Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security upgrade node-fetch to 2.6.7 #2085

Merged
merged 1 commit into from
Jan 20, 2022

Conversation

evansims
Copy link
Member

Relates to: #2084

This PR bumps the node-fetch dependency version from 2.6.6 to 2.6.7 to resolve a security vulnerability around forwarded headers within that release. See: https://github.com/node-fetch/node-fetch/releases/tag/v2.6.7

@evansims evansims added the review:tiny Tiny review label Jan 17, 2022
@evansims evansims marked this pull request as ready for review January 17, 2022 22:43
@evansims evansims requested a review from a team as a code owner January 17, 2022 22:43
@evansims evansims added the dependencies One or more dependencies are being bumped label Jan 18, 2022
@stevehobbsdev stevehobbsdev merged commit 67e8cf4 into master Jan 20, 2022
@stevehobbsdev stevehobbsdev deleted the security/dep-bump-node-fetch-2.6.7 branch January 20, 2022 09:21
@stevehobbsdev stevehobbsdev mentioned this pull request Jan 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies One or more dependencies are being bumped review:tiny Tiny review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants