From fd15a9283641f6a99faa31a7f5d452402b87a93e Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Mon, 14 Sep 2020 15:06:26 +0200
Subject: [PATCH] security(gatsby-admin): switch isomorphic-fetch to
 cross-fetch

* Remove unused isomorphic-fetch package

* fix(gatsby-recipes): switch from isomorphic-fetch to cross-fetch

Original commit: https://github.com/gatsbyjs/gatsby/pull/26709/commits/694f9e608e1f8bf2f60fa0d45e563e030d36830b

* Upgrade cross-fetch to 3.0.6

Co-authored-by: Adam Schay <adamschay@gmail.com>
---
 .../src/components/recipes-gui/index.js       |  2 +-
 packages/gatsby-recipes/package.json          |  2 +-
 yarn.lock                                     | 25 +++++++++++--------
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/packages/gatsby-admin/src/components/recipes-gui/index.js b/packages/gatsby-admin/src/components/recipes-gui/index.js
index 4cc8aef861a72..c9544981176ef 100644
--- a/packages/gatsby-admin/src/components/recipes-gui/index.js
+++ b/packages/gatsby-admin/src/components/recipes-gui/index.js
@@ -10,7 +10,7 @@ import { createUrqlClient } from "../../urql-client"
 import { useMutation, useSubscription } from "urql"
 
 import lodash from "lodash"
-import fetch from "isomorphic-fetch"
+import fetch from "cross-fetch"
 
 import { Button, Heading } from "gatsby-interface"
 import { StepRenderer } from "gatsby-recipes/components"
diff --git a/packages/gatsby-recipes/package.json b/packages/gatsby-recipes/package.json
index 66f6d07c50d8a..666d6e4e15a20 100644
--- a/packages/gatsby-recipes/package.json
+++ b/packages/gatsby-recipes/package.json
@@ -33,6 +33,7 @@
     "concurrently": "^5.0.0",
     "contentful-management": "^5.26.3",
     "cors": "^2.8.5",
+    "cross-fetch": "^3.0.6",
     "debug": "^4.1.1",
     "detect-port": "^1.3.0",
     "dotenv": "^8.2.0",
@@ -55,7 +56,6 @@
     "ink-box": "^1.0.0",
     "is-binary-path": "^2.1.0",
     "is-url": "^1.2.4",
-    "isomorphic-fetch": "^2.1.0",
     "jest-diff": "^25.5.0",
     "lock": "^1.0.0",
     "lodash": "^4.17.20",
diff --git a/yarn.lock b/yarn.lock
index b5007e8e9ff27..d23e3ee07a8cd 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7666,6 +7666,13 @@ cross-fetch@3.0.5:
   dependencies:
     node-fetch "2.6.0"
 
+cross-fetch@^3.0.6:
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.0.6.tgz#3a4040bc8941e653e0e9cf17f29ebcd177d3365c"
+  integrity sha512-KBPUbqgFjzWlVcURG+Svp9TlhA5uliYtiNx/0r8nv0pdypeQCRJ9IaSIc3q/x3q8t3F75cHuwxVql1HFGHCNJQ==
+  dependencies:
+    node-fetch "2.6.1"
+
 cross-spawn@5.1.0, cross-spawn@^5.0.1, cross-spawn@^5.1.0:
   version "5.1.0"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-5.1.0.tgz#e8bd0efee58fcff6f8f94510a0a554bbfa235449"
@@ -13582,14 +13589,6 @@ isobject@^4.0.0:
   resolved "https://registry.yarnpkg.com/isobject/-/isobject-4.0.0.tgz#3f1c9155e73b192022a80819bacd0343711697b0"
   integrity sha512-S/2fF5wH8SJA/kmwr6HYhK/RI/OkhD84k8ntalo0iJjZikgq1XFvR5M8NPT1x5F7fBwCG3qHfnzeP/Vh/ZxCUA==
 
-isomorphic-fetch@^2.1.0:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/isomorphic-fetch/-/isomorphic-fetch-2.2.1.tgz#611ae1acf14f5e81f729507472819fe9733558a9"
-  integrity sha1-YRrhrPFPXoH3KVB0coGf6XM1WKk=
-  dependencies:
-    node-fetch "^1.0.1"
-    whatwg-fetch ">=0.10.0"
-
 isstream@~0.1.2:
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
@@ -16857,9 +16856,15 @@ node-fetch@2.6.0, node-fetch@^2.3.0, node-fetch@^2.5.0, node-fetch@^2.6.0:
   version "2.6.0"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
 
-node-fetch@^1.0.1, node-fetch@^1.7.3:
+node-fetch@2.6.1:
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
+  integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
+
+node-fetch@^1.7.3:
   version "1.7.3"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-1.7.3.tgz#980f6f72d85211a5347c6b2bc18c5b84c3eb47ef"
+  integrity sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==
   dependencies:
     encoding "^0.1.11"
     is-stream "^1.0.1"
@@ -25341,7 +25346,7 @@ whatwg-fetch@2.0.4:
   version "2.0.4"
   resolved "http://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-2.0.4.tgz#dde6a5df315f9d39991aa17621853d720b85566f"
 
-whatwg-fetch@>=0.10.0, whatwg-fetch@^3.4.0:
+whatwg-fetch@^3.4.0:
   version "3.4.0"
   resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.4.0.tgz#e11de14f4878f773fbebcde8871b2c0699af8b30"
   integrity sha512-rsum2ulz2iuZH08mJkT0Yi6JnKhwdw4oeyMjokgxd+mmqYSd9cPpOQf01TIWgjxG/U4+QR+AwKq6lSbXVxkyoQ==