New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2.6.7 is reporting a high severity vulnerability #1467
Labels
Comments
Looks like a github needs to update the cve #1453 (comment) |
2.6.7 is patched and safe from the attack |
MatanBobi
added a commit
to MatanBobi/msw
that referenced
this issue
Jan 23, 2022
A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235
This was referenced Jan 23, 2022
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
…1072) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
kettanaito
added a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
* fix: update `node-fetch` to 2.6.7 to fix a security vulnerability (#1072) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file * fix: update "@mswjs/cookies" for safe `localStorage` access (#1071) Co-authored-by: Matan Borenkraout <Matanbobi@gmail.com> Co-authored-by: Akmurat Saktagan <mr.akmurat@gmail.com>
kettanaito
pushed a commit
to mswjs/msw
that referenced
this issue
Jan 24, 2022
) * chore: fix a security vulnerability in `node-fetch` prior to 2.6.7 A security issue was found in `node-fetch` versions up to 2.6.6 A fix was patched in 2.6.7: node-fetch/node-fetch#1467 More about the vulnerability: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235 * chore(security): update yarn.lock file
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to the v2.6.7 release notes it should fix a security issue but when installing that version npm is reporting that it contains a high severity vulnerability. Is there a way I can overcome this? Note that I can't upgrade to v3.x.x due to its breaking changes.
$ npm install node-fetch@2.6.7
added 3 packages, removed 5 packages, changed 1 package, and audited 351 packages in 4s
80 packages are looking for funding
run
npm fund
for details1 high severity vulnerability
To address all issues (including breaking changes), run:
npm audit fix --force
Run
npm audit
for details.The text was updated successfully, but these errors were encountered: