v2.6.7 is reporting a high severity vulnerability #1467
Labels
Comments
|
Looks like a github needs to update the cve #1453 (comment) |
|
2.6.7 is patched and safe from the attack |
MatanBobi
added a commit
to MatanBobi/msw
that referenced
this issue
Jan 23, 2022
A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235
This was referenced Jan 23, 2022
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
…1072) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
kettanaito
added a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
* fix: update `node-fetch` to 2.6.7 to fix a security vulnerability (#1072) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file * fix: update "@mswjs/cookies" for safe `localStorage` access (#1071) Co-authored-by: Matan Borenkraout <Matanbobi@gmail.com> Co-authored-by: Akmurat Saktagan <mr.akmurat@gmail.com>
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to the v2.6.7 release notes it should fix a security issue but when installing that version npm is reporting that it contains a high severity vulnerability. Is there a way I can overcome this? Note that I can't upgrade to v3.x.x due to its breaking changes.
$ npm install node-fetch@2.6.7
added 3 packages, removed 5 packages, changed 1 package, and audited 351 packages in 4s
80 packages are looking for funding
run
npm fundfor details1 high severity vulnerability
To address all issues (including breaking changes), run:
npm audit fix --force
Run
npm auditfor details.The text was updated successfully, but these errors were encountered: