You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2018-3737 was raised against a project I maintain because of this dependency chain:
sshpk <- http-signature <- request <- dugite
request is a very featured library but I don't think we have a need for most of what it's doing, particular when it's pulling in a dependency like sshpk.
I would be interested in migrating this library to use got, which is a simpler library, based on what the Electron team do inside electron-download.
The text was updated successfully, but these errors were encountered:
When I need to do HTTP requests in Node, I use node-fetch or isomorphic-fetch since the fetch API is pretty easy to use and it’s supported in the browser too.
@j-f1 i'm essentially looking for something that's got as few dependencies as possible to achieve the job of downloading an archive - it's a dependency only because we need it to install the right native package, but after that it's not needed for any functionality within dugite. With that in mind, node-fetch does look like a good candidate.
CVE-2018-3737
was raised against a project I maintain because of this dependency chain:sshpk
<-http-signature
<-request
<-dugite
request
is a very featured library but I don't think we have a need for most of what it's doing, particular when it's pulling in a dependency likesshpk
.I would be interested in migrating this library to use
got
, which is a simpler library, based on what the Electron team do insideelectron-download
.The text was updated successfully, but these errors were encountered: