search

Financial-Times / manage-github-apps

A CLI for managing the repositories of GitHub App installations
MIT License
1 stars 0 forks source link

[Snyk] Upgrade node-fetch from 2.6.1 to 2.6.7 #113

Closed jamesr101 closed 1 year ago

jamesr101 commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.7.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=node-fetch&from_version=2.6.1&to_version=2.6.7&pr_id=b28c5b64-18d9-43fe-90d9-017ce198dfbc&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **6 months ago**, on 2022-01-16. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-fetch
  • 2.6.7 - 2022-01-16

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    Full Changelog: v2.6.6...v2.6.7

  • 2.6.6 - 2021-10-31

    What's Changed

    • fix(URL): prefer built in URL version when available and fallback to whatwg by @ jimmywarting in #1352

    Full Changelog: v2.6.5...v2.6.6

  • 2.6.5 - 2021-09-22

    • fix: import whatwg-url in a way compatible with ESM Node

    • release: 2.6.5

  • 2.6.4 - 2021-09-21
  • 2.6.3 - 2021-09-20
    • fix: properly encode url with unicode characters
    • release: 2.6.3
  • 2.6.2 - 2021-09-06

    fixed main path in package.json

      </li>
  <li>
    <b>2.6.1</b> - 2020-09-05
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/node-fetch/node-fetch/releases">node-fetch GitHub release notes</a>

Commit messages
Package name: node-fetch
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.