New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security issue: use alternative to isomorphic-fetch dependency #95
Comments
matthew-andrews/isomorphic-fetch#204 (comment) cross-fetch seems to be a drop-in alternative |
shazron
added a commit
to shazron/openwhisk-wskdebug
that referenced
this issue
Mar 15, 2022
selfxp
pushed a commit
that referenced
this issue
Apr 19, 2022
* fix: swap isomorphic-fetch for cross-fetch for security issue See #95 * fix: swap cross-fetch with node-fetch@^2.6.7 * temp change(debug): output wskdebug --ngrok myaction to see error message * Revert "temp change(debug): output wskdebug --ngrok myaction to see error message" This reverts commit bcae6b5. * fix: add --legacy-peer-deps to the wskdebug install in the Dockerfile node-lts (node-16) by default includes npm@7 which installs peer dependencies by default. Adding this flag will not install peer dependencies. * remove --legacy--peer-deps from Dockerfile * update package-lock.json
closed via #96 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The library does not seem maintained, especially since it depends on node-fetch which has a security issue that is still unpatched:
matthew-andrews/isomorphic-fetch#204
The last release for isomorphic-fetch is Sep 2020, about 16 months ago.
The text was updated successfully, but these errors were encountered: