Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency node-fetch to v2.6.7 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency node-fetch to v2.6.7 #10

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 6, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change
node-fetch dependencies patch 2.6.1 -> 2.6.7

By merging this PR, the issue #14 will be automatically resolved and closed:

Severity CVSS Score CVE
Medium Medium 6.1 CVE-2022-0235

Release Notes

node-fetch/node-fetch (node-fetch)

v2.6.7

Compare Source

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

Compare Source

What's Changed

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.5

Compare Source

v2.6.4

Compare Source

v2.6.3

Compare Source

v2.6.2

Compare Source

fixed main path in package.json

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jul 6, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency node-fetch to v2.6.7 Update dependency node-fetch to v2.6.7 - autoclosed Aug 3, 2022
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/node-fetch-2.x-lockfile branch August 3, 2022 18:10
@mend-for-github-com mend-for-github-com bot changed the title Update dependency node-fetch to v2.6.7 - autoclosed Update dependency node-fetch to v2.6.7 Aug 5, 2022
@mend-for-github-com mend-for-github-com bot reopened this Aug 5, 2022
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/node-fetch-2.x-lockfile branch August 5, 2022 01:55
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/node-fetch-2.x-lockfile branch 10 times, most recently from 105e0e9 to a436c40 Compare February 10, 2023 15:04
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/node-fetch-2.x-lockfile branch from a436c40 to d24dff2 Compare February 10, 2023 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants