-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency cross-fetch to v3.1.5 [security] #78
base: master
Are you sure you want to change the base?
Conversation
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
40b868e
to
f88cb8f
Compare
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
f88cb8f
to
ab3eb51
Compare
ab3eb51
to
bb127c1
Compare
bb127c1
to
b24a1bd
Compare
b24a1bd
to
4ba4051
Compare
4ba4051
to
a5e8904
Compare
a5e8904
to
8f1e4f2
Compare
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/cross-fetch@3.1.4, npm/graceful-fs@4.2.6 |
8f1e4f2
to
e0ff9f3
Compare
e0ff9f3
to
981811a
Compare
981811a
to
e44cfdf
Compare
e44cfdf
to
7aee11b
Compare
7aee11b
to
f5ace98
Compare
f5ace98
to
1d4e2c6
Compare
78a22a7
to
0b6a8a7
Compare
0b6a8a7
to
2d21b76
Compare
2d21b76
to
c046022
Compare
c046022
to
48bf502
Compare
48bf502
to
2e8654d
Compare
2e8654d
to
1b219e3
Compare
1b219e3
to
4fe2864
Compare
4fe2864
to
8c80481
Compare
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
8c80481
to
65d8b8a
Compare
Quality Gate passedIssues Measures |
65d8b8a
to
aacac54
Compare
Quality Gate passedIssues Measures |
aacac54
to
c8c5f22
Compare
c8c5f22
to
2697d3e
Compare
Quality Gate passedIssues Measures |
This PR contains the following updates:
3.1.4
->3.1.5
GitHub Vulnerability Alerts
CVE-2022-1365
When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.
Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .
Release Notes
lquixada/cross-fetch (cross-fetch)
v3.1.5
Compare Source
What's Changed
New Contributors
Full Changelog: lquixada/cross-fetch@v3.1.4...v3.1.5
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.