Update dependency node-fetch to v3 [SECURITY] - autoclosed
Created by: renovate[bot]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| node-fetch | ^2.6.0 -> ^3.0.0 |
 |
|
|
|
GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Release Notes
node-fetch/node-fetch
v3.1.1
Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
What's Changed
- core: update fetch-blob by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1371
- docs: Fix typo around sending a file by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1381
- core: (http.request): Cast URL to string before sending it to NodeJS core by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1378
- core: handle errors from the request body stream by @mdmitry01 in https://github.com/node-fetch/node-fetch/pull/1392
- core: Better handle wrong redirect header in a response by @tasinet in https://github.com/node-fetch/node-fetch/pull/1387
- core: Don't use buffer to make a blob by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1402
- docs: update readme for TS @types/node-fetch by @adamellsworth in https://github.com/node-fetch/node-fetch/pull/1405
- core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @maxshirshin in https://github.com/node-fetch/node-fetch/pull/1369
- core: Don't use global buffer by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1422
- ci: fix main branch by @dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1429
- core: use more node: protocol imports by @dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1428
- core: Warn when using data by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1421
- docs: Create SECURITY.md by @JamieSlome in https://github.com/node-fetch/node-fetch/pull/1445
- core: don't forward secure headers to 3th party by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1449
New Contributors
- @mdmitry01 made their first contribution in https://github.com/node-fetch/node-fetch/pull/1392
- @tasinet made their first contribution in https://github.com/node-fetch/node-fetch/pull/1387
- @adamellsworth made their first contribution in https://github.com/node-fetch/node-fetch/pull/1405
- @maxshirshin made their first contribution in https://github.com/node-fetch/node-fetch/pull/1369
- @JamieSlome made their first contribution in https://github.com/node-fetch/node-fetch/pull/1445
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1
v3.1.0
What's Changed
- fix(Body): Discourage form-data and buffer() by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1212
- fix: Pass url string to http.request by @serverwentdown in https://github.com/node-fetch/node-fetch/pull/1268
- Fix octocat image link by @lakuapik in https://github.com/node-fetch/node-fetch/pull/1281
- fix(Body.body): Normalize
Body.bodyinto anode:streamby @jimmywarting in https://github.com/node-fetch/node-fetch/pull/924 - docs(Headers): Add default Host request header to README.md file by @robertoaceves in https://github.com/node-fetch/node-fetch/pull/1316
- Update CHANGELOG.md by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1292
- Add highWaterMark to cloned properties by @davesidious in https://github.com/node-fetch/node-fetch/pull/1162
- Update README.md to fix HTTPResponseError by @thedanfernandez in https://github.com/node-fetch/node-fetch/pull/1135
- docs: switch
urltoURLby @dhritzkiv in https://github.com/node-fetch/node-fetch/pull/1318 - fix(types): declare buffer() deprecated by @dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1345
- chore: fix lint by @dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1348
- refactor: use node: prefix for imports by @dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1346
- Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @dependabot in https://github.com/node-fetch/node-fetch/pull/1319
- Bump mocha from 8.4.0 to 9.1.3 by @dependabot in https://github.com/node-fetch/node-fetch/pull/1339
- Referrer and Referrer Policy by @tekwiz in https://github.com/node-fetch/node-fetch/pull/1057
- Add typing for Response.redirect(url, status) by @c-w in https://github.com/node-fetch/node-fetch/pull/1169
- chore: Correct stuff in README.md by @Jiralite in https://github.com/node-fetch/node-fetch/pull/1361
- docs: Improve clarity of "Loading and configuring" by @serverwentdown in https://github.com/node-fetch/node-fetch/pull/1323
- feat(Body): Added support for
BodyMixin.formData()and constructing bodies with FormData by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1314 - template: Make PR template more task oriented by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1224
- docs: Update code examples by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1365
New Contributors
- @serverwentdown made their first contribution in https://github.com/node-fetch/node-fetch/pull/1268
- @lakuapik made their first contribution in https://github.com/node-fetch/node-fetch/pull/1281
- @robertoaceves made their first contribution in https://github.com/node-fetch/node-fetch/pull/1316
- @davesidious made their first contribution in https://github.com/node-fetch/node-fetch/pull/1162
- @thedanfernandez made their first contribution in https://github.com/node-fetch/node-fetch/pull/1135
- @dhritzkiv made their first contribution in https://github.com/node-fetch/node-fetch/pull/1318
- @dnalborczyk made their first contribution in https://github.com/node-fetch/node-fetch/pull/1345
- @dependabot made their first contribution in https://github.com/node-fetch/node-fetch/pull/1319
- @c-w made their first contribution in https://github.com/node-fetch/node-fetch/pull/1169
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0
v3.0.0
version 3 is going out of a long beta period and switches to stable
One major change is that it's now a ESM only package See changelog for more information about all the changes.
v2.6.7
Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
What's Changed
- fix: don't forward secure headers to 3th party by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1453
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7
v2.6.6
What's Changed
- fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in https://github.com/node-fetch/node-fetch/pull/1352
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6
Configuration
-
If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.