pattern icon indicating copy to clipboard operation
pattern copied to clipboard

Published 20 hours ago verified publisher icon plaid

[Snyk] Security upgrade node-fetch from 2.3.0 to 3.1.1

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • server/package.json
    • server/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-fetch The new version differs by 219 commits.
  • 36e47e8 3.1.1 release (#1451)
  • 5304f3f Don't change relative location header on manual redirect (#1105)
  • f5d3cf5 fix(Headers): don't forward secure headers to 3th party (#1449)
  • f2c3d56 Create SECURITY.md (#1445)
  • 4ae3538 core: Warn when using data (#1421)
  • 41f53b9 fix: use more node: protocol imports (#1428)
  • f674875 ci: fix main branch (#1429)
  • 1493d04 core: Don't use global buffer (#1422)
  • eb33090 Chore: Fix logical operator priority (regression) to disallow GET/HEAD with non-empty body (#1369)
  • 7ba5bc9 update readme for TS @ type/node-fetch (#1405)
  • 6956bf8 core: Don't use buffer to make a blob (#1402)
  • 6e4c1e4 fix(Redirect): Better handle wrong redirect header in a response (#1387)
  • 2d5399e fix: handle errors from the request body stream (#1392)
  • 0284826 fix(http.request): Cast URL to string before sending it to NodeJS core (#1378)
  • 3f0e0c2 docs: Fix typo around sending a file (#1381)
  • 30c3cfe update fetch-blob (#1371)
  • 109bd21 release minor change (3.1.0) (#1364)
  • ff71348 docs: Update code examples (#1365)
  • 1068c8a template: Make PR template more task oriented (#1224)
  • 3944f24 feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData (#1314)
  • 37ac459 docs: Improve clarity of "Loading and configuring" (#1323)
  • a3a5b63 chore: Correct stuff in README.md (#1361)
  • ff7e950 Add typing for Response.redirect(url, status) (#1169)
  • 2d80b0b Add support for Referrer and Referrer Policy (#1057)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 18 '22 04:01 snyk-bot