Update dependency node-fetch to v2.6.7 #14

dev-mend-for-github-com · 2025-02-20T19:45:16Z

This PR contains the following updates:

Package	Type	Update	Change
node-fetch	dependencies	patch	`2.6.1` -> `2.6.7`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE	Reachability
Medium	6.1	CVE-2022-0235

Release Notes

node-fetch/node-fetch (node-fetch)

`v2.6.7`

Compare Source

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

fix: don't forward secure headers to 3th party by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

`v2.6.6`

Compare Source

What's Changed

fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

fixed main path in package.json

If you want to rebase/retry this PR, check this box

dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 20, 2025

Update dependency node-fetch to v2.6.7

a822c19

dev-mend-for-github-com bot force-pushed the whitesource-remediate/node-fetch-2.x-lockfile branch from 0c072f5 to a822c19 Compare March 3, 2025 14:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency node-fetch to v2.6.7 #14

Update dependency node-fetch to v2.6.7 #14

dev-mend-for-github-com bot commented Feb 20, 2025

Update dependency node-fetch to v2.6.7 #14

Are you sure you want to change the base?

Update dependency node-fetch to v2.6.7 #14

Conversation

dev-mend-for-github-com bot commented Feb 20, 2025

Release Notes

v2.6.7

Security patch release

What's Changed

v2.6.6

What's Changed

v2.6.5

v2.6.4

v2.6.3

v2.6.2

`v2.6.7`

`v2.6.6`

`v2.6.5`

`v2.6.4`

`v2.6.3`

`v2.6.2`