codecov[bot]
commented
2 years ago Codecov Report
Merging #1201 (b893abf) into master (6403701) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #1201 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 5 5
Lines 38 38
=========================================
Hits 38 38 Continue to review full report at Codecov.
Legend - Click here to learn more
Ξ = absolute <relative> (impact),ΓΈ = not affected,? = missing dataPowered by Codecov. Last update 6403701...b893abf. Read the comment docs.
This PR contains the following updates:
1.7.3->2.6.12.6.6->2.6.7GitHub Vulnerability Alerts
CVE-2020-15168
Impact
Node Fetch did not honor the
sizeoption after following a redirect, which means that when a content size was over the limit, aFetchErrorwould never get thrown and the process would end without failure.For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after
fetch()has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.Patches
We released patched versions for both stable and beta channels:
v2: 2.6.1v3: 3.0.0-beta.9Workarounds
None, it is strongly recommended to update as soon as possible.
For more information
If you have any questions or comments about this advisory:
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Configuration
π Schedule: "" (UTC).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by WhiteSource Renovate. View repository job log here.