[Bug] Denial of Service in Dependency node-fetch #140
Description
Version
1.9.0
Reproduction link
tomchentw/react-google-maps#1057
Operating System
ANY
Device
ANY
Browser & Version
ANY
Steps to reproduce
run npm audit
see: https://npmjs.com/advisories/1556
What is expected?
I reported issue
What is actually happening?
react-google-maps has not been maintained for 3 years.
Solution
Change libraries - there is a suggestion to use @react-google-maps
Additional comments
Keep up the good work!
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-google-maps │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-google-maps > recompose > fbjs > isomorphic-fetch > │
│ │ node-fetch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1556 │
└───────────────┴──────────────────────────────────────────────────────────────┘