Skip to content

[Security] Bump node-fetch from 2.6.5 to 2.6.7

Dependabot requested to merge dependabot-npm_and_yarn-node-fetch-2.6.7 into master

Bumps node-fetch from 2.6.5 to 2.6.7. This update includes a security fix.

Vulnerabilities fixed

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Patched versions: 2.6.7 Affected versions: < 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading