isomorphic-fetch icon indicating copy to clipboard operation
isomorphic-fetch copied to clipboard

Published 20 hours ago verified publisher icon matthew-andrews

update node-fetch to v3.x

Open jimmywarting opened this issue 4 years ago • 7 comments

jimmywarting avatar Nov 08 '21 22:11 jimmywarting

Any progress on this one?

Our company's security scans are showing vulnerabilities in node-fetch and are blocking deploys based on this package based on the sub-dependency. node-fetch v3.1.1 solves the issue.

cosmolightfoot avatar Jan 21 '22 19:01 cosmolightfoot

Apparently node-fetch v3 breaks non-ESM applications: https://github.com/node-fetch/node-fetch/issues/1263

borisovg avatar Jan 25 '22 18:01 borisovg

I am also stuck for a week now and have not found any solution yet.

bhavikagrawal avatar Feb 02 '22 14:02 bhavikagrawal

@bhavikagrawal what are you stuck with? anything i can do to help?

jimmywarting avatar Feb 02 '22 17:02 jimmywarting

@jimmywarting , I am also stuck in one of the issue, the fix for this one is get updated to node-fetch - v3.x.

RishikeshDarandale avatar Feb 03 '22 07:02 RishikeshDarandale

2.6.7 also has the security patch

shazron avatar Feb 07 '22 09:02 shazron

@shazron , Yes it's patched in 2.6.7, but there is an issue using 2.x in tandem with auth-react package. Please see here, thus upgrade 3.x would be the best way for me. Yes, there is a workaround using with 2.x, but going with 3.x is better way for me.

RishikeshDarandale avatar Feb 07 '22 11:02 RishikeshDarandale