gs1 / GS1_DigitalLink_Resolver_CE

The GS1 DigitalLink Resolver Community Edition
Apache License 2.0
41 stars 26 forks source link

[Snyk] Security upgrade node-fetch from 2.6.7 to 3.1.1 #45

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-fetch The new version differs by 187 commits.
  • 36e47e8 3.1.1 release (#1451)
  • 5304f3f Don't change relative location header on manual redirect (#1105)
  • f5d3cf5 fix(Headers): don't forward secure headers to 3th party (#1449)
  • f2c3d56 Create SECURITY.md (#1445)
  • 4ae3538 core: Warn when using data (#1421)
  • 41f53b9 fix: use more node: protocol imports (#1428)
  • f674875 ci: fix main branch (#1429)
  • 1493d04 core: Don't use global buffer (#1422)
  • eb33090 Chore: Fix logical operator priority (regression) to disallow GET/HEAD with non-empty body (#1369)
  • 7ba5bc9 update readme for TS @ type/node-fetch (#1405)
  • 6956bf8 core: Don't use buffer to make a blob (#1402)
  • 6e4c1e4 fix(Redirect): Better handle wrong redirect header in a response (#1387)
  • 2d5399e fix: handle errors from the request body stream (#1392)
  • 0284826 fix(http.request): Cast URL to string before sending it to NodeJS core (#1378)
  • 3f0e0c2 docs: Fix typo around sending a file (#1381)
  • 30c3cfe update fetch-blob (#1371)
  • 109bd21 release minor change (3.1.0) (#1364)
  • ff71348 docs: Update code examples (#1365)
  • 1068c8a template: Make PR template more task oriented (#1224)
  • 3944f24 feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData (#1314)
  • 37ac459 docs: Improve clarity of "Loading and configuring" (#1323)
  • a3a5b63 chore: Correct stuff in README.md (#1361)
  • ff7e950 Add typing for Response.redirect(url, status) (#1169)
  • 2d80b0b Add support for Referrer and Referrer Policy (#1057)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic