Closed jonatns closed 3 years ago
Superceded by #180
Hi, we can please get a release for this security vulnerability soon as possible? It's creating technical debt for all the teams that use your package 😅 .....
The latest package published for me is still 3.0.3: https://www.npmjs.com/package/jest-fetch-mock and this is still using v3.0.4 of cross-fetch (https://unpkg.com/browse/jest-fetch-mock@3.0.3/package.json)
While you have bumped the version to v3.0.5 in #180 - as far as I can tell, you haven't released these changes? If it's easier for you, you could create a separate PR (like this one) that just fixes this dependency alone (without the typescript changes included).
Sorry about this. I’ll take a look tonight
Sent from my iPhone
On Dec 18, 2020, at 8:48 PM, James Lawson notifications@github.com wrote:

Hi, we can please get a release for this security vulnerabilityhttps://www.npmjs.com/advisories/1556 soon as possible? It's creating technical debt for all the teams that use your package 😅 .....
The latest package published for me is still 3.0.3: https://www.npmjs.com/package/jest-fetch-mock and this is still using v3.0.4 of cross-fetch (https://unpkg.com/browse/jest-fetch-mock@3.0.3/package.json)
While you have bumped the version to v3.0.5 in #180https://github.com/jefflau/jest-fetch-mock/pull/180 - as far as I can tell, you haven't released these changes? If it's easier for you, you could create a separate PR (like this one) that just fixes this dependency alone (without the typescript changes included).
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/jefflau/jest-fetch-mock/pull/175#issuecomment-748066979, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJKEFNXV2FLJRPBDTKCM7LSVNFTDANCNFSM4RIFQUMQ.
Dependabot has reported a security alert for node-fetch which is a dependency of cross-fetch. The latest release of cross-fetch is v3.0.5 which contains the patch for node-fetch which is v2.6.1.