Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability found with node-fetch #1065

Closed
black-signature opened this issue Jan 18, 2022 · 3 comments · Fixed by #1072
Closed

Vulnerability found with node-fetch #1065

black-signature opened this issue Jan 18, 2022 · 3 comments · Fixed by #1072

Comments

@black-signature
Copy link

Describe the bug

A vulnerability has been found with node-fetch which is a dependency in msw. Updating it to 3.1.1 or higher should fix the issue.
https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118

Environment

  • msw: 0.36.4
@black-signature black-signature added the bug Something isn't working label Jan 18, 2022
@kettanaito
Copy link
Member

Hey, @black-signature. Thanks for reporting this.

As MSW is meant to run in a development environment, this vulnerability is a low priority for the library. We will update node-fetch in the next minor release.

@kettanaito kettanaito removed the bug Something isn't working label Jan 19, 2022
@black-signature
Copy link
Author

Great! Thanks for the update, @kettanaito

@kettanaito kettanaito mentioned this issue Jan 24, 2022
Merged
@kettanaito
Copy link
Member

Closed by #1072.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: fix a security vulnerability in node-fetch prior to 2.6.7 MatanBobi/msw
2 participants
@black-signature @kettanaito