apollo-datasource-http icon indicating copy to clipboard operation
apollo-datasource-http copied to clipboard
verified publisher icon StarpTech

chore: update dependencies based on npm audit

Open wcatron opened this issue 3 years ago • 3 comments

  • move undici to peer dependency to allow greater flexibility for consumers to upgrade
  • upgrade undici to at least version 5 to resolve security vulnerability
  • update tests for AVA 4

wcatron avatar Oct 06 '22 15:10 wcatron

@StarpTech We've just moved from rest to http data source, but we are unable to deploy due to security vulnerabilities and would really appreciate if this PR can be merged. Do you think that's possible? Thank you, and thanks to @wcatron for the PR 🥇

gabrielbahniuk avatar Oct 24 '22 13:10 gabrielbahniuk

Hey guys, any updates on this matter? I'll problably need to migrate to another library due to this security issue 😞

rbschumacher avatar May 31 '23 15:05 rbschumacher

Hi, I'm longer using this module in production. It's more or less unmaintained. I'm open to contributors. Please contact me on Twitter.

StarpTech avatar May 31 '23 16:05 StarpTech