We are using google-gax in our project deployed on GCP account. in our yearly report we are getting issue with npm package node-fetch (^2.6.1) that should be update version 2.6.7 or higher.
Environment details
"The library node-fetch version 2.6.1 was detected in NPM library manager located at package-lock.json and is vulnerable to CVE-2022-0235, which exists in versions < 2.6.7.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Medium).
The vulnerability can be remediated by updating the library to version 2.6.7 or higher."
Hi there,
We are using google-gax in our project deployed on GCP account. in our yearly report we are getting issue with npm package node-fetch (^2.6.1) that should be update version
2.6.7or higher.Environment details
"The library
node-fetchversion2.6.1was detected inNPM library managerlocated atpackage-lock.jsonand is vulnerable toCVE-2022-0235, which exists in versions< 2.6.7.The vulnerability was found in the Github Security Advisory with vendor severity:
High(NVD severity:Medium).The vulnerability can be remediated by updating the library to version
2.6.7or higher."Thanks!