Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency cross-fetch to v3.1.5 [security] #78

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 17, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cross-fetch 3.1.4 -> 3.1.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-1365

When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.
Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .


Release Notes

lquixada/cross-fetch (cross-fetch)

v3.1.5

Compare Source

What's Changed

New Contributors

Full Changelog: lquixada/cross-fetch@v3.1.4...v3.1.5


Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label May 17, 2022
@sonarcloud
Copy link

sonarcloud bot commented May 17, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 40b868e to f88cb8f Compare May 23, 2023 08:02
@socket-security
Copy link

socket-security bot commented May 23, 2023

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from f88cb8f to ab3eb51 Compare May 26, 2023 14:00
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from ab3eb51 to bb127c1 Compare May 28, 2023 05:40
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from bb127c1 to b24a1bd Compare May 30, 2023 15:34
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from b24a1bd to 4ba4051 Compare May 30, 2023 15:36
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 4ba4051 to a5e8904 Compare June 4, 2023 11:59
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from a5e8904 to 8f1e4f2 Compare June 13, 2023 14:52
@socket-security
Copy link

socket-security bot commented Jun 13, 2023

@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 8f1e4f2 to e0ff9f3 Compare June 18, 2023 07:51
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from e0ff9f3 to 981811a Compare June 29, 2023 08:23
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 981811a to e44cfdf Compare July 6, 2023 11:29
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from e44cfdf to 7aee11b Compare July 9, 2023 09:17
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 7aee11b to f5ace98 Compare July 16, 2023 17:18
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from f5ace98 to 1d4e2c6 Compare July 19, 2023 12:14
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 78a22a7 to 0b6a8a7 Compare October 15, 2023 16:03
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 0b6a8a7 to 2d21b76 Compare October 23, 2023 12:29
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 2d21b76 to c046022 Compare November 6, 2023 07:00
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from c046022 to 48bf502 Compare November 16, 2023 12:53
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 48bf502 to 2e8654d Compare December 11, 2023 21:01
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 2e8654d to 1b219e3 Compare December 26, 2023 01:15
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 1b219e3 to 4fe2864 Compare January 15, 2024 13:48
@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 4fe2864 to 8c80481 Compare January 15, 2024 13:58
Copy link

sonarcloud bot commented Jan 15, 2024

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/npm-cross-fetch-vulnerability branch from 8c80481 to 65d8b8a Compare June 10, 2024 07:37
Copy link

sonarcloud bot commented Jun 10, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

Copy link

sonarcloud bot commented Sep 12, 2024

Copy link

sonarcloud bot commented Nov 26, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants