We are using google-gax in our project deployed on GCP account. in our yearly report we are getting issue with npm package node-fetch (^2.6.1) that should be update version 2.6.7 or higher.
Environment details
"The library node-fetch version 2.6.1 was detected in NPM library manager located at package-lock.json and is vulnerable to CVE-2022-0235, which exists in versions < 2.6.7.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Medium).
The vulnerability can be remediated by updating the library to version 2.6.7 or higher."
Hi there,
We are using google-gax in our project deployed on GCP account. in our yearly report we are getting issue with npm package node-fetch (^2.6.1) that should be update version
2.6.7
or higher.Environment details
"The library
node-fetch
version2.6.1
was detected inNPM library manager
located atpackage-lock.json
and is vulnerable toCVE-2022-0235
, which exists in versions< 2.6.7
.The vulnerability was found in the Github Security Advisory with vendor severity:
High
(NVD severity:Medium
).The vulnerability can be remediated by updating the library to version
2.6.7
or higher."Thanks!