search

mondaycom / monday-sdk-js

Node.js and JavaScript SDK for developing over the monday.com platform
https://monday.com
MIT License
87 stars 39 forks source link

[Snyk] Upgrade node-fetch from 2.6.0 to 2.6.7 #56

Closed parahall closed 1 year ago

parahall commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade node-fetch from 2.6.0 to 2.6.7.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **7 versions** ahead of your current version. - The recommended version was released **3 months ago**, on 2022-01-16. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Denial of Service
[SNYK-JS-NODEFETCH-674311](https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311) | **520/1000**
**Why?** Has a fix available, CVSS 5.9 | No Known Exploit | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **520/1000**
**Why?** Has a fix available, CVSS 5.9 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-fetch
  • 2.6.7 - 2022-01-16

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    Full Changelog: v2.6.6...v2.6.7

  • 2.6.6 - 2021-10-31

    What's Changed

    • fix(URL): prefer built in URL version when available and fallback to whatwg by @ jimmywarting in #1352

    Full Changelog: v2.6.5...v2.6.6

  • 2.6.5 - 2021-09-22

    • fix: import whatwg-url in a way compatible with ESM Node

    • release: 2.6.5

  • 2.6.4 - 2021-09-21
  • 2.6.3 - 2021-09-20
    • fix: properly encode url with unicode characters
    • release: 2.6.3
  • 2.6.2 - 2021-09-06

    fixed main path in package.json

      </li>
  <li>
    <b>2.6.1</b> - 2020-09-05
  </li>
  <li>
    <b>2.6.0</b> - 2019-05-16
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/node-fetch/node-fetch/releases">node-fetch GitHub release notes</a>

Commit messages
Package name: node-fetch
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
  • b5e2e41 update version number
  • 2358a6c Honor the `size` option after following a redirect and revert data uri support
  • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
  • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
  • 244e6f6 docs: Show backers in README
  • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
  • 47a24a0 chore: Add opencollective badge
  • 7b13662 chore: Add funding link
  • 5535c2e fix: Check for global.fetch before binding it (#674)
  • 1d5778a docs: Add Discord badge
  • eb3a572 feat: Data URI support (#659)
  • 086be6f Remove --save option as it isn't required anymore (#581)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs