Tfjs: tf-core depends on a node-fetch with vulnerabilities

Created on 15 Sep 2020  路  2Comments  路  Source: tensorflow/tfjs

tf-core depends on a node-fetch packages with vulnerabilities: ~2.1.2

Details in https://www.npmjs.com/advisories/1556

Because it is a ~ dependency, npm update doesn't update node-fetch to 2.6.1 which is the version that fix the vulnerability described in the advisory.

This matters as npm audit complains about it for projects that uses tf-core

core others
Source
picture hfiguiere
👍3

Most helpful comment

Any plans to release it?

picture Den-dp on 2 Oct 2020
👍3

All 2 comments

Related PR has been merged , Thank you

rthadur picture rthadur on 25 Sep 2020

Any plans to release it?

Den-dp picture Den-dp on 2 Oct 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rumschuettel picture rumschuettel  路  3Comments
rlexa picture rlexa  路  3Comments
pranayaryal picture pranayaryal  路  4Comments
KienPM picture KienPM  路  3Comments
JasonShin picture JasonShin  路  4Comments