MMM-soccer icon indicating copy to clipboard operation
MMM-soccer copied to clipboard

Published 20 hours ago verified publisher icon fewieden

[Snyk] Security upgrade node-fetch from 2.6.1 to 2.6.7

Open snyk-bot opened this issue 3 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-fetch The new version differs by 7 commits.
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 23 '22 16:01 snyk-bot

Codecov Report

Merging #54 (3f6ef5b) into master (d255ec6) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##            master       #54   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           97        97           
=========================================
  Hits            97        97

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d255ec6...3f6ef5b. Read the comment docs.

codecov-commenter avatar Jan 23 '22 16:01 codecov-commenter