react-image-magnify icon indicating copy to clipboard operation
react-image-magnify copied to clipboard

Published 20 hours ago verified publisher icon ethanselzer

Vulnerability in transient dependency node-fetch

Open ceisele-r opened this issue 5 years ago • 1 comments

For node-fetch, there is the advisory https://npmjs.com/advisories/1556 .

As react-image-magnify uses node-fetch via this path react-image-magnify > prop-types > fbjs > isomorphic-fetch > node-fetch, react-image-magnify brings in this vulnerability to projects using it.

Is there an update planned? I saw there was #71 some time ago that would probably fix this (even though the PR seems to contain files that should not be committed) if it would remove fbjs from the dependency tree.

ceisele-r avatar Sep 14 '20 13:09 ceisele-r

Hi @ceisele-r I've forked the project and added support here: https://www.npmjs.com/package/@blacklab/react-image-magnify

As a note, I'm still working through some bugs that resulted in the rewrite. If you use this library and encounter any, please report them as issues in my github repo so I can address them.

Thanks!

gooftroop avatar Sep 16 '21 19:09 gooftroop