Skip to content

update deps#1480

Merged
goosewobbler merged 4 commits intodevelopfrom
update-deps-3
Mar 15, 2023
Merged

update deps#1480
goosewobbler merged 4 commits intodevelopfrom
update-deps-3

Conversation

@goosewobbler
Copy link
Contributor

No description provided.

@goosewobbler goosewobbler mentioned this pull request Mar 9, 2023
@socket-security
Copy link

socket-security bot commented Mar 9, 2023

Socket Security Pull Request Report

👍 No new dependency issues detected in pull request

Pull request report summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

Ignoring: [email protected], [email protected]

Powered by socket.dev

@goosewobbler
Copy link
Contributor Author

@SocketSecurity ignore [email protected] [email protected]

@goosewobbler goosewobbler added the dependencies Pull requests that update a dependency file label Mar 9, 2023
@mholtzman
Copy link
Collaborator

mholtzman commented Mar 10, 2023

@goosewobbler looks good to me. one thing I noticed when running and attempting to add a Lattice signer is this message:

(node:403101) ExperimentalWarning: The Fetch API is an experimental feature. This feature could change at any time

are they using the experimental Fetch API and, if so, are we OK w that?

@goosewobbler
Copy link
Contributor Author

goosewobbler commented Mar 10, 2023

@mholtzman Fetch is now opt-out, globally available since N18 but still "experimental".

https://nodejs.org/en/blog/announcements/v18-release-announce/#new-globally-available-browser-compatible-apis

See the SDK docs for their usage, seems they use native fetch if available and we have to explicitly patch it with node-fetch.
https://github.com/GridPlus/gridplus-sdk/blob/dev/docs/docs/intro.md

@mholtzman
Copy link
Collaborator

@mholtzman Fetch is now opt-out, globally available since N18 but still "experimental".

https://nodejs.org/en/blog/announcements/v18-release-announce/#new-globally-available-browser-compatible-apis

See the SDK docs for their usage, seems they use native fetch if available and we have to explicitly patch it with node-fetch. https://github.com/GridPlus/gridplus-sdk/blob/dev/docs/docs/intro.md

OK I think this is fine, just want to do a quick double check and make a note of it in case we see anything weird coming from its usage in any other parts of the app

@goosewobbler goosewobbler merged commit 257b000 into develop Mar 15, 2023
@goosewobbler goosewobbler deleted the update-deps-3 branch March 15, 2023 14:30
mholtzman pushed a commit that referenced this pull request Mar 21, 2023
Co-authored-by: goosewobbler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants