This repository has been archived by the owner on Nov 15, 2024. It is now read-only.

[Snyk] Upgrade node-fetch from 2.6.1 to 2.6.7 #5

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-8b6b3b99fe37b4eaa3090e34996cdc34

snyk-bot commented Aug 29, 2022

Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 6 versions ahead of your current version.
The recommended version was released 7 months ago, on 2022-01-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Information Exposure SNYK-JS-NODEFETCH-2342118	539/1000 Why? Has a fix available, CVSS 6.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

2.6.7 - 2022-01-16
Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed
- fix: don't forward secure headers to 3th party by @ jimmywarting in #1453
Full Changelog: v2.6.6...v2.6.7
2.6.6 - 2021-10-31
What's Changed
- fix(URL): prefer built in URL version when available and fallback to whatwg by @ jimmywarting in #1352
Full Changelog: v2.6.5...v2.6.6
2.6.5 - 2021-09-22
- fix: import whatwg-url in a way compatible with ESM Node
- release: 2.6.5
2.6.4 - 2021-09-21
2.6.3 - 2021-09-20
- fix: properly encode url with unicode characters
- release: 2.6.3
2.6.2 - 2021-09-06
fixed main path in package.json
2.6.1 - 2020-09-05

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

1ef4b56 backport of Add notes on API requirements to markdown docs for InSpec generated r… GoogleCloudPlatform/magic-modules#1449 (Remember to set gcr domain in AppEngine Read. GoogleCloudPlatform/magic-modules#1453)
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (Inspec url map GoogleCloudPlatform/magic-modules#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (Update the googlesource cookie for the Terraform providers. GoogleCloudPlatform/magic-modules#1352)
b5417ae fix: import whatwg-url in a way compatible with ESM Node (Add HTTP health check for InSpec GoogleCloudPlatform/magic-modules#1303)
18193c5 fix v2.6.3 that did not sending query params (Catch bad state in common and compute operations GoogleCloudPlatform/magic-modules#1301)
ace7536 fix: properly encode url with unicode characters (Inline Terraform override helpers GoogleCloudPlatform/magic-modules#1291)
152214c Fix(package.json): Corrected main file path in package.json (Add cloudbuild trigger InSpec resource GoogleCloudPlatform/magic-modules#1274)

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade node-fetch from 2.6.1 to 2.6.7

7b12e3c

Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.7.

See this package in npm:
https://www.npmjs.com/package/node-fetch

See this project in Snyk:
https://app.snyk.io/org/violethaze74/project/183c0fb8-ac72-426e-8756-079eb3f0754a?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet