Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use isomorphic fetch #40

Merged
merged 1 commit into from
Sep 12, 2023
Merged

Use isomorphic fetch #40

merged 1 commit into from
Sep 12, 2023

Conversation

frankrowe
Copy link
Contributor

The portable-fetch library has a security vulnerability. This PR swaps it out for isomorphic-fetch, which is a drop in replacement.

node-fetch  <=2.6.6
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
No fix available
node_modules/node-fetch
  portable-fetch  *
  Depends on vulnerable versions of node-fetch
  node_modules/portable-fetch

@KaraFox KaraFox merged commit f14d596 into fulcrumapp:main Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KaraFox KaraFox KaraFox approved these changes

@chrisworkmode chrisworkmode chrisworkmode approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frankrowe @KaraFox @chrisworkmode