search

posva / mande

<700 bytes convenient and modern wrapper around fetch with smart extensible defaults
https://mande.esm.is
MIT License
1.2k stars 42 forks source link

chore(deps): update dependency node-fetch to v3 [security] - autoclosed #301

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-fetch ^2.6.7 -> ^3.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Release Notes

node-fetch/node-fetch ### [`v3.1.1`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.1) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1) ##### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred ##### What's Changed - core: update fetch-blob by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1371](https://togithub.com/node-fetch/node-fetch/pull/1371) - docs: Fix typo around sending a file by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1381](https://togithub.com/node-fetch/node-fetch/pull/1381) - core: (http.request): Cast URL to string before sending it to NodeJS core by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1378](https://togithub.com/node-fetch/node-fetch/pull/1378) - core: handle errors from the request body stream by [@​mdmitry01](https://togithub.com/mdmitry01) in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392) - core: Better handle wrong redirect header in a response by [@​tasinet](https://togithub.com/tasinet) in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387) - core: Don't use buffer to make a blob by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1402](https://togithub.com/node-fetch/node-fetch/pull/1402) - docs: update readme for TS [@​types/node-fetch](https://togithub.com/types/node-fetch) by [@​adamellsworth](https://togithub.com/adamellsworth) in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405) - core: Fix logical operator priority to disallow GET/HEAD with non-empty body by [@​maxshirshin](https://togithub.com/maxshirshin) in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369) - core: Don't use global buffer by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1422](https://togithub.com/node-fetch/node-fetch/pull/1422) - ci: fix main branch by [@​dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1429](https://togithub.com/node-fetch/node-fetch/pull/1429) - core: use more node: protocol imports by [@​dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1428](https://togithub.com/node-fetch/node-fetch/pull/1428) - core: Warn when using data by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1421](https://togithub.com/node-fetch/node-fetch/pull/1421) - docs: Create SECURITY.md by [@​JamieSlome](https://togithub.com/JamieSlome) in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445) - core: don't forward secure headers to 3th party by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1449](https://togithub.com/node-fetch/node-fetch/pull/1449) ##### New Contributors - [@​mdmitry01](https://togithub.com/mdmitry01) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392) - [@​tasinet](https://togithub.com/tasinet) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387) - [@​adamellsworth](https://togithub.com/adamellsworth) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405) - [@​maxshirshin](https://togithub.com/maxshirshin) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369) - [@​JamieSlome](https://togithub.com/JamieSlome) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1 ### [`v3.1.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.0) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0) ##### What's Changed - fix(Body): Discourage form-data and buffer() by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1212](https://togithub.com/node-fetch/node-fetch/pull/1212) - fix: Pass url string to http.request by [@​serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268) - Fix octocat image link by [@​lakuapik](https://togithub.com/lakuapik) in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281) - fix(Body.body): Normalize `Body.body` into a `node:stream` by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/924](https://togithub.com/node-fetch/node-fetch/pull/924) - docs(Headers): Add default Host request header to README.md file by [@​robertoaceves](https://togithub.com/robertoaceves) in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316) - Update CHANGELOG.md by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1292](https://togithub.com/node-fetch/node-fetch/pull/1292) - Add highWaterMark to cloned properties by [@​davesidious](https://togithub.com/davesidious) in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162) - Update README.md to fix HTTPResponseError by [@​thedanfernandez](https://togithub.com/thedanfernandez) in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135) - docs: switch `url` to `URL` by [@​dhritzkiv](https://togithub.com/dhritzkiv) in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318) - fix(types): declare buffer() deprecated by [@​dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345) - chore: fix lint by [@​dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1348](https://togithub.com/node-fetch/node-fetch/pull/1348) - refactor: use node: prefix for imports by [@​dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1346](https://togithub.com/node-fetch/node-fetch/pull/1346) - Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319) - Bump mocha from 8.4.0 to 9.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1339](https://togithub.com/node-fetch/node-fetch/pull/1339) - Referrer and Referrer Policy by [@​tekwiz](https://togithub.com/tekwiz) in [https://github.com/node-fetch/node-fetch/pull/1057](https://togithub.com/node-fetch/node-fetch/pull/1057) - Add typing for Response.redirect(url, status) by [@​c-w](https://togithub.com/c-w) in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169) - chore: Correct stuff in README.md by [@​Jiralite](https://togithub.com/Jiralite) in [https://github.com/node-fetch/node-fetch/pull/1361](https://togithub.com/node-fetch/node-fetch/pull/1361) - docs: Improve clarity of "Loading and configuring" by [@​serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1323](https://togithub.com/node-fetch/node-fetch/pull/1323) - feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1314](https://togithub.com/node-fetch/node-fetch/pull/1314) - template: Make PR template more task oriented by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1224](https://togithub.com/node-fetch/node-fetch/pull/1224) - docs: Update code examples by [@​jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1365](https://togithub.com/node-fetch/node-fetch/pull/1365) ##### New Contributors - [@​serverwentdown](https://togithub.com/serverwentdown) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268) - [@​lakuapik](https://togithub.com/lakuapik) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281) - [@​robertoaceves](https://togithub.com/robertoaceves) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316) - [@​davesidious](https://togithub.com/davesidious) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162) - [@​thedanfernandez](https://togithub.com/thedanfernandez) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135) - [@​dhritzkiv](https://togithub.com/dhritzkiv) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318) - [@​dnalborczyk](https://togithub.com/dnalborczyk) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345) - [@​dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319) - [@​c-w](https://togithub.com/c-w) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0 ### [`v3.0.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.0.0) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.7...v3.0.0) version 3 is going out of a long beta period and switches to stable One major change is that it's now a ESM only package See [changelog](https://togithub.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md#v300) for more information about all the changes.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.