chore: updated node-fetch version to 2.6.7 #124
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Nice one! |
dlafreniere
commented
Jan 20, 2022
| @@ -31,7 +31,7 @@ jobs: | |||
| strategy: | |||
| fail-fast: false | |||
| matrix: | |||
| node-version: [10.x, 12.x, 14.x, 15.x] | |||
| node-version: [10.x, 12.x, 14.x, 16.x] | |||
There was a problem hiding this comment.
the build with 15.x was failing for a seemingly unrelated reason.
According to the matrix, 15 is no longer supported, so I wanted to try to see if it will work with 16.x
|
thanks @dlafreniere! |
|
@lquixada can we trigger a patch release please? |
|
@dlafreniere it's published already! not sure why it's not reflecting on the npmjs.com page though |
|
Any chance of getting a patch like this on the 2.x branch for all the projects still pinned to that leading to indirect vulnerabilities? |
wbt
added a commit
to wbt/cross-fetch
that referenced
this pull request
Apr 6, 2022
Backporting lquixada#124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
lquixada
pushed a commit
that referenced
this pull request
Apr 10, 2022
Backporting #124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
lquixada
pushed a commit
that referenced
this pull request
Apr 10, 2022
Backporting #124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
This was referenced Apr 29, 2022
vanbasten17
pushed a commit
to hubtype/botonic
that referenced
this pull request
Jul 5, 2023
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to upgrade cross-fetch
from 3.1.4 to 3.1.6.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **2 versions** ahead of your current
version.
- The recommended version was released **a month ago**, on 2023-05-14.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>cross-fetch</b></summary>
<ul>
<li>
<b>3.1.6</b> - <a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/releases/tag/v3.1.6">2023-05-14</a></br><h2>What's
Changed</h2>
<ul>
<li>Updated node-fetch version to 2.6.11</li>
<li>Added caret range to node-fetch version for automatic feature and
fix updates.</li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://snyk.io/redirect/github/lquixada/cross-fetch/compare/v3.1.5...v3.1.6"><tt>v3.1.5...v3.1.6</tt></a></p>
</li>
<li>
<b>3.1.5</b> - <a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/releases/tag/v3.1.5">2022-01-20</a></br><h2>What's
Changed</h2>
<ul>
<li>chore: updated node-fetch version to 2.6.7 by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/dlafreniere/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/dlafreniere">@ dlafreniere</a> in
<a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="1107437836" data-permission-text="Title is private"
data-url="lquixada/cross-fetch#124"
data-hovercard-type="pull_request"
data-hovercard-url="/lquixada/cross-fetch/pull/124/hovercard"
href="https://snyk.io/redirect/github/lquixada/cross-fetch/pull/124">#124</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/dlafreniere/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/dlafreniere">@ dlafreniere</a>
made their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1107437836"
data-permission-text="Title is private"
data-url="lquixada/cross-fetch#124"
data-hovercard-type="pull_request"
data-hovercard-url="/lquixada/cross-fetch/pull/124/hovercard"
href="https://snyk.io/redirect/github/lquixada/cross-fetch/pull/124">#124</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://snyk.io/redirect/github/lquixada/cross-fetch/compare/v3.1.4...v3.1.5"><tt>v3.1.4...v3.1.5</tt></a></p>
</li>
<li>
<b>3.1.4</b> - 2021-04-02
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/releases">cross-fetch
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>cross-fetch</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/a2220175e3e2a585487b68cc0893a64076deb562">a222017</a>
chore(release): 3.1.6</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/33a0d90b43ab5c7f304a1d955a0a832524f07237">33a0d90</a>
chore: updated node-fetch to 2.6.11</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/a66f21bc3aec60907f5fa61efb1ca3af17f17550">a66f21b</a>
fix: fixed ESTree.StaticBlock error</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/bb6403a281db25aa1579b9921844adf467a3b21e">bb6403a</a>
chore: updated mocha-headless-chrome to 4.0.0</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/bef7bd3c365bbb6d133f61ff9e6e6d1f277a3851">bef7bd3</a>
chore: expanded Github Actions to trigger on release branches</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/fc9c16a4f10940e89316b02978ff4700dac62221">fc9c16a</a>
chore: updated node-fetch to 2.6.9.</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/24dedb4c8a16a33cb9b4d4682fb731438a6a9e2d">24dedb4</a>
chore: improved names of common checks on Github workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/02a63ca1d34f86053d7527e292c31d926fbaacab">02a63ca</a>
chore: refactored out common checks on Github workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/15f25c064d7cee3d17bad06ef205a1c15dddfcd3">15f25c0</a>
chore: upgraded Github actions to v3</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/5e7b4a409c81572b237075d2ebf32ba45486b357">5e7b4a4</a>
chore: removed unneeded step from Test specs job</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/9fb71cfc2fd5de86d541954f4496113dc29a903e">9fb71cf</a>
chore: enabled automatic CHANGELOG.md generation</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/ce651ec010160208e1a6ed34ca682f32b4492a3f">ce651ec</a>
chore: added node version back to setup-node action</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/0f55cad956f335583482c1bd07ced9d897171ed8">0f55cad</a>
chore: removed debug actions</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/601547dde2b59b0e769d536bb6dc31deac4ddf80">601547d</a>
chore: added debug action</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/b279d5c6d11a5b1c8bdc724858a1335f4c27b9d0">b279d5c</a>
chore: added action to debug payload</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/92eaaf8b35a15c6f226109969eb9eaddb614ce35">92eaaf8</a>
chore: added tag job on CI workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/abbd73005f96657a7193587c7fb14bc0e5d2f78e">abbd730</a>
chore: added commitzen</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/5ffadbe44c714204572465752ce3eead7e0c6bc5">5ffadbe</a>
perf: make build runs faster</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/1b6d20d33af22595ef789e8210b39098c1f2bc4a">1b6d20d</a>
chore: added Release workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/0827c35473f2dbc5361d72599eaaae9b229528e4">0827c35</a>
chore: renamed Github workflows</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/7e469cb4ec10f45dbe2556022adb7a710196e5d4">7e469cb</a>
chore: removed release conditions on CI workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/1e53e263879bd8f7fced110de08b9fd818d55bce">1e53e26</a>
chore: removed commitlint on CI workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/17aad4eefebaa9a8396a4551a26685b072adb58e">17aad4e</a>
chore: improved triggers for PR workflow</li>
<li><a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/commit/5d89fa223091a0d55e410873a1638f2a570058c5">5d89fa2</a>
chore: added title validation for PR workflow</li>
</ul>
<a
href="https://snyk.io/redirect/github/lquixada/cross-fetch/compare/7e4b657fa43915672350bcc53413721cbc14bd36...a2220175e3e2a585487b68cc0893a64076deb562">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5NWEwMzk0MC1hNTdkLTQ1N2UtOWZiOS1jNzk4YjZkZGQxNTkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijk1YTAzOTQwLWE1N2QtNDU3ZS05ZmI5LWM3OThiNmRkZDE1OSJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/manuelfidalgo/project/6a7f3eb3-67c7-4731-b085-ac1ee0028d81?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/manuelfidalgo/project/6a7f3eb3-67c7-4731-b085-ac1ee0028d81/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/manuelfidalgo/project/6a7f3eb3-67c7-4731-b085-ac1ee0028d81/settings/integration?pkg=cross-fetch&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"95a03940-a57d-457e-9fb9-c798b6ddd159","prPublicId":"95a03940-a57d-457e-9fb9-c798b6ddd159","dependencies":[{"name":"cross-fetch","from":"3.1.4","to":"3.1.6"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/manuelfidalgo/project/6a7f3eb3-67c7-4731-b085-ac1ee0028d81?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"6a7f3eb3-67c7-4731-b085-ac1ee0028d81","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2023-05-14T11:50:35.739Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes CVE-2022-0235
Fixes #123
node-fetch 2.6.7 release notes