search

fewieden / MMM-soccer

European Soccer Standings Module for MagicMirror²
MIT License
31 stars 24 forks source link

[Snyk] Security upgrade node-fetch from 2.6.1 to 3.2.10 #59

Closed fewieden closed 12 months ago

fewieden commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-NODEFETCH-2964180](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-fetch The new version differs by 217 commits.
  • 2880238 fix: ReDoS referrer (#1611)
  • e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
  • bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
  • 95165d5 fix spelling (#1602)
  • 11b7033 fix: possibly flaky test (#1523)
  • 4f43c9e fix: always warn Request.data (#1550)
  • 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
  • a92b5d5 fix: use space in accept-encoding values (#1572)
  • 0f122b8 docs: fix formdata code example (#1562)
  • 6ae9c76 docs(readme): response.clone() is not async (#1560)
  • 043a5fc Fix leaking listeners (#1295) (#1474)
  • 004b3ac fix: don't uppercase unknown methods (#1542)
  • c33e393 Fix Code of Conduct link in Readme. (#1532)
  • 6875205 docs: Fix link markup to Options definition (#1525)
  • 6425e20 fix: handle bom in text and json (#1482)
  • a4ea5f9 fix: add missing formdata export to types (#1518)
  • 61b3b5a fix: cancel request example import (#1513)
  • 5e78af3 Replace changelog with valid url (#1506)
  • 9014db7 types: support `agent: false` (#1502)
  • 2e1f3a5 chore: fix typo in credential error message (#1496)
  • 4ce2ce5 docs(readme): fix typo (#1489)
  • ba23fd2 docs: remove the changelog (#1464)
  • 8fedc1b core: move support and feature to discussion (#1471)
  • 0b43b9f docs: update formdata example (#1465)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/fewieden/project/a134168e-d269-41a4-b6f4-c2f5b024f1f4?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/fewieden/project/a134168e-d269-41a4-b6f4-c2f5b024f1f4?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"c6bd464f-c288-4517-94ab-db12ff3b5c80","prPublicId":"c6bd464f-c288-4517-94ab-db12ff3b5c80","dependencies":[{"name":"node-fetch","from":"2.6.1","to":"3.2.10"}],"packageManager":"npm","projectPublicId":"a134168e-d269-41a4-b6f4-c2f5b024f1f4","projectUrl":"https://app.snyk.io/org/fewieden/project/a134168e-d269-41a4-b6f4-c2f5b024f1f4?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-NODEFETCH-2964180"],"upgrade":["SNYK-JS-NODEFETCH-2964180"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[768]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)
codecov-commenter commented 1 year ago

Codecov Report

Merging #59 (19e5915) into master (d255ec6) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##            master       #59   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           97        97           
=========================================
  Hits            97        97

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d255ec6...19e5915. Read the comment docs.