-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency Extraction Webpack Plugin fails on Node v17 #36471
Comments
It looks like Webpack exposes its own hashing util: It's very likely that we could use it as follows: diff --git a/packages/dependency-extraction-webpack-plugin/lib/index.js b/packages/dependency-extraction-webpack-plugin/lib/index.js
index 0d9fc04bd5..40da8b9a73 100644
--- a/packages/dependency-extraction-webpack-plugin/lib/index.js
+++ b/packages/dependency-extraction-webpack-plugin/lib/index.js
@@ -1,7 +1,6 @@
/**
* External dependencies
*/
-const { createHash } = require( 'crypto' );
const path = require( 'path' );
const webpack = require( 'webpack' );
// In webpack 5 there is a `webpack.sources` field but for webpack 4 we have to fallback to the `webpack-sources` package.
@@ -219,7 +218,8 @@ class DependencyExtractionWebpackPlugin {
filename,
query,
basename: basename( filename ),
- contentHash: createHash( 'md4' )
+ contentHash: compilation
+ .createHash( 'md4' )
.update( assetString )
.digest( 'hex' ),
} At least this is what I read from webpack/webpack#14584 where webpack added their own md4 implementation in Wasm. |
I'm going to work on this one. |
That's awesome @bliebek - I just assigned this to you as you dive in. Excited to see what you create ✨ |
@gziolo what's the point of sticking to index 0d9fc04bd5..a411b8a2fb 100644
--- a/packages/dependency-extraction-webpack-plugin/lib/index.js
+++ b/packages/dependency-extraction-webpack-plugin/lib/index.js
@@ -1,7 +1,6 @@
/**
* External dependencies
*/
-const { createHash } = require( 'crypto' );
const path = require( 'path' );
const webpack = require( 'webpack' );
// In webpack 5 there is a `webpack.sources` field but for webpack 4 we have to fallback to the `webpack-sources` package.
@@ -30,6 +29,7 @@ class DependencyExtractionWebpackPlugin {
outputFormat: 'php',
outputFilename: null,
useDefaults: true,
+ hashFunction: 'md5',
},
options
);
@@ -145,6 +146,7 @@ class DependencyExtractionWebpackPlugin {
injectPolyfill,
outputFormat,
outputFilename,
+ hashFunction,
} = this.options;
@@ -219,7 +221,7 @@ class DependencyExtractionWebpackPlugin {
filename,
query,
basename: basename( filename ),
- contentHash: createHash( 'md4' )
+ contentHash: createHash( hashFunction )
.update( assetString )
.digest( 'hex' ),
}
@@ -238,7 +240,7 @@ class DependencyExtractionWebpackPlugin {
filename,
query,
basename: basename( filename ),
- contentHash: createHash( 'md4' )
+ contentHash: createHash( hashFunction ) |
We still support Node v12 and webpack v4, if |
I think it's neither the matter of node nor webpack version, but it's determined by OpenSSL version installed, see:
|
Feel free to open patch and we will take it from there 👍🏻 |
I ran into this issue after upgrading from Node 16.x to 18. OpenSSL was not updated. How can we solve this issue? |
Workaround (for now):
|
Let's try a simple fix by changing the OpenSSL provider: #40503. |
Otherwise, `yarn buildWordpressPlugin` throws in Node 18, see WordPress/gutenberg#36471
Description
Running
wp-scripts build
to build a block results in this error:The culprit is trying to use md4 hash:
gutenberg/packages/dependency-extraction-webpack-plugin/lib/index.js
Line 200 in c695c3b
Node v17 upgrades OpenSSL to 3.0, which moved md4 hash to the legacy provider. i.e. md4 is disabled by default.
webpack solved their issue by proving an md4 implementation. See webpack/webpack#14532. But the fix here could be as simple as switching to one of the hashes in the default provider, like md5. See https://wiki.openssl.org/index.php/OpenSSL_3.0#Provider_implemented_digests What is the significance of using md4?
A workaround with security implications as discussed in the webpack issue is to
export NODE_OPTIONS=--openssl-legacy-provider
before invoking nodeStep-by-step reproduction instructions
Install Node version 17
Invoke
wp-scripts build
on a block pluginScreenshots, screen recording, code snippet
No response
Environment info
Node 17.1.0
@wordpress/scripts 19.1.0
Please confirm that you have searched existing issues in the repo.
Yes
Please confirm that you have tested with all plugins deactivated except Gutenberg.
Yes
The text was updated successfully, but these errors were encountered: