search

estruyf / doctor

Doctor - Maintain your documentation on SharePoint without pain.
http://getdoctor.io
MIT License
112 stars 17 forks source link

[Snyk] Upgrade node-fetch from 2.6.1 to 2.6.7 #139

Open estruyf opened 1 year ago

estruyf commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.7.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **a year ago**, on 2022-01-16. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-fetch
  • 2.6.7 - 2022-01-16

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    Full Changelog: v2.6.6...v2.6.7

  • 2.6.6 - 2021-10-31

    What's Changed

    • fix(URL): prefer built in URL version when available and fallback to whatwg by @ jimmywarting in #1352

    Full Changelog: v2.6.5...v2.6.6

  • 2.6.5 - 2021-09-22

    • fix: import whatwg-url in a way compatible with ESM Node

    • release: 2.6.5

  • 2.6.4 - 2021-09-21
  • 2.6.3 - 2021-09-20
    • fix: properly encode url with unicode characters
    • release: 2.6.3
  • 2.6.2 - 2021-09-06

    fixed main path in package.json

      </li>
  <li>
    <b>2.6.1</b> - 2020-09-05
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/node-fetch/node-fetch/releases">node-fetch GitHub release notes</a>

Commit messages
Package name: node-fetch
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
doctor ✅ Ready (Inspect) Visit Preview Jan 11, 2023 at 2:10AM (UTC)