Skip to content

[Security] Bump simple-get from 3.1.0 to 3.1.1

Dependabot requested to merge dependabot-npm_and_yarn-simple-get-3.1.1 into master

Bumps simple-get from 3.1.0 to 3.1.1. This update includes a security fix.

Vulnerabilities fixed

Exposure of Sensitive Information in simple-get In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party.

Patched versions: 3.1.1 Affected versions: >= 3.0.0, < 3.1.1

Commits
Maintainer changes

This version was pushed to npm by linusu, a new releaser for simple-get since your current version.



Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading