inlong icon indicating copy to clipboard operation
inlong copied to clipboard
verified publisher icon apache

[INLONG-8691][Security] Upgrade Node-Fetch Version

Open liaosunny123 opened this issue 2 years ago • 2 comments

Prepare a Pull Request

(Change the title refer to the following example)

  • Title Example: [INLONG-XYZ][Component] Title of the pull request

(The following XYZ should be replaced by the actual GitHub Issue number)

  • Fixes #8691

Motivation

Upgrade Node-Fetch Version to avoid the security problems.

Modifications

Upgrade Node-Fetch Version

Verifying this change

(Please pick either of the following options)

  • [x] This change is a trivial rework/code cleanup without any test coverage.

  • [ ] This change is already covered by existing tests, such as: (please describe tests)

  • [ ] This change added tests and can be verified as follows:

    (example:)

    • Added integration tests for end-to-end deployment with large payloads (10MB)
    • Extended integration test for recovery after broker failure

Documentation

  • Does this pull request introduce a new feature? (yes / no)
  • If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)
  • If a feature is not applicable for documentation, explain why?
  • If a feature is not documented yet in this PR, please create a follow-up issue for adding the documentation

liaosunny123 avatar Aug 10 '23 09:08 liaosunny123

node-fetch is a dependency of umi-request, so it is a sub-dependency of this project, we should not write it directly into package.json, which may cause version conflicts. I suggest that the best solution to this problem is to wait for the direct dependencies to be upgraded.

leezng avatar Aug 14 '23 02:08 leezng

This PR is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Oct 14 '23 01:10 github-actions[bot]