Fix vulnerability related to old node fetch #333

yizheliu-amazon · 2020-11-25T00:08:22Z

https://github.com/opendistro-for-elasticsearch/anomaly-detection-kibana-plugin/network/alert/yarn.lock/node-fetch/open

 Dependabot cannot update node-fetch to a non-vulnerable version
The latest possible version that can be installed is 1.7.3 because of the following conflicting dependency:

formik@1.5.8 requires node-fetch@^1.0.1 via a transitive dependency on isomorphic-fetch@2.2.1
The earliest fixed version is 2.6.1.

The text was updated successfully, but these errors were encountered:

…-elasticsearch#333

yizheliu-amazon mentioned this issue Nov 25, 2020

upgrade dependency ua-parser-js-0.7.21.tgz #331

Closed

yizheliu-amazon added a commit to yizheliu-amazon/anomaly-detection-kibana-plugin that referenced this issue Nov 25, 2020

Fix vulnerability caused by old version formik. Issue: opendistro-for…

4016687

…-elasticsearch#333

yizheliu-amazon mentioned this issue Nov 25, 2020

Fix vulnerability caused by old version formik. Issue: #333 #334

Merged

yizheliu-amazon changed the title ~~upgrade node fetch to 2.6.1 or above~~ Fix vulnerability related to old node fetch Nov 25, 2020

yizheliu-amazon added a commit that referenced this issue Nov 25, 2020

Fix vulnerability caused by old version formik. Issue: #333 (#334)

ec42b9f

yizheliu-amazon closed this as completed Nov 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix vulnerability related to old node fetch #333

Fix vulnerability related to old node fetch #333

yizheliu-amazon commented Nov 25, 2020

Fix vulnerability related to old node fetch #333

Fix vulnerability related to old node fetch #333

Comments

yizheliu-amazon commented Nov 25, 2020