search

jefflau / jest-fetch-mock

Jest mock for fetch
MIT License
882 stars 116 forks source link

Fix node-fetch dependabot security alert #175

Closed jonatns closed 3 years ago

jonatns commented 3 years ago

Dependabot has reported a security alert for node-fetch which is a dependency of cross-fetch. The latest release of cross-fetch is v3.0.5 which contains the patch for node-fetch which is v2.6.1.

yinzara commented 3 years ago

Superceded by #180

jameslawson commented 3 years ago

Hi, we can please get a release for this security vulnerability soon as possible? It's creating technical debt for all the teams that use your package 😅 .....

The latest package published for me is still 3.0.3: https://www.npmjs.com/package/jest-fetch-mock and this is still using v3.0.4 of cross-fetch (https://unpkg.com/browse/jest-fetch-mock@3.0.3/package.json)

While you have bumped the version to v3.0.5 in #180 - as far as I can tell, you haven't released these changes? If it's easier for you, you could create a separate PR (like this one) that just fixes this dependency alone (without the typescript changes included).

jefflau commented 3 years ago

Sorry about this. I’ll take a look tonight

Sent from my iPhone

On Dec 18, 2020, at 8:48 PM, James Lawson notifications@github.com wrote:



Hi, we can please get a release for this security vulnerabilityhttps://www.npmjs.com/advisories/1556 soon as possible? It's creating technical debt for all the teams that use your package 😅 .....

The latest package published for me is still 3.0.3: https://www.npmjs.com/package/jest-fetch-mock and this is still using v3.0.4 of cross-fetch (https://unpkg.com/browse/jest-fetch-mock@3.0.3/package.json)

While you have bumped the version to v3.0.5 in #180https://github.com/jefflau/jest-fetch-mock/pull/180 - as far as I can tell, you haven't released these changes? If it's easier for you, you could create a separate PR (like this one) that just fixes this dependency alone (without the typescript changes included).

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/jefflau/jest-fetch-mock/pull/175#issuecomment-748066979, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJKEFNXV2FLJRPBDTKCM7LSVNFTDANCNFSM4RIFQUMQ.