Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: updated node-fetch version to 2.6.7 #124

Merged
merged 2 commits into from Jan 20, 2022

Conversation

dlafreniere
Copy link
Contributor

@dlafreniere dlafreniere commented Jan 18, 2022

Fixes CVE-2022-0235

Fixes #123

node-fetch 2.6.7 release notes

@MirzetKameric
Copy link

@MirzetKameric MirzetKameric commented Jan 19, 2022

Nice one!

@@ -31,7 +31,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node-version: [10.x, 12.x, 14.x, 15.x]
node-version: [10.x, 12.x, 14.x, 16.x]
Copy link
Contributor Author

@dlafreniere dlafreniere Jan 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the build with 15.x was failing for a seemingly unrelated reason.

According to the matrix, 15 is no longer supported, so I wanted to try to see if it will work with 16.x

Copy link
Owner

@lquixada lquixada Jan 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me!

@lquixada lquixada merged commit a3b3a94 into lquixada:main Jan 20, 2022
12 checks passed
@lquixada
Copy link
Owner

@lquixada lquixada commented Jan 20, 2022

thanks @dlafreniere!

@dlafreniere dlafreniere deleted the fix/CVE-2022-0235 branch Jan 20, 2022
@dlafreniere
Copy link
Contributor Author

@dlafreniere dlafreniere commented Jan 20, 2022

@lquixada can we trigger a patch release please?

@lquixada
Copy link
Owner

@lquixada lquixada commented Jan 20, 2022

@dlafreniere it's published already! not sure why it's not reflecting on the npmjs.com page though

@wbt
Copy link

@wbt wbt commented Feb 4, 2022

Any chance of getting a patch like this on the 2.x branch for all the projects still pinned to that leading to indirect vulnerabilities?

wbt added a commit to wbt/cross-fetch that referenced this issue Apr 6, 2022
Backporting lquixada#124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
lquixada pushed a commit that referenced this issue Apr 10, 2022
Backporting #124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
lquixada pushed a commit that referenced this issue Apr 10, 2022
Backporting #124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. MetaMask/web3-provider-engine#404
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants