search

JounQin / blog

a Blog system built on GitHub GraphQL API with Vue SSR
https://blog.1stG.me
MIT License
13 stars 2 forks source link

fix(deps): update dependency node-fetch to v2.6.7 [security] - autoclosed #435

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-fetch 2.6.1 -> 2.6.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Release Notes

node-fetch/node-fetch ### [`v2.6.7`](https://togithub.com/node-fetch/node-fetch/releases/tag/v2.6.7) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7) ### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - fix: don't forward secure headers to 3th party by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://togithub.com/node-fetch/node-fetch/pull/1453) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7 ### [`v2.6.6`](https://togithub.com/node-fetch/node-fetch/releases/tag/v2.6.6) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6) #### What's Changed - fix(URL): prefer built in URL version when available and fallback to whatwg by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1352](https://togithub.com/node-fetch/node-fetch/pull/1352) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6 ### [`v2.6.5`](https://togithub.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) ### [`v2.6.4`](https://togithub.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) ### [`v2.6.3`](https://togithub.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) ### [`v2.6.2`](https://togithub.com/node-fetch/node-fetch/releases/tag/v2.6.2) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.2) fixed main path in package.json

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

changeset-bot[bot] commented 1 year ago

⚠️ No Changeset found

Latest commit: b1c9cf741ad720823ff07865ea482b7733c9b6f5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR