You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to node-fetch/node-fetch#1611 earlier versions of node fetch are vulnerable to DOS when the the user can manipulate the url referrer. While the user of this app wont be able to do this, it does not make sense to keep a vulnerable version when none of the changes affect usability.
Tasks to be done:
Create a branch where node-fetch is update to a non-vulnerable version
Test it and assess if there are any functionality issues.
If not then send a pr as is, else comment here and create a new issue about such issues with node-fetch which can then be referenced when a pr gets sent with fixes.
The text was updated successfully, but these errors were encountered:
According to node-fetch/node-fetch#1611 earlier versions of node fetch are vulnerable to DOS when the the user can manipulate the
urlreferrer. While the user of this app wont be able to do this, it does not make sense to keep a vulnerable version when none of the changes affect usability.Tasks to be done:
The text was updated successfully, but these errors were encountered: