yarn audit problem with @material-ui/core

[klausi]

Hi,

yarn audit reports a security issue in the dependency graph of graphql-voyager. The solution would be to upgrade @material-ui/core, would that be a problem?

Steps to reproduce:

yarn add graphql-voyager
yarn audit

Result:

yarn audit v1.22.5
warning package.json: No license field
warning No license field
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ node-fetch                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ graphql-voyager                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ graphql-voyager > @material-ui/core > recompose > fbjs >     │
│               │ isomorphic-fetch > node-fetch                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1556                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 80
Severity: 1 Low

Thanks!

[setchy]

I believe this is the same as the PR I submitted a while back #174. Still waiting for a review and merge

[joaogarin]

I still get a vulnerability report for materal ui core. I think this might need some more work maybe with updating material ui core to v4

[setchy]

I have re-opened #174 and updated all minor and patch dependencies

[setchy]

Now we just need a maintainer to help @klausi