Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@ampproject/toolbox-optimizer > node-fetch vulnerability #17250

Closed
akash-joshi opened this issue Sep 21, 2020 · 4 comments
Closed

@ampproject/toolbox-optimizer > node-fetch vulnerability #17250

akash-joshi opened this issue Sep 21, 2020 · 4 comments
Labels
good first issue Easy to fix issues, good for newcomers
Milestone
iteration 15

Comments

@akash-joshi
Copy link

Bug report

Describe the bug

Version of @ampproject/toolbox-optimizer being used by Next 9.5.3 uses old node-fetch which now pops up as vulnerable

To Reproduce

  1. Go to your Terminal
  2. Run npm audit to see vulnerabilities.

Expected behavior

No vulnerabilities should be displayed on npm audit

Screenshots

NA

System information

  • OS: macOS
  • Version of Next.js: 9.5.3

Additional context

NA

Sorry to disturb you NextJS team, but if this is a bug which was missed, hope this report helps. If this is a problem from my side, do let me know :)
@timneutkens timneutkens added good first issue Easy to fix issues, good for newcomers kind: story labels Sep 21, 2020
@timneutkens timneutkens added this to the 9.x.x milestone Sep 21, 2020
@Timer Timer removed this from the 9.x.x milestone Sep 21, 2020
@timneutkens timneutkens added this to the 9.x.x milestone Sep 21, 2020
@timneutkens
Copy link
Member

Feel free to send a PR. The specific vulnerability does not apply to the dependency.

@joaogarin
Copy link

This should get fixed once this gets approved and released ampproject/amp-toolbox#921

@c0b41 c0b41 mentioned this issue Sep 28, 2020
Closed
@kachkaev kachkaev mentioned this issue Oct 20, 2020
Closed
@timneutkens timneutkens mentioned this issue Nov 9, 2020
Closed
@hirokisan hirokisan mentioned this issue Nov 17, 2020
Merged
@timneutkens
Copy link
Member

Solved in #19722

@Timer Timer modified the milestones: 10.x.x, iteration 15 Jan 6, 2021
@balazsorban44
Copy link
Member

This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.

@vercel vercel locked as resolved and limited conversation to collaborators Jan 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue Easy to fix issues, good for newcomers
Projects
None yet
Milestone
iteration 15
Development

No branches or pull requests
5 participants
@Timer @joaogarin @timneutkens @balazsorban44 @akash-joshi