Closed bijesh closed 1 year ago
will this get merged? 3.1.5 still has node-fetch 2.6.7
Hi @bijesh just wonder when will this PR get merged? Since CVE-2022-2596 (Medium) was detected in node-fetch-2.6.7.tgz
@YokkiShi sorry I don't have permission to merge this pull request
@lquixada are you please able to to merge this PR or suggest anyone who can do the merge.
Hello @lquixada, can you please consider merging this PR? It's quite needed. Thanks
@lquixada, can you merge this PR and release a new version of cross-fetch
, please?
node-fetch
from v3 is an ESM-only module and cross-fetch
is CommonJS compatible. If there's a security issue, a patch should be requested on node-fetch v2.x
. FWIW cross-fetch@3.1.6
was released this morning with node-fetch@2.6.11
.
There is some vulnerabilities found in the node-fetch package https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d https://cwe.mitre.org/data/definitions/400