[Security] Bump simple-get from 3.1.0 to 3.1.1 (!13) · Merge requests · games / onder-ons

Dependabot requested to merge dependabot-npm_and_yarn-simple-get-3.1.1 into master Jul 26, 2022

Bumps simple-get from 3.1.0 to 3.1.1. This update includes a security fix.

Vulnerabilities fixed

Exposure of Sensitive Information in simple-get In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party.

Patched versions: 3.1.1 Affected versions: >= 3.0.0, < 3.1.1

Commits

496166d 3.1.1
6eb82c0 Bug fix: Thirdparty cookie leak
See full diff in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for simple-get since your current version.

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump simple-get from 3.1.0 to 3.1.1

Merge request reports