Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update node-fetch minimum #115

Merged
merged 4 commits into from
Apr 6, 2022
Merged

Update node-fetch minimum #115

merged 4 commits into from
Apr 6, 2022

Conversation

wbt
Copy link
Contributor

@wbt wbt commented Feb 16, 2022

@wbt wbt requested a review from a team as a code owner February 16, 2022 17:26
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I already looked at this in another repo, and this makes sense to me.

@mcmire mcmire merged commit 9c24f60 into MetaMask:main Apr 6, 2022
@wbt
Copy link
Contributor Author

wbt commented Apr 6, 2022

@mcmire thanks for the merge!
Note that the same high-severity vuln warning will continue showing up for MetaMask developer-users until MetaMask/web3-provider-engine#404 is merged as well. If you know who to poke for a review request on that, it could be helpful!

@mcmire
Copy link
Contributor

mcmire commented Apr 6, 2022

@wbt I can take a look. Note that we recommend people use json-rpc-engine instead of web3-provider-engine — we're trying to transition off of it internally ourselves. That said, I know people still rely on that package, so in the meantime, I'll ask and see if we can get a new release out with your PR.

@wbt
Copy link
Contributor Author

wbt commented Apr 6, 2022

@mcmire Thanks!
The dependency is indirect, via @truffle/hdwallet-provider. If you have collaboration with the Truffle folks, please work with them to do that migration off.

@wbt wbt deleted the patch-1 branch April 6, 2022 18:51
@mcmire
Copy link
Contributor

mcmire commented Apr 6, 2022

@wbt Ah, good to know, will reach out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants