We currently depend on undici and use it directly for fetch dispatchers, while most request execution still uses the Node global fetch.
Current direct usage:
lib/utils/serverless-utils/download.js: imports Agent and passes it as a fetch dispatcher for rejectUnauthorized: false downloads.lib/plugins/plugin/lib/utils.js: imports ProxyAgent and passes it as a fetch dispatcher for plugin registry requests through proxy env vars.- Additional direct
fetch call sites use the global implementation: rollback-function.js, download-template-from-repo.js, standalone.js, and utils/standalone.js.
undici@8.2.0 currently declares engines: { node: ">=22.19.0" }, so it is not compatible with the current project engine range of ^20.19.0 || ^22.13.0 || >=24.
Undici 8 also changes lower-level dispatcher internals. To avoid mixing Undici 8 dispatchers with Node built-in global fetch, the migration should use undici.fetch consistently for direct fetch usage.
Proposed Scope
- Raise the package Node engine floor to at least
>=22.19.0 after Node 20 support is intentionally dropped.
- Upgrade
undici to ^8.2.0 or the latest compatible 8.x release at the time of the change.
- Import
fetch from undici at all direct fetch call sites in lib.
- In
serverless-utils/download.js, import Headers from undici as well so fetch, Headers, and Agent come from the same implementation.
- Keep AWS SDK HTTP handling out of scope.
- Keep generated/runtime custom resource
https usage out of scope.
Direct Fetch Call Sites To Review
lib/utils/serverless-utils/download.jslib/plugins/plugin/lib/utils.jslib/plugins/aws/rollback-function.jslib/utils/download-template-from-repo.jslib/plugins/standalone.jslib/utils/standalone.js
Test Updates
- Replace tests that monkeypatch
globalThis.fetch with proxyquire stubs for undici.fetch, or use Undici MockAgent where integration-style behavior is needed.
- Preserve coverage for manual redirects and redirect body cancellation in
serverless-utils/download.
- Preserve coverage that proxy-backed plugin registry fetches pass a dispatcher.
We currently depend on
undiciand use it directly for fetch dispatchers, while most request execution still uses the Node globalfetch.Current direct usage:
lib/utils/serverless-utils/download.js: importsAgentand passes it as afetchdispatcher forrejectUnauthorized: falsedownloads.lib/plugins/plugin/lib/utils.js: importsProxyAgentand passes it as afetchdispatcher for plugin registry requests through proxy env vars.fetchcall sites use the global implementation:rollback-function.js,download-template-from-repo.js,standalone.js, andutils/standalone.js.undici@8.2.0currently declaresengines: { node: ">=22.19.0" }, so it is not compatible with the current project engine range of^20.19.0 || ^22.13.0 || >=24.Undici 8 also changes lower-level dispatcher internals. To avoid mixing Undici 8 dispatchers with Node built-in global
fetch, the migration should useundici.fetchconsistently for direct fetch usage.Proposed Scope
>=22.19.0after Node 20 support is intentionally dropped.undicito^8.2.0or the latest compatible 8.x release at the time of the change.fetchfromundiciat all direct fetch call sites inlib.serverless-utils/download.js, importHeadersfromundicias well sofetch,Headers, andAgentcome from the same implementation.httpsusage out of scope.Direct Fetch Call Sites To Review
lib/utils/serverless-utils/download.jslib/plugins/plugin/lib/utils.jslib/plugins/aws/rollback-function.jslib/utils/download-template-from-repo.jslib/plugins/standalone.jslib/utils/standalone.jsTest Updates
globalThis.fetchwithproxyquirestubs forundici.fetch, or use UndiciMockAgentwhere integration-style behavior is needed.serverless-utils/download.