search

GovTechSG / mcf-boilerplate-js

JavaScript boilerplates used in MyCareersFuture, moved to https://gitlab.com/mycf.sg/mcf-boilerplate-js
MIT License
3 stars 6 forks source link

[Snyk] Security upgrade node-fetch from 2.3.0 to 2.6.1 #93

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-fetch The new version differs by 34 commits.
  • b5e2e41 update version number
  • 2358a6c Honor the `size` option after following a redirect and revert data uri support
  • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
  • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
  • 244e6f6 docs: Show backers in README
  • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
  • 47a24a0 chore: Add opencollective badge
  • 7b13662 chore: Add funding link
  • 5535c2e fix: Check for global.fetch before binding it (#674)
  • 1d5778a docs: Add Discord badge
  • eb3a572 feat: Data URI support (#659)
  • 086be6f Remove --save option as it isn't required anymore (#581)
  • 95286f5 v2.6.0 (#638)
  • bf8b4e8 Allow agent option to be a function (#632)
  • 0c2294e 2.5.0 release (#630)
  • 0fc414c Allow third party blob implementation (#629)
  • d8f5ba0 build: disable generation of package-lock since it is not used (#623)
  • 1fe1358 test: enable --throw-deprecation for tests (#625)
  • a35dcd1 chore(deps): address deprecated url-search-params package (#622)
  • b3ecba5 2.4.1 release (#619)
  • 1a88481 Fix Blob for older node versions and webpack. (#618)
  • c9805a2 2.4.0 release (#616)
  • 49d7760 Pass custom timeout to subsequent requests on redirect (#615)
  • cfc8e5b Swap packagephobia badge for flat style (#592)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic