CLAassistant
commented
3 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
This PR contains the following updates:
2.3.0->2.6.7GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch forwards secure headers such as
authorization,www-authenticate,cookie, &cookie2when redirecting to a untrusted site.Release Notes
node-fetch/node-fetch (node-fetch)
### [`v2.6.7`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.7) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7) ### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - fix: don't forward secure headers to 3th party by [@jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://redirect.github.com/node-fetch/node-fetch/pull/1453) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7 ### [`v2.6.6`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.6) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6) #### What's Changed - fix(URL): prefer built in URL version when available and fallback to whatwg by [@jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1352](https://redirect.github.com/node-fetch/node-fetch/pull/1352) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6 ### [`v2.6.5`](https://redirect.github.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/a41c469c6164e7175f39113c875a9ddd2f064504...v2.6.5) ### [`v2.6.4`](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.3...a41c469c6164e7175f39113c875a9ddd2f064504) ### [`v2.6.3`](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.2...v2.6.3) ### [`v2.6.2`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.2) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.2) fixed main path in package.json ### [`v2.6.1`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.1) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.0...v2.6.1) **This is an important security release. It is strongly recommended to update as soon as possible.** See [CHANGELOG](https://redirect.github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261) for details. ### [`v2.6.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.5.0...v2.6.0) See [CHANGELOG](https://redirect.github.com/bitinn/node-fetch/blob/v2.6.0/CHANGELOG.md#v260). ### [`v2.5.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.5.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.4.1...v2.5.0) See [CHANGELOG](https://redirect.github.com/bitinn/node-fetch/blob/v2.5.0/CHANGELOG.md#v250). ### [`v2.4.1`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.4.1) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.4.0...v2.4.1) See [CHANGELOG](https://redirect.github.com/bitinn/node-fetch/blob/v2.4.1/CHANGELOG.md#v241). ### [`v2.4.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.3.0...v2.4.0) See [CHANGELOG](https://redirect.github.com/bitinn/node-fetch/blob/v2.4.0/CHANGELOG.md#v240).Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.