705)
bebecda 
Update our dependency on aging `node-fetch` `v2.6.7` to `undici` `v5.26.5`.

This should fix some vulnerabilities within node-fetch as well as fix user issue #7660.
@marck283
Copy link
Author

Since the commit that solves this issue is now merged into the master branch, I will now close this issue.

@firebase firebase locked and limited conversation to collaborators Dec 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api: auth question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@DellaBitta @hsubox76 @google-oss-bot @marck283 @jbalidiong