-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate away from graphql-client
and is-my-json-valid
#3495
Comments
The PR is merged and released now, took me ~2 days since I have a lot of other notifications to go thru, sorry about that... edit: not saying you can't change of course, AJV is also a great project 👍 |
|
See #3497
I choose to vendor "graphql-client" for now. That's the least disruptive way, and the library is small enough. We can explore other libraries in the future. As for canceling running requests, we would have to use AbortController (https://caniuse.com/abortcontroller), which should be trivial now we have "graphql-client" maintained in this repo.
Bumped |
Will you be releasing these changes any time soon? There's a critical security vulnerability being flagged up by the latest version (10.5.3) because of an issue with |
I will release now. Should be done in 30min. |
Case
Something else
Issue
npm emits:
expand
rxdb is fantastic, but security warnings are deal breakers. I understand that some security vulnerabilities might be less relevant, but when it comes to security, it is better to stay on the safe side.
graphql-client
is unmaintained. It is very small (single file) and the license (ISC) is compatible, so the easiest way to deal with the issue would be to vendor it (i.e. copy it to this repo, and make it use a newer version ofisomorphic-fetch
orfetch-ponyfill
). Alternatively, migrate to a different library.For
is-my-json-valid
, a PR is open (mafintosh/is-my-json-valid#188), but the project doesn't seem to be active. https://github.com/ajv-validator/ajv is a much healthier and more performant alternative.Info
Code
The text was updated successfully, but these errors were encountered: