security issue: use alternative to isomorphic-fetch dependency #95
Comments
|
matthew-andrews/isomorphic-fetch#204 (comment) cross-fetch seems to be a drop-in alternative |
shazron
added a commit
to shazron/openwhisk-wskdebug
that referenced
this issue
Mar 15, 2022
selfxp
pushed a commit
that referenced
this issue
Apr 19, 2022
* fix: swap isomorphic-fetch for cross-fetch for security issue See #95 * fix: swap cross-fetch with node-fetch@^2.6.7 * temp change(debug): output wskdebug --ngrok myaction to see error message * Revert "temp change(debug): output wskdebug --ngrok myaction to see error message" This reverts commit bcae6b5. * fix: add --legacy-peer-deps to the wskdebug install in the Dockerfile node-lts (node-16) by default includes npm@7 which installs peer dependencies by default. Adding this flag will not install peer dependencies. * remove --legacy--peer-deps from Dockerfile * update package-lock.json
|
closed via #96 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The library does not seem maintained, especially since it depends on node-fetch which has a security issue that is still unpatched:
matthew-andrews/isomorphic-fetch#204
The last release for isomorphic-fetch is Sep 2020, about 16 months ago.
The text was updated successfully, but these errors were encountered: