Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node-fetch 2.6.1: security alert (CVE-2022-0235) #17

Closed
brycewray opened this issue Jan 22, 2022 · 2 comments
Closed

node-fetch 2.6.1: security alert (CVE-2022-0235) #17

brycewray opened this issue Jan 22, 2022 · 2 comments
Milestone
v3.0.0

Comments

@brycewray
Copy link

The presence of node-fetch 2.6.1 in eleventy-cache-assets is triggering GitHub's Dependabot alerts regarding CVE-2022-0235. Apparently nothing earlier than 3.1.1 is considered safe.
@zachleat
Copy link
Member

zachleat commented Feb 5, 2022
edited

Hey, I do have plans to update this explicitly but just as disclosure 2.6.7 is also patched and will be applied on a clean install per ^ install rules.

See also https://github.com/node-fetch/node-fetch/blob/HEAD/docs/v3-UPGRADE-GUIDE.md#converted-to-es-module

@zachleat zachleat added this to the v2.3.1 milestone Feb 5, 2022
@zachleat
Copy link
Member

zachleat commented Feb 5, 2022

Fixed by 44c7612 will ship with 2.3.1

@zachleat zachleat closed this as completed Feb 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.0.0
Development

No branches or pull requests
2 participants
@zachleat @brycewray