Closed renovate[bot] closed 2 years ago
vercel[bot]
commented
2 years ago This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.
🔍 Inspect: https://vercel.com/schniz/clio-ts/Uj3dSWijFVieAjsEvFq5X8RS1cnZ
✅ Preview: https://clio-ts-git-renovate-npm-node-fetch-vulnerability-schniz.vercel.app
changeset-bot[bot]
commented
2 years ago Latest commit: d112070f5f23158008ca0fd4c8edf072bc53ab5c
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
vercel[bot]
commented
2 years ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Updated |
|---|---|---|---|
| cmd-ts | ✅ Ready (Inspect) | Visit Preview | May 17, 2022 at 10:28AM (UTC) |
This PR contains the following updates:
2.6.1->2.6.7GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Release Notes
node-fetch/node-fetch
### [`v2.6.7`](https://togithub.com/node-fetch/node-fetch/releases/v2.6.7) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7) ### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - fix: don't forward secure headers to 3th party by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://togithub.com/node-fetch/node-fetch/pull/1453) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7 ### [`v2.6.6`](https://togithub.com/node-fetch/node-fetch/releases/v2.6.6) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6) #### What's Changed - fix(URL): prefer built in URL version when available and fallback to whatwg by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1352](https://togithub.com/node-fetch/node-fetch/pull/1352) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6 ### [`v2.6.5`](https://togithub.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) ### [`v2.6.4`](https://togithub.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) ### [`v2.6.3`](https://togithub.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) ### [`v2.6.2`](https://togithub.com/node-fetch/node-fetch/releases/v2.6.2) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.2) fixed main path in package.jsonConfiguration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.