react-localize-redux icon indicating copy to clipboard operation
react-localize-redux copied to clipboard

Published 20 hours ago verified publisher icon ryandrewjohnson

Denial of Service Node Fetch

Open erwanriou opened this issue 4 years ago • 1 comments

Hello,

Just to inform that we currently have a small issue in one of the dependencies. https://npmjs.com/advisories/1556

erwanriou avatar Sep 22 '20 09:09 erwanriou

That advisory comes from node-fetch, which is used by isomorphic-fetch, which is used by fbjs, which is used by [email protected], which is used by react-localize-redux. create-react-context stopped using fbjs entirely in [email protected], which was released several years ago. So, all react-localize-redux needs to do is upgrade to [email protected].

There is a PR open to do this but despite being essentially a one-line change it has been open since November 2020 with no activity. And there has not been a new release of react-localize-redux for more than two years.

In other words it doesn't look like this is going to be fixed. Our options are to either manually ignore the advisory or stop using react-localize-redux.

s100 avatar May 04 '21 09:05 s100