search

gs1 / GS1_DigitalLink_Resolver_CE

The GS1 DigitalLink Resolver Community Edition
Apache License 2.0
42 stars 26 forks source link

[Snyk] Upgrade node-fetch from 2.6.0 to 2.6.1 #23

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to upgrade node-fetch from 2.6.0 to 2.6.1.

:sparkles: Snyk has automatically assigned this pull request, set who gets assigned. :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service
SNYK-JS-NODEFETCH-674311		 520/1000
Why? Has a fix available, CVSS 5.9		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: node-fetch from node-fetch GitHub release notes
Commit messages
Package name: node-fetch
  • b5e2e41 update version number
  • 2358a6c Honor the `size` option after following a redirect and revert data uri support
  • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
  • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
  • 244e6f6 docs: Show backers in README
  • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
  • 47a24a0 chore: Add opencollective badge
  • 7b13662 chore: Add funding link
  • 5535c2e fix: Check for global.fetch before binding it (#674)
  • 1d5778a docs: Add Discord badge
  • eb3a572 feat: Data URI support (#659)
  • 086be6f Remove --save option as it isn't required anymore (#581)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs