Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fix a security vulnerability in node-fetch prior to 2.6.7 #1072

Merged
merged 2 commits into from Jan 24, 2022
Merged

chore: fix a security vulnerability in node-fetch prior to 2.6.7 #1072

merged 2 commits into from Jan 24, 2022

Conversation

MatanBobi
Copy link
Contributor

@MatanBobi MatanBobi commented Jan 23, 2022
edited by kettanaito

A security issue was found in node-fetch versions up to 2.6.6
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

@MatanBobi
chore: fix a security vulnerability in node-fetch prior to 2.6.7
43cb1b9 
A security issue was found in `node-fetch` versions up to 2.6.6 
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235
@codesandbox-ci
Copy link

codesandbox-ci bot commented Jan 23, 2022
edited

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 2e67039:

Sandbox Source
MSW React Configuration

@kettanaito
Copy link
Member

Hey, @MatanBobi! Thanks for addressing this!

Please, it looks like you forgot to run yarn install, as the lockfile doesn't reflect this change. Could you please do that and add the yarn.lock to the commit? Thanks.

@MatanBobi
Copy link
Contributor Author

Oh, that's my bad, I'm sorry. I was looking for a package-lock.json and once I didn't find it I just created this PR.
I'm on it :)

@MatanBobi
Copy link
Contributor Author

MatanBobi commented Jan 23, 2022
edited

@kettanaito
I pushed the yarn.lock file.. Thanks and sorry again :)

@kettanaito
Copy link
Member

No worries! Thanks for addressing this so quickly. The CI build should run without issues now, let's see.

@MatanBobi
Copy link
Contributor Author

@kettanaito looks like the CI build passed this time :)

@kettanaito kettanaito changed the base branch from main to 0-36-6 January 24, 2022 10:47
@kettanaito kettanaito merged commit 766cd8f into mswjs:0-36-6 Jan 24, 2022
@kettanaito kettanaito mentioned this pull request Jan 24, 2022
Closed
kettanaito pushed a commit that referenced this pull request Jan 24, 2022
@MatanBobi @kettanaito
fix: update node-fetch to 2.6.7 to fix a security vulnerability (#1072
e979685 
)

* chore: fix a security vulnerability in `node-fetch` prior to 2.6.7

A security issue was found in `node-fetch` versions up to 2.6.6
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

* chore(security): update yarn.lock file
This was referenced Jan 24, 2022
Merged
Closed
kettanaito added a commit that referenced this pull request Jan 24, 2022
@kettanaito @MatanBobi @sAs59
0.36.6 (#1074)
fd4625d 
* fix: update `node-fetch` to 2.6.7 to fix a security vulnerability (#1072)

* chore: fix a security vulnerability in `node-fetch` prior to 2.6.7

A security issue was found in `node-fetch` versions up to 2.6.6
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

* chore(security): update yarn.lock file

* fix: update "@mswjs/cookies" for safe `localStorage` access (#1071)

Co-authored-by: Matan Borenkraout <Matanbobi@gmail.com>
Co-authored-by: Akmurat Saktagan <mr.akmurat@gmail.com>
kettanaito pushed a commit that referenced this pull request Jan 24, 2022
@MatanBobi @kettanaito
fix: update node-fetch to 2.6.7 to fix a security vulnerability (#1072
72a34f6 
)

* chore: fix a security vulnerability in `node-fetch` prior to 2.6.7

A security issue was found in `node-fetch` versions up to 2.6.6
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

* chore(security): update yarn.lock file
@MatanBobi MatanBobi deleted the patch-1 branch January 24, 2022 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release candidate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability found with node-fetch
2 participants
@MatanBobi @kettanaito