jacktuck / unfurl

Metadata scraper with support for oEmbed, Twitter Cards and Open Graph Protocol for Node.js :zap:
MIT License
481 stars 52 forks source link

[Snyk] Security upgrade cross-fetch from 3.0.4 to 3.0.6 #66

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 5.9
Denial of Service
SNYK-JS-NODEFETCH-674311
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cross-fetch The new version differs by 32 commits.
  • 14afdc1 3.0.6
  • 1d277e5 updated node-fetch to 2.6.1.
  • fa4f96f updated dev dependencies.
  • d5d7b9d Bump codecov from 3.7.0 to 3.7.1
  • 55a319e Updated text about isomorphic-fetch in README
  • c1354d3 3.0.5
  • a1da5de upgraded mocha to 8+.
  • bb2955a updated minor and patch version of dev dependencies.
  • 84328c7 updated dev dependencies.
  • 7cffb05 updated who's using section on README.
  • 0a95aef move "whatwg-fetch" in devDependencies
  • 7466f27 updated supported environments section on README.
  • 04ccbb2 updated supported node version.
  • 65dbae4 added tags to the package.
  • c3980f8 updated rollup module.
  • d88fcc1 updated lint-staged module.
  • e03d559 updated nyc module.
  • ea6cea4 updated semver module.
  • 06d4c56 updated ora module.
  • 4e1f857 upgraded node to version 10 due some dependencies incompatibility.
  • 48ae773 updated husky module.
  • 5fb0f3f updated nock module.
  • 038ff61 updated mocha module.
  • 69c5b54 updated sinon module.
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

coveralls commented 4 years ago

Coverage Status

Coverage remained the same at 98.452% when pulling 7a20780d6bec32d76fc069e2456b34212e306f53 on snyk-fix-efd7db4551a36cf1403924a20b54a3b9 into db57429b369bae7e22f6983a7e19832c54101491 on master.

coveralls commented 4 years ago

Coverage Status

Coverage remained the same at 98.452% when pulling 7a20780d6bec32d76fc069e2456b34212e306f53 on snyk-fix-efd7db4551a36cf1403924a20b54a3b9 into db57429b369bae7e22f6983a7e19832c54101491 on master.

coveralls commented 4 years ago

Coverage Status

Coverage remained the same at 98.452% when pulling 7a20780d6bec32d76fc069e2456b34212e306f53 on snyk-fix-efd7db4551a36cf1403924a20b54a3b9 into db57429b369bae7e22f6983a7e19832c54101491 on master.