fix: swap isomorphic-fetch for node-fetch for security issue (#96)

* fix: swap isomorphic-fetch for cross-fetch for security issue

See #95

* fix: swap cross-fetch with node-fetch@^2.6.7

* temp change(debug): output wskdebug --ngrok myaction to see error message

* Revert "temp change(debug): output wskdebug --ngrok myaction to see error message"

This reverts commit bcae6b5.

* fix: add --legacy-peer-deps to the wskdebug install in the Dockerfile

node-lts (node-16) by default includes npm@7 which installs peer dependencies by default. Adding this flag will not install peer dependencies.

* remove --legacy--peer-deps from Dockerfile

* update package-lock.json

package.json

@@ -52,9 +52,9 @@
         "fs-extra": "^8.1.0",
         "get-port": "^5.1.1",
         "is-port-reachable": "^3.0.0",
-        "isomorphic-fetch": "^3.0.0",
         "livereload": "^0.9.1",
         "manakin": "^0.5.2",
+        "node-fetch": "^2.6.7",
         "openwhisk": "^3.21.4",
         "ora": "^4.0.3",
         "pretty-bytes": "^5.3.0",

src/invoker.js

@@ -17,7 +17,7 @@
 
 'use strict';
 
-const fetch = require('fetch-retry')(require('isomorphic-fetch'));
+const fetch = require('fetch-retry')(require('node-fetch'));
 const kinds = require('./kinds/kinds');
 const path = require('path');
 const log = require("./log");

test/ngrok.test.js

@@ -24,7 +24,7 @@ let Debugger = require("../src/debugger");
 
 const assert = require('assert');
 const nock = require('nock');
-const fetch = require('isomorphic-fetch');
+const fetch = require('node-fetch');
 const mockRequire = require('mock-require');
 
 function mockNgrokLibrary(connect, kill) {