New vulnerability - Githubissues

mapbox / node-pre-gyp

Node.js tool for easy binary deployment of C++ addons

BSD 3-Clause "New" or "Revised" License

1.11k stars 263 forks source link

New vulnerability #633

Closed opravil-jan closed 2 years ago

opravil-jan commented 2 years ago

Hi, in package node-fetch is vulnerability. Can you fix it please?


node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g

Thanks

cjwilsontech commented 2 years ago

Created a PR to fix. https://github.com/mapbox/node-pre-gyp/pull/634

axrj commented 2 years ago

Hi, this is fixed in v1.0.9.