You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pinned version of FBJS library includes a version of isomorphic-fetch which has a dependency on node-fetch which is now vulnerable please move the pinned version of fbjs to a greater version.
please pin fbjs to a more recent release
The text was updated successfully, but these errors were encountered:
It's not fbjs that's the problem. The problem is that glamor hasn't been updated in 5 years so it uses an old, deprecated version of fbjs that uses an old insecure version of node-fetch, and on top of that it uses core-js@1.2.7 which is ancient at this point and has a serious flaw that can cause random slowdowns by a factor of 100 according to npm. It seems there's still a lot of people using this package. I don't understand why it hasn't been updated in so long. In order to fix these issues, someone would have to update the package. There are 230 forks. Maybe someone has an updated version.
pinned version of FBJS library includes a version of isomorphic-fetch which has a dependency on node-fetch which is now vulnerable please move the pinned version of fbjs to a greater version.
please pin fbjs to a more recent release
The text was updated successfully, but these errors were encountered: