Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency node-fetch to 2.6.7 [security] #668

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

chore(deps): update dependency node-fetch to 2.6.7 [security] #668

wants to merge 6 commits into from

Conversation

svc-secops
Copy link
Contributor

This PR contains the following updates:

Package Change
node-fetch 2.6.1 -> 2.6.7

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - "after 8am and before 4pm on tuesday" in timezone Etc/UTC.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

@svc-secops svc-secops requested a review from a team as a code owner December 19, 2023 12:37
@svc-secops svc-secops added dependencies Pull requests that update a dependency file vulnerability labels Dec 19, 2023
@netlify Netlify
Copy link

netlify bot commented Dec 19, 2023
edited

Deploy Preview for apollo-monodocs failed.

Name Link
🔨 Latest commit f7818a7
🔍 Latest deploy log https://app.netlify.com/sites/apollo-monodocs/deploys/658357652961880009cfc716

Meschreiber
Meschreiber reviewed Dec 20, 2023
View reviewed changes
Copy link
Contributor

@Meschreiber Meschreiber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is breaking during installation in deploy preview. Do not merge as is.

@svc-secops
Copy link
Contributor Author

svc-secops commented Dec 21, 2023
edited

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Meschreiber Meschreiber Meschreiber left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@svc-secops @Meschreiber