good morning guys. I have a trouble, I'm trying to deploy a Nextjs application on Cloudflare followi

good morning guys. I have a trouble, I'm trying to deploy a Nextjs application on Cloudflare following the documentation, and to do it I need to install da package @cloudflare/next-on-pages, the problema is this package in the current version 1.11.0 have 6 vulnerabilities, 3 low and 3 moderate. Take a look

 # npm audit report

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/debug
  @vercel/fun  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of semver
  node_modules/@vercel/fun
    vercel  28.12.3 || 29.0.1 - 29.0.3 || >=32.0.2
    Depends on vulnerable versions of @vercel/fun
    Depends on vulnerable versions of @vercel/node
    node_modules/vercel

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/semver

undici  <=5.28.3
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672      
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7fix available via `npm audit fix`
node_modules/@vercel/node/node_modules/undici
  @vercel/node  2.14.0 || >=3.0.2
  Depends on vulnerable versions of undici
  node_modules/@vercel/node

6 vulnerabilities (3 low, 3 moderate)

 # npm audit report

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/debug
  @vercel/fun  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of semver
  node_modules/@vercel/fun
    vercel  28.12.3 || 29.0.1 - 29.0.3 || >=32.0.2
    Depends on vulnerable versions of @vercel/fun
    Depends on vulnerable versions of @vercel/node
    node_modules/vercel

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/semver

undici  <=5.28.3
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672      
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7fix available via `npm audit fix`
node_modules/@vercel/node/node_modules/undici
  @vercel/node  2.14.0 || >=3.0.2
  Depends on vulnerable versions of undici
  node_modules/@vercel/node

6 vulnerabilities (3 low, 3 moderate)

 # npm audit report

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/debug
  @vercel/fun  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of semver
  node_modules/@vercel/fun
    vercel  28.12.3 || 29.0.1 - 29.0.3 || >=32.0.2
    Depends on vulnerable versions of @vercel/fun
    Depends on vulnerable versions of @vercel/node
    node_modules/vercel

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/semver

undici  <=5.28.3
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672      
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7fix available via `npm audit fix`
node_modules/@vercel/node/node_modules/undici
  @vercel/node  2.14.0 || >=3.0.2
  Depends on vulnerable versions of undici
  node_modules/@vercel/node

6 vulnerabilities (3 low, 3 moderate)

 # npm audit report

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/debug
  @vercel/fun  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of semver
  node_modules/@vercel/fun
    vercel  28.12.3 || 29.0.1 - 29.0.3 || >=32.0.2
    Depends on vulnerable versions of @vercel/fun
    Depends on vulnerable versions of @vercel/node
    node_modules/vercel

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@vercel/fun/node_modules/semver

undici  <=5.28.3
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672      
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7fix available via `npm audit fix`
node_modules/@vercel/node/node_modules/undici
  @vercel/node  2.14.0 || >=3.0.2
  Depends on vulnerable versions of undici
  node_modules/@vercel/node

6 vulnerabilities (3 low, 3 moderate)

KKimitri good morning guys. I have a trouble, I'm trying to deploy a Nextjs application o...

KimitriOP•4/5/24, 5:21 AM

the way that I tried to fix it is by installing the vercel package version 32.3.0 bit it maintain the 3 low vulnerabilities, and when I update the vercel package to latest version 33.6.3, the 3 moderate vulnerabilities come back, have some one experienced this issue?

MylesBolton•4/5/24, 9:05 AM

any way for me to use nodemailer

MylesBolton•4/5/24, 9:05 AM

had just fixed all my errors to find out i cant use it

MylesBolton•4/5/24, 9:07 AM

i will have to figure out how to use functions tomorow then at some point it seems

James•4/5/24, 9:11 AM

the name nodemailer implies that it's designed specifically work in nodejs so it'll likely have incompatibilities with the edge runtime

JJames the name nodemailer implies that it's designed specifically work in nodejs so it...

MylesBolton•4/5/24, 9:12 AM

yes i wasent really thinking that far ahead tbf

MylesBolton•4/5/24, 9:13 AM

i dont think there is anything else that can take a email login e.g. SMTP creds and send out a email though it locally

G O A T•4/5/24, 3:00 PM

hey, i was wondering if anyone has had any success migrating from vercel to cloudflare for their next.js 14 project. i am looking to do so as i use cloudflare for other parts of my project and cloudflare is nice and cheap. However, I was wondering if cloudflare fully supports all the features that next.js uses?

James•4/5/24, 3:07 PM

We have a supported doc that I would recommend giving a quick look. The notable call outs are that we are not able to support Incremental Static Regeneration or Partial Prerendering due to limitations around how they work (they depend on nodejs).

Venkat Dinavahi•4/5/24, 3:13 PM

Hey all, for local development I'm seeing that I can now just call

next start

next start

and it magicaly works through this addition:

if (process.env.NODE_ENV === "development") {
  const { setupDevPlatform } = require("@cloudflare/next-on-pages/next-dev")
  setupDevPlatform()
}

if (process.env.NODE_ENV === "development") {
  const { setupDevPlatform } = require("@cloudflare/next-on-pages/next-dev")
  setupDevPlatform()
}

This is quite amazing, but I'm trying to figure out how to enable connecting to real remote objects instead of a mocked version (through miniflare). Something equivalent to this wrangler command: npx wrangler dev --remotenpx wrangler dev --remote

Is there a way to enable the

--remote

--remote

flag when I call

next start

next start

G O A T•4/5/24, 3:20 PM

thanks james

VVenkat Dinavahi Hey all, for local development I'm seeing that I can now just call `next start` ...

James•4/5/24, 3:24 PM

Afraid not since the next dev bindings are using miniflare which is local-only emulation

Venkat Dinavahi•4/5/24, 3:26 PM

It seems like it should be possible in theory:
https://developers.cloudflare.com/workers/testing/local-development/#develop-locally-using-remote-resources-and-bindings

Isn't next-on-pages using wrangler underneath?

Cloudflare Docs

Local development · Cloudflare Workers docs

Develop your Workers locally via Wrangler.

Venkat Dinavahi•4/5/24, 3:26 PM

"wrangler dev runs locally by default. This means that all resources and bindings are simulated locally as well. However, there may be times you need to develop against remote resources and bindings. To run wrangler dev remotely, add the --remote flag"

Venkat Dinavahi•4/5/24, 3:27 PM

What I'm running into -- our app uses a mix of R2 bindings and the aws presigned urls which makes it tricky to test the app as-is

James•4/5/24, 3:28 PM

It uses the getPlatformProxy() utility that ships with wrangler and that utility uses miniflare's magic proxy internally, so it's a bit different to just running wrangler dev

Venkat Dinavahi•4/5/24, 3:30 PM

Ah got it thanks for clarifying
Is there a workaround to test things out such as running the next-on-pages with wrangler instead of using

next start

next start

James•4/5/24, 3:32 PM

You can build your app with next-on-pages and then run it using wrangler pages dev if you wanted to run things in wrangler, but for development this is not advised as you'd lose out on HMR

Venkat Dinavahi•4/5/24, 3:33 PM

got it

Venkat Dinavahi•4/5/24, 3:33 PM

maybe i need to implement a local version of pre-signed urls

Venkat Dinavahi•4/5/24, 3:33 PM

Maybe it's a large undertaking - feature request would be to allow a remote option for setupDevPlatform

certain features are tough to test without the real thing

Venkat Dinavahi•4/5/24, 3:35 PM

I guess it means getPlatformProxy would need to somehow transparently proxy to real bindings vs miniflare. Seems complex but would make the developer experience amazing

Venkat Dinavahi•4/5/24, 3:35 PM

GitHub

🚀 Feature Request: Add remote support for getPlatformProxy · Issue ...

Describe the solution Currently, unstable_dev supports passing in a local flag in the options object, but getPlatformProxy doesn't support it. This means that things like Cloudflare AI, which r...

Venkat Dinavahi•4/5/24, 3:37 PM

Ok so looks like it's really on getting that implemented since I'm seeing that setupDevBindingssetupDevBindings is a thin wrapper on getPlatformProxy

James•4/5/24, 3:42 PM

Indeed

whois | API man•4/5/24, 6:54 PM

Hello! So I’m using next-intl for my NextJs site, it’s my first time using Cloudflare, so now that I deployed with Git… well the page shows a 404 error saying it doesn’t exist, I’m not sure if I need to like use functions to make it work with next-intl or something (or if the problem is even related to next-intl lol)

JJames Not sure what you mean by caching correctly? You typically don't cache pages whe...

FelDev•4/5/24, 7:19 PM

Question about caching and SSR pages.
Our assumption was that when we fetch data on any page, Next.js's data caching would kick in.
However, with export const runtime = "edge"export const runtime = "edge", no cache is used at all.
I understand that SSR pages are... Server Side Rendered.
But our use case is that not everything needs to be fetched at request-time.
Specifically, the data we fetch from Firestore only needs to be fetched at build time, the data we do want to fetch on every request comes from Supabase.
How can we use the cache on an SSR page?

Rafael França•4/5/24, 8:18 PM

How can I use Sentry Pages Plugin with Next?

FFelDev Question about caching and SSR pages. Our assumption was that when we fetch data...

Nob•4/5/24, 8:34 PM

if you fetch your data you can do:

fetch('mydataurl.com/nanana.json', {cache: "force-cache"})

fetch('mydataurl.com/nanana.json', {cache: "force-cache"})

Original message was deleted

Nob•4/5/24, 8:38 PM

Pat Branchaud•4/5/24, 8:38 PM

Pat Branchaud•4/5/24, 8:39 PM

FYI : It's a long journey for Felix, and Philippe and I we all work on the same project

PPat Branchaud Click to see attachment

Nob•4/5/24, 8:40 PM

I think "force-cache" is self explaining of its function

Nob•4/5/24, 8:40 PM

i dont understand your question

Pat Branchaud•4/5/24, 8:41 PM

not a question, I meant thank you it seems to work

PPat Branchaud not a question, I meant thank you it seems to work

Nob•4/5/24, 8:42 PM

ahhh okay long journey for me too lul

Pat Branchaud•4/5/24, 8:42 PM

2 days of searching and then the trex head solves it with 2 words

Nob•4/5/24, 8:43 PM

also you should add a KV binding named __NEXT_ON_PAGES__KV_SUSPENSE_CACHE__NEXT_ON_PAGES__KV_SUSPENSE_CACHE

Nob•4/5/24, 8:43 PM

because without it, caching is only at datacenter level

NNob also you should add a KV binding named ``__NEXT_ON_PAGES__KV_SUSPENSE_CACHE``

SeeringPhil•4/5/24, 8:44 PM

Yeah, the binding was already in place but no keys were saved before the force-cache

Nob•4/5/24, 8:45 PM

@Pat Branchaud no i'm not consulting or freelance x)

Nob•4/5/24, 8:45 PM

i'm doing gaming websites

FelDev•4/5/24, 8:45 PM

Thanks a lot though, seriously.

James•4/5/24, 9:00 PM

IIRC force-cache is supposed to be the default but I guess we probably need to do some logic to apply it if no cache value is specified.

I'd be a bit hesitant to add that in now though considering we've had our fetch cache live for like 8 months and that kind of change would probably be breaking for a lot of users

James•4/5/24, 9:02 PM

it's one of those things that would technically be a bug fix but in actuality would be a breaking change for almost all users who use fetch on the server

Pat Branchaud•4/5/24, 9:03 PM

could be added to documentation