[@vercel/build-utils] fix uncaught exception in streamToBuffer when stream exceeds max Buffer size#15276
Merged
[@vercel/build-utils] fix uncaught exception in streamToBuffer when stream exceeds max Buffer size#15276
Conversation
…tream exceeds max Buffer size
🦋 Changeset detectedLatest commit: 027a686 The changes in this PR will be included in the next version bump. This PR includes changesets to release 15 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
📦 CLI Tarball ReadyThe Vercel CLI tarball for this PR is now available! Quick TestYou can test this PR's CLI directly by running: npx https://vercel-lpmnh2ypb.vercel.sh/tarballs/vercel.tgz --helpUse in vercel.jsonTo use this CLI version in your project builds, add to your {
"build": {
"env": {
"VERCEL_CLI_VERSION": "vercel@https://vercel-lpmnh2ypb.vercel.sh/tarballs/vercel.tgz"
}
}
}Python Runtime WheelA Python Workers WheelA |
Contributor
🧪 Unit Test StrategyComparing: Strategy: Code changed outside of a package - running all unit tests Affected packages - 40 (100%)
Results
This comment is automatically generated based on the affected testing strategy |
ofhouse
approved these changes
Feb 26, 2026
Merged
ricardo-agz
pushed a commit
that referenced
this pull request
Feb 26, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @vercel/routing-utils@6.0.0 ### Major Changes - Allow `routes` to coexist with `rewrites`, `headers`, `redirects`, `cleanUrls`, and `trailingSlash`. ([#15020](#15020)) This is part of our efforts to undeprecate `routes`, which had previously been deprecated for a few years and replaced by the properties above. Now that we are undeprecating `routes` in favor of a more focused deprecation of properties within it, it is now allowed to coexist with the new properties. When used together, `routes` are inserted after `cleanUrls` and `trailingSlash` but before `redirects`, `headers`, and `rewrites` in the routing order. - Deprecate `handle`, `important`, and `override` properties in `routes` schema ([#15015](#15015)) ## @vercel/build-utils@13.6.0 ### Minor Changes - Find entrypoints for django projects. ([#15167](#15167)) ### Patch Changes - Rename fetch to nodeFetch in cases where it is an import from node-fetch ([#15234](#15234)) - [@vercel/build-utils] fix uncaught exception in streamToBuffer when stream exceeds max Buffer size ([#15276](#15276)) - Remove source and destination typo suggestions for routes schema ([#15014](#15014)) - Support function overrides in backends builder ([#15214](#15214)) - Updated dependencies \[[`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc)]: - @vercel/python-analysis@0.8.0 ## vercel@50.25.0 ### Minor Changes - Launch auto-provision flow as default for `vercel integration add` and `vercel install`. The `FF_AUTO_PROVISION_INSTALL` flag is now a kill-switch (`=0` to revert) instead of opt-in. ([#15265](#15265)) - [services] make the `experimentalServices` config the primary marker for the services flow ([#15246](#15246)) - Added command to fetch a development OIDC token ([#14785](#14785)) ### Patch Changes - Rename fetch to nodeFetch when importing from node-fetch ([#15232](#15232)) - Add setup/destroy hooks and context handling to the CLI eval runner. ([#15247](#15247)) - [services] fix dev server hang when FastAPI CLI is used ([#15274](#15274)) - Fix `--help` flag to return exit code 0 instead of 2 for the `metrics` command, aligning with standard CLI conventions. ([#15259](#15259)) - Rename fetch to nodeFetch in cases where it is an import from node-fetch ([#15234](#15234)) - Change `vercel metrics` default query output from CSV to rich text with metadata, summary tables, sparklines, and optional raw values via `--raw-values`. ([#15178](#15178)) - Removes the legacy SSO redirect flow code. ([#15228](#15228)) - Updated dependencies \[[`ad86425c3e0a1d1738cef8464dd767dd1d9a0e9a`](ad86425), [`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269), [`d9e3a570a9c6ee47afa3446ec611b6a9e4b4feec`](d9e3a57), [`2db57840669ca2fa8dadf492bd38c21bf9e3cfeb`](2db5784), [`0d42acfd22e51e51cb0e4a5aea7c19f3886ed496`](0d42acf), [`8404a7315260851495d708f1c7c6e870d7ffa007`](8404a73), [`fbf649223e6fa8b509295a85784347dcebd4a0b0`](fbf6492), [`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc), [`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585)]: - @vercel/remix-builder@5.6.0 - @vercel/python@6.17.0 - @vercel/next@4.15.35 - @vercel/node@5.6.8 - @vercel/static-build@2.8.42 - @vercel/build-utils@13.6.0 - @vercel/go@3.4.3 - @vercel/backends@0.0.38 - @vercel/elysia@0.1.41 - @vercel/express@0.1.50 - @vercel/fastify@0.1.44 - @vercel/h3@0.1.50 - @vercel/hono@0.2.44 - @vercel/koa@0.1.24 - @vercel/nestjs@0.2.45 - @vercel/redwood@2.4.9 - @vercel/rust@1.0.5 - @vercel/hydrogen@1.3.5 - @vercel/ruby@2.3.2 ## @vercel/python@6.17.0 ### Minor Changes - Find entrypoints for django projects. ([#15167](#15167)) ### Patch Changes - Rename fetch to nodeFetch when importing from node-fetch ([#15232](#15232)) - [services] fix dev server hang when FastAPI CLI is used ([#15274](#15274)) - [python] fix dev server crash on relative imports ([#15269](#15269)) - Updated dependencies \[[`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc)]: - @vercel/python-analysis@0.8.0 ## @vercel/python-analysis@0.8.0 ### Minor Changes - Find entrypoints for django projects. ([#15167](#15167)) ## @vercel/remix-builder@5.6.0 ### Minor Changes - [remix] Support future.v8_middleware option ([#15189](#15189)) ## @vercel/backends@0.0.38 ### Patch Changes - Support function overrides in backends builder ([#15214](#15214)) - Updated dependencies \[[`2db57840669ca2fa8dadf492bd38c21bf9e3cfeb`](2db5784), [`0d42acfd22e51e51cb0e4a5aea7c19f3886ed496`](0d42acf), [`8404a7315260851495d708f1c7c6e870d7ffa007`](8404a73), [`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc), [`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585)]: - @vercel/build-utils@13.6.0 ## @vercel/cervel@0.0.25 ### Patch Changes - Updated dependencies \[[`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585)]: - @vercel/backends@0.0.38 ## @vercel/client@17.2.48 ### Patch Changes - rename fetch to fetchApi ([#15231](#15231)) - Updated dependencies \[[`e64a85daec784b4fe571abe7405a80aca150007a`](e64a85d), [`2db57840669ca2fa8dadf492bd38c21bf9e3cfeb`](2db5784), [`0d42acfd22e51e51cb0e4a5aea7c19f3886ed496`](0d42acf), [`8404a7315260851495d708f1c7c6e870d7ffa007`](8404a73), [`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc), [`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585), [`af6a651229cad4ddb7fcc15bd14d06355c2b77ee`](af6a651)]: - @vercel/routing-utils@6.0.0 - @vercel/build-utils@13.6.0 ## @vercel/config@0.0.35 ### Patch Changes - Updated dependencies \[[`e64a85daec784b4fe571abe7405a80aca150007a`](e64a85d), [`af6a651229cad4ddb7fcc15bd14d06355c2b77ee`](af6a651)]: - @vercel/routing-utils@6.0.0 ## @vercel/elysia@0.1.41 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/express@0.1.50 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 - @vercel/cervel@0.0.25 ## @vercel/fastify@0.1.44 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/frameworks@3.19.1 ### Patch Changes - Rename fetch to nodeFetch when importing from node-fetch ([#15232](#15232)) ## @vercel/fs-detectors@5.8.12 ### Patch Changes - Support function overrides in backends builder ([#15214](#15214)) - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269), [`e64a85daec784b4fe571abe7405a80aca150007a`](e64a85d), [`af6a651229cad4ddb7fcc15bd14d06355c2b77ee`](af6a651)]: - @vercel/frameworks@3.19.1 - @vercel/routing-utils@6.0.0 ## @vercel/gatsby-plugin-vercel-builder@2.0.140 ### Patch Changes - Updated dependencies \[[`2db57840669ca2fa8dadf492bd38c21bf9e3cfeb`](2db5784), [`0d42acfd22e51e51cb0e4a5aea7c19f3886ed496`](0d42acf), [`8404a7315260851495d708f1c7c6e870d7ffa007`](8404a73), [`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc), [`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585)]: - @vercel/build-utils@13.6.0 ## @vercel/go@3.4.3 ### Patch Changes - Rename fetch to nodeFetch in cases where it is an import from node-fetch ([#15234](#15234)) ## @vercel/h3@0.1.50 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/hono@0.2.44 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/koa@0.1.24 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/nestjs@0.2.45 ### Patch Changes - Updated dependencies \[[`3d872692c601abeec98743d2af3a3ea19587e799`](3d87269)]: - @vercel/node@5.6.8 ## @vercel/next@4.15.35 ### Patch Changes - Rename fetch to nodeFetch when importing from node-fetch ([#15232](#15232)) ## @vercel/node@5.6.8 ### Patch Changes - Rename fetch to nodeFetch when importing from node-fetch ([#15232](#15232)) - Updated dependencies \[[`2db57840669ca2fa8dadf492bd38c21bf9e3cfeb`](2db5784), [`0d42acfd22e51e51cb0e4a5aea7c19f3886ed496`](0d42acf), [`8404a7315260851495d708f1c7c6e870d7ffa007`](8404a73), [`b3a96cc4f276ce8d16c695eabd499d3a17e73aa8`](b3a96cc), [`9a6358529f0737415110cf03d626dc9ee8e99126`](9a63585)]: - @vercel/build-utils@13.6.0 ## @vercel/static-build@2.8.42 ### Patch Changes - Rename fetch to nodeFetch in cases where it is an import from node-fetch ([#15234](#15234)) - Updated dependencies \[]: - @vercel/gatsby-plugin-vercel-builder@2.0.140 ## @vercel/python-runtime@0.5.2 ### Patch Changes - fix ASGI lifecycle events in non-IPC codepath ([#15268](#15268)) ## @vercel/python-workers@0.0.11 ### Patch Changes - Add a version bump for `@vercel/python-workers` so previously merged changes are included in the next release. ([#15254](#15254)) <!-- VADE_RISK_START --> > [!NOTE] > Low Risk Change > > This PR is an automated Changesets release that only updates version numbers in package.json files and CHANGELOG.md files across multiple packages, with no logic or schema changes. > > - Version bumps across ~30 packages (package.json version fields) > - CHANGELOG.md updates documenting previously merged changes > - Deletion of .changeset/*.md files consumed by release automation > > <sup>Risk assessment for [commit 9b78e59](https://github.com/vercel/vercel/commit/9b78e59c7c4716d10beac3a0228e767c8565f65a).</sup> <!-- VADE_RISK_END --> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
eoscallback body instreamToBufferwith try/catch so that errors fromBuffer.concat(orBuffer.allocUnsafe) become proper Promise rejections instead of uncaught exceptionstry/catcharoundawait streamToBuffer(...)never fires because the error is thrown inside an async event handler, bypassing the Promise chain entirelystreamToBuffercollects chunks from a stream and callsBuffer.concat(buffers)inside theend-of-streamcallback. When the total data exceedsbuffer.constants.MAX_LENGTH(~4 GiB on Node 20),Buffer.concatthrows aRangeError. Because this happens inside an event callback rather than the Promise executor, the error escapes as an uncaught exception and the Promise never settles.Note
Low Risk Change
This PR adds defensive error handling by wrapping Buffer operations in try/catch to convert uncaught exceptions into proper Promise rejections, improving error handling without changing any security or business logic.
Risk assessment for commit 027a686.