nuxt
chore(deps): update dependency node-fetch to v2.6.7 [security]
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| node-fetch | 2.6.1 -> 2.6.7 |
GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
Release Notes
node-fetch/node-fetch (node-fetch)
v2.6.7
Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
What's Changed
- fix: don't forward secure headers to 3th party by @jimmywarting in #1453
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7
v2.6.6
What's Changed
- fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in #1352
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
fixed main path in package.json
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}