Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update dependency of utils package #66

Closed
wants to merge 1 commit into from
Closed

chore: update dependency of utils package #66

wants to merge 1 commit into from

Conversation

novaliu86
Copy link

Update package isomorphic-fetch to new version. Get this when installing existing @0x/utils package:

$ npm audit
# npm audit report

node-fetch  <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
No fix available
node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    @0x/utils  *
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/@0x/utils

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Description

Testing instructions

Types of changes

Checklist:

  • Prefix PR title with [WIP] if necessary.
  • Add tests to cover changes as needed.
  • Update documentation as needed.
  • Add new entries to the relevant CHANGELOG.jsons.

@novaliu86
chore: update dependency of utils package
ed30039 
Update package `isomorphic-fetch` to new version. Get this when installing existing `@0x/utils` package:
```
$ npm audit
# npm audit report

node-fetch  <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - GHSA-r683-j2x4-v87g
The `size` option isn't honored after following a redirect in node-fetch - GHSA-w7rc-rwvf-8q5r
No fix available
node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    @0x/utils  *
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/@0x/utils

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
```
@novaliu86 novaliu86 requested a review from dekz August 3, 2022 00:46
@dekz
Copy link
Member

dekz commented Aug 3, 2022

added in #65

@dekz dekz closed this Aug 3, 2022
@dekz dekz deleted the xinxing/deps-version branch August 3, 2022 03:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekz dekz Awaiting requested review from dekz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@novaliu86 @dekz