Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Version of @tensorflow/tfjs-core is outdated and depends on vulnerable node-fetch

See original GitHub issue

There is a vulnerability in node-fetch which has been patched and the latest @tensorflow/tfjs-core pulls the patched version, however the version of @tensorflow/tfjs-core used in this repo is outdated and therefore does not pull the patch. Would it be possible to upgrade @tensorflow/tfjs-core?

Issue Analytics

State:
Created 2 years ago
Comments:8 (8 by maintainers)

Top GitHub Comments

1reaction

RafaelGSScommented, Jan 31, 2022

I think today.

1reaction

RafaelGSScommented, Jan 27, 2022

@marian-r I have created a fix for you in the hidden-markov-model repo. When it releases you can start updating this repo 😄

Top Results From Across the Web

tf-core depends on a node-fetch with vulnerabilities #3931

Because it is a ~ dependency, npm update doesn't update node-fetch to 2.6.1 which is the version that fix the vulnerability described in...

tfjs-core-fetch-fix - npm Package Health Analysis - Snyk

The npm package tfjs-core-fetch-fix was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as...

@tensorflow/tfjs-core - npm

Hardware-accelerated JavaScript library for machine intelligence. Latest version: 4.1.0, last published: a month ago.

How to fix node.js vulnerabilities - Stack Overflow

Below are the vulnerabilities that I get: -You can see that all vulnerabilities depend on node-fetch <=2.6.6 When I look upon how to...

@tensorflow/tfjs-core | Yarn - Package Manager

Execute native TensorFlow with the same TensorFlow.js API under the Node.js runtime.