Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixes #280 node-fetch > 3 requires ESM; 2.9.0 broken #285

Merged
merged 1 commit into from
Feb 3, 2022
Merged

fixes #280 node-fetch > 3 requires ESM; 2.9.0 broken #285

merged 1 commit into from
Feb 3, 2022

Conversation

clavery
Copy link
Contributor

@clavery clavery commented Feb 1, 2022
edited
Loading

fixes #280

node-fetch > 3 requires ESM but was updated by snyk automatically; this
breaks anything using the lib/slas.js file (as well as projects using
this as a library). i.e. 2.9.0 is broken in many use cases due to this
dependency.

2.6.7 is fixed anyway according to the snyk vulnerability that triggered
the initial upgrade of the major version
(https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) so this is
unlikely to reoccur. However we may also want to prevent it from
trying a major update again via configuration.

@clavery
fixes #280 node-fetch > 3 requires ESM; 2.9.0 broken
1ef223e 
node-fetch > 3 requires ESM but was updated by snyk automatically; this
breaks anything using the lib/slas.js file (as well as projects using
this as a library). i.e. 2.9.0 is broken in many use cases due to this
dependency.

2.6.7 is fixed anyway according to the snyk vulnerability that triggered
the initial upgrade of the major version
(https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) so this is
unlikely to reoccur. However we may also want to prevent it from
trying a major update again via configuration.
@tobiaslohr
Copy link
Contributor

Thanks a lot for fixing @clavery! I see, that it's essentially a revert of #270, except that node-fetch v2.6.7 is used instead of v3.1.1.

@tobiaslohr tobiaslohr added the bug Something isn't working label Feb 3, 2022
@tobiaslohr tobiaslohr added this to the 2.9.1 milestone Feb 3, 2022
@tobiaslohr tobiaslohr merged commit 2331993 into SalesforceCommerceCloud:master Feb 3, 2022
@tobiaslohr tobiaslohr mentioned this pull request Feb 3, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobiaslohr tobiaslohr tobiaslohr approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
2.9.1
Development

Successfully merging this pull request may close these issues.

2.9.0 updated node-fetch
2 participants
@clavery @tobiaslohr