pexels-api-wrapper icon indicating copy to clipboard operation
pexels-api-wrapper copied to clipboard
verified publisher icon cravindra

[Snyk] Security upgrade node-fetch from 1.7.3 to 2.6.7

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-fetch The new version differs by 240 commits.
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
  • b5e2e41 update version number
  • 2358a6c Honor the `size` option after following a redirect and revert data uri support
  • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
  • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
  • 244e6f6 docs: Show backers in README
  • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
  • 47a24a0 chore: Add opencollective badge
  • 7b13662 chore: Add funding link
  • 5535c2e fix: Check for global.fetch before binding it (#674)
  • 1d5778a docs: Add Discord badge
  • eb3a572 feat: Data URI support (#659)
  • 086be6f Remove --save option as it isn't required anymore (#581)
  • 95286f5 v2.6.0 (#638)
  • bf8b4e8 Allow agent option to be a function (#632)
  • 0c2294e 2.5.0 release (#630)
  • 0fc414c Allow third party blob implementation (#629)
  • d8f5ba0 build: disable generation of package-lock since it is not used (#623)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 18 '22 17:01 snyk-bot