Comments (6)
parithibang
commented on May 28, 2024
1
@rwlodarczyk-xealth @lquixada
May I know the update on this ticket as we are consuming this package and this is blocked for security issue.
Ref:
https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
from cross-fetch.
sokraflex
commented on May 28, 2024
We're using cross-fetch in many internal libraries, and #117 is critical; currently, many of our libraries are failing due to missing DNS caching when using node-fetch.
from cross-fetch.
rwlodarczyk-xealth
commented on May 28, 2024
We have the same concerns here. If this package updates itself to use node-fetch 3.2.10, that would be tremendously helpful. Please see the CVE that discusses the security issue.
from cross-fetch.
rwlodarczyk-xealth
commented on May 28, 2024
@lquixada, can you provide an update on this and fixing security issues in general?
from cross-fetch.
rwlodarczyk-xealth
commented on May 28, 2024
@lquixada Friendly reminder about this security issue. Any update?
from cross-fetch.
lquixada
commented on May 28, 2024
Starting from v3, node-fetch is an ESM-only module while cross-fetch is CommonJS compatible. If there's a security issue, a patch should be requested on node-fetch v2.x. FWIW [email protected] was recently released with [email protected].
from cross-fetch.
Related Issues (20)
- Cross fetch throw an error [ReferenceError: XMLHttpRequest is not defined] HOT 13
- CVE-2022-2596 (Medium) detected in node-fetch-2.6.7.tgz HOT 8
- URL object doesn't work when running test with Jest for React Native app HOT 1
- Upgrade to node-fetch 3.x using `node-fetch-cjs`? HOT 1
- Types for the polyfill? HOT 2
- Does not work in browser? (needs es module version?)
- Inconsistent behavior for headers with native Fetch API and whatwg-fetch HOT 2
- localhost is not resolving to 127.0.0.1 HOT 1
- logging feature: how could i see detailed logging of the requests that are being done for the purpose of debugging HOT 1
- failed reason: connect ETIMEDOUT
- Document Enhancement Suggestion: No Experimental Native Fetch in Node, Not an Issue Per Se HOT 2
- Magento 2 hacked and added this script which reaches this repo HOT 1
- TypeError: data.getReader is not a function HOT 3
- res.json() Error type instance HOT 1
- getting explicit polyfill doesn't seem to work after upgrade to v4 HOT 1
- Question: does global declaration need to be kept
- TypeScript conflicts with polyfill and cloudflare workers-types
- Could not catch Premature close error HOT 1
- Add support for agent property from node-fetch HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cross-fetch.