chore: bump node-fetch, lodash, and fast-csv versions for security vu…

…lnerabilities (#1759)

* chore: bump node-fetch and lodash versions for security vulnerabilities

* chore: bump fast-csv version for security vulnerabilities

.changeset/clever-monkeys-attend.md

@@ -1,18 +1,18 @@
 ---
-"@commercetools/integration-tests": patch
-"@commercetools/category-exporter": patch
-"@commercetools/csv-parser-discount-code": patch
-"@commercetools/csv-parser-orders": patch
-"@commercetools/csv-parser-price": patch
-"@commercetools/csv-parser-state": patch
-"@commercetools/custom-objects-exporter": patch
-"@commercetools/customer-groups-exporter": patch
-"@commercetools/discount-code-exporter": patch
-"@commercetools/discount-code-generator": patch
-"@commercetools/inventories-exporter": patch
-"@commercetools/personal-data-erasure": patch
-"@commercetools/price-exporter": patch
-"@commercetools/product-exporter": patch
+'@commercetools/integration-tests': patch
+'@commercetools/category-exporter': patch
+'@commercetools/csv-parser-discount-code': patch
+'@commercetools/csv-parser-orders': patch
+'@commercetools/csv-parser-price': patch
+'@commercetools/csv-parser-state': patch
+'@commercetools/custom-objects-exporter': patch
+'@commercetools/customer-groups-exporter': patch
+'@commercetools/discount-code-exporter': patch
+'@commercetools/discount-code-generator': patch
+'@commercetools/inventories-exporter': patch
+'@commercetools/personal-data-erasure': patch
+'@commercetools/price-exporter': patch
+'@commercetools/product-exporter': patch
 ---
 
 Cleanup & update dependencies

.changeset/nice-ducks-talk.md

@@ -1,14 +1,14 @@
 ---
-"@commercetools/integration-tests": patch
-"@commercetools/csv-parser-orders": patch
-"@commercetools/csv-parser-price": patch
-"@commercetools/discount-code-exporter": patch
-"@commercetools/get-credentials": patch
-"@commercetools/inventories-exporter": patch
-"@commercetools/product-exporter": patch
-"@commercetools/sdk-auth": patch
-"@commercetools/sdk-middleware-http": patch
-"@commercetools/state-importer": patch
+'@commercetools/integration-tests': patch
+'@commercetools/csv-parser-orders': patch
+'@commercetools/csv-parser-price': patch
+'@commercetools/discount-code-exporter': patch
+'@commercetools/get-credentials': patch
+'@commercetools/inventories-exporter': patch
+'@commercetools/product-exporter': patch
+'@commercetools/sdk-auth': patch
+'@commercetools/sdk-middleware-http': patch
+'@commercetools/state-importer': patch
 ---
 
 chore(deps): update all dependencies

.changeset/small-grapes-eat.md

@@ -0,0 +1,24 @@
+---
+'@commercetools/integration-tests': patch
+'@commercetools/category-exporter': patch
+'@commercetools/csv-parser-orders': patch
+'@commercetools/csv-parser-price': patch
+'@commercetools/csv-parser-state': patch
+'@commercetools/custom-objects-exporter': patch
+'@commercetools/custom-objects-importer': patch
+'@commercetools/customer-groups-exporter': patch
+'@commercetools/discount-code-exporter': patch
+'@commercetools/discount-code-importer': patch
+'@commercetools/inventories-exporter': patch
+'@commercetools/personal-data-erasure': patch
+'@commercetools/price-exporter': patch
+'@commercetools/product-exporter': patch
+'@commercetools/product-json-to-csv': patch
+'@commercetools/resource-deleter': patch
+'@commercetools/sdk-auth': patch
+'@commercetools/sdk-middleware-auth': patch
+'@commercetools/sdk-middleware-http': patch
+'@commercetools/state-importer': patch
+---
+
+Bump versions of `node-fetch`, `lodash`, and `fast-csv` to fix security vulnerabilities

docs/sdk/api/typescriptSdk.md

@@ -70,12 +70,12 @@ const authMiddlewareOptions = {
   },
   oauthUri: '/oauth/token', // - optional custom oauthUri
   scopes: [`manage_project:${projectKey}`],
-  fetch
+  fetch,
 }
 
 const httpMiddlewareOptions = {
   host: 'https://api.europe-west1.gcp.commercetools.com',
-  fetch
+  fetch,
 }
 
 const client = new ClientBuilder()

integration-tests/package.json

@@ -44,7 +44,7 @@
     "lodash.omit": "^4.5.0",
     "lodash.zipobject": "^4.1.3",
     "mz": "^2.7.0",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "streamtest": "^2.0.0",
     "tmp": "^0.2.0",
     "unzipper": "^0.10.5"

lint-staged.config.js

@@ -1,6 +1,7 @@
 module.exports = {
   '*.md': ['yarn format:md'],
   'packages/**/*.js': [
+    'prettier --write',
     // NOTE: apparently if you pass some argument that is not a flag AFTER the `reporters`
     // flag, jest does not seem correctly parse the arguments.
     //

packages/category-exporter/package.json

@@ -40,7 +40,7 @@
     "@commercetools/sdk-middleware-auth": "^5.1.6",
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pino-pretty": "^4.0.0",
     "pretty-error": "^2.1.1",

