cross-fetch icon indicating copy to clipboard operation
cross-fetch copied to clipboard

Published 20 hours ago verified publisher icon lquixada

chore: updated node-fetch version to 3.2.10

Open bijesh opened this issue 3 years ago • 1 comments

There is some vulnerabilities found in the node-fetch package https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d https://cwe.mitre.org/data/definitions/400

bijesh avatar Aug 13 '22 12:08 bijesh

will this get merged? 3.1.5 still has node-fetch 2.6.7

judehansen avatar Sep 14 '22 23:09 judehansen

Hi @bijesh just wonder when will this PR get merged? Since CVE-2022-2596 (Medium) was detected in node-fetch-2.6.7.tgz

YokkiShi avatar Nov 30 '22 17:11 YokkiShi

@YokkiShi sorry I don't have permission to merge this pull request

bijesh avatar Dec 12 '22 11:12 bijesh

@lquixada are you please able to to merge this PR or suggest anyone who can do the merge.

bijesh avatar Dec 12 '22 11:12 bijesh

Hello @lquixada, can you please consider merging this PR? It's quite needed. Thanks

CarlosRGL avatar Feb 07 '23 22:02 CarlosRGL

@lquixada, can you merge this PR and release a new version of cross-fetch, please?

rwlodarczyk-xealth avatar Mar 06 '23 19:03 rwlodarczyk-xealth

node-fetch from v3 is an ESM-only module and cross-fetch is CommonJS compatible. If there's a security issue, a patch should be requested on node-fetch v2.x. FWIW [email protected] was released this morning with [email protected].

lquixada avatar May 14 '23 23:05 lquixada