packages/csv-parser-orders/package.json

@@ -43,7 +43,7 @@
     "JSONStream": "^1.3.5",
     "csv-parser": "^3.0.0",
     "highland": "^2.13.0",
-    "lodash": "^4.17.11",
+    "lodash": "^4.17.21",
     "npmlog": "^4.1.2",
     "object-path": "^0.11.4",
     "pretty-error": "^2.1.1",

packages/csv-parser-price/package.json

@@ -52,7 +52,7 @@
     "lodash.mapvalues": "^4.6.0",
     "lodash.memoize": "^4.1.2",
     "lodash.pick": "^4.4.0",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "pretty-error": "^2.1.1",
     "strip-bom-stream": "^4.0.0",

packages/csv-parser-state/package.json

@@ -52,7 +52,7 @@
     "flat": "^5.0.0",
     "highland": "^2.13.0",
     "lodash.memoize": "^4.1.2",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/custom-objects-exporter/package.json

@@ -42,7 +42,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/custom-objects-importer/package.json

@@ -41,7 +41,7 @@
     "common-tags": "^1.8.0",
     "lodash.compact": "^3.0.1",
     "lodash.isequal": "^4.5.0",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "p-series": "^2.0.0"
   }
 }

packages/customer-groups-exporter/package.json

@@ -43,7 +43,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/discount-code-exporter/package.json

@@ -44,9 +44,9 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "fast-csv": "^4.0.0",
+    "fast-csv": "^4.3.6",
     "flat": "^5.0.0",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/discount-code-importer/package.json

@@ -40,8 +40,8 @@
     "@commercetools/sdk-middleware-queue": "^2.1.4",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "@commercetools/sync-actions": "^4.9.6",
-    "lodash": "^4.17.11",
-    "node-fetch": "^2.3.0",
+    "lodash": "^4.17.21",
+    "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2"
   }
 }

packages/inventories-exporter/package.json

@@ -47,8 +47,8 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "fast-csv": "^4.0.0",
-    "node-fetch": "^2.3.0",
+    "fast-csv": "^4.3.6",
+    "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/personal-data-erasure/package.json

@@ -41,7 +41,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "lodash.flatten": "^4.4.0",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "prompt-confirm": "^2.0.4",

packages/price-exporter/package.json

@@ -45,10 +45,10 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "fast-csv": "^4.0.0",
+    "fast-csv": "^4.3.6",
     "flat": "^5.0.0",
-    "lodash": "^4.17.11",
-    "node-fetch": "^2.3.0",
+    "lodash": "^4.17.21",
+    "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/product-exporter/package.json

@@ -44,7 +44,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "JSONStream": "^1.3.5",
-    "node-fetch": "^2.3.0",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "yargs": "^16.0.0"

packages/product-json-to-csv/package.json

@@ -55,8 +55,8 @@
     "highland": "^2.13.0",
     "iconv-lite": "^0.6.0",
     "json2csv": "^5.0.0",
-    "lodash": "^4.17.11",
-    "node-fetch": "^2.3.0",
+    "lodash": "^4.17.21",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "single-emit": "^2.0.0",

packages/resource-deleter/package.json

@@ -39,7 +39,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-queue": "^2.1.4",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
-    "node-fetch": "^2.4.1",
+    "node-fetch": "^2.6.7",
     "pino": "^6.0.0",
     "pretty-error": "^2.1.1",
     "prompts": "^2.0.4",

packages/sdk-auth/package.json

@@ -38,6 +38,6 @@
   },
   "devDependencies": {
     "nock": "12.0.3",
-    "node-fetch": "2.6.6"
+    "node-fetch": "^2.6.7"
   }
 }

packages/sdk-middleware-auth/CHANGELOG.md

@@ -1,8 +1,7 @@
 # @commercetools/sdk-middleware-auth
 
 ## 6.2.0
-### Minor Changes
-
 
+### Minor Changes
 
 - [#1731](https://github.com/commercetools/nodejs/pull/1731) [`b9304f6a`](https://github.com/commercetools/nodejs/commit/b9304f6a03f827b3a04d4b5e6f8602a6dc2cce80) Thanks [@ajimae](https://github.com/ajimae)! - releasing lastest version of sdk-middleware-auth package

packages/sdk-middleware-auth/package.json

@@ -33,7 +33,7 @@
     "build:bundles": "cross-env NODE_ENV=production rollup -c ../../rollup.config.js -n CommercetoolsSdkMiddlewareAuth -i ./src/index.js"
   },
   "dependencies": {
-    "node-fetch": "^2.3.0"
+    "node-fetch": "^2.6.7"
   },
   "devDependencies": {
     "abort-controller": "3.0.0",

packages/sdk-middleware-http/package.json

@@ -34,6 +34,6 @@
   "devDependencies": {
     "abort-controller": "3.0.0",
     "nock": "12.0.3",
-    "node-fetch": "2.6.6"
+    "node-fetch": "^2.6.7"
   }
 }

packages/state-importer/package.json

@@ -40,7 +40,7 @@
     "@commercetools/sdk-middleware-http": "^6.0.11",
     "@commercetools/sdk-middleware-user-agent": "^2.1.5",
     "@commercetools/sync-actions": "^4.9.6",
-    "node-fetch": "^2.3.0"
+    "node-fetch": "^2.6.7"
   },
   "devDependencies": {
     "common-tags": "1.8.2"