From f8b9c4b74b716e48e0861011a15af32e920e6c22 Mon Sep 17 00:00:00 2001
From: Martin Cermak <crudo@crudo.cz>
Date: Thu, 27 Jan 2022 15:24:01 +0100
Subject: [PATCH] fix(runtime): update node-fetch from ^2.6.1 to ^2.6.7

https://github.com/advisories/GHSA-r683-j2x4-v87g
https://github.com/node-fetch/node-fetch/pull/1453
https://nvd.nist.gov/vuln/detail/CVE-2022-0235
---
 packages/runtime/package.json |  2 +-
 yarn.lock                     | 41 ++++++++++++++++++++++++++++++-----
 2 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/packages/runtime/package.json b/packages/runtime/package.json
index 80ecc9ad2..011c77424 100644
--- a/packages/runtime/package.json
+++ b/packages/runtime/package.json
@@ -26,7 +26,7 @@
     "@stoplight/types": "^12.3.0",
     "abort-controller": "^3.0.0",
     "lodash": "^4.17.21",
-    "node-fetch": "^2.6.1",
+    "node-fetch": "^2.6.7",
     "tslib": "^2.3.1"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index 924829193..2d2574210 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2185,7 +2185,7 @@ __metadata:
     "@stoplight/types": ^12.3.0
     abort-controller: ^3.0.0
     lodash: ^4.17.21
-    node-fetch: ^2.6.1
+    node-fetch: ^2.6.7
     tslib: ^2.3.1
   languageName: unknown
   linkType: soft
@@ -8020,10 +8020,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"node-fetch@npm:^2.6.0, node-fetch@npm:^2.6.1":
-  version: 2.6.1
-  resolution: "node-fetch@npm:2.6.1"
-  checksum: 91075bedd57879117e310fbcc36983ad5d699e522edb1ebcdc4ee5294c982843982652925c3532729fdc86b2d64a8a827797a745f332040d91823c8752ee4d7c
+"node-fetch@npm:^2.6.0, node-fetch@npm:^2.6.1, node-fetch@npm:^2.6.7":
+  version: 2.6.7
+  resolution: "node-fetch@npm:2.6.7"
+  dependencies:
+    whatwg-url: ^5.0.0
+  peerDependencies:
+    encoding: ^0.1.0
+  peerDependenciesMeta:
+    encoding:
+      optional: true
+  checksum: 8d816ffd1ee22cab8301c7756ef04f3437f18dace86a1dae22cf81db8ef29c0bf6655f3215cb0cdb22b420b6fe141e64b26905e7f33f9377a7fa59135ea3e10b
   languageName: node
   linkType: hard
 
@@ -10217,6 +10224,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"tr46@npm:~0.0.3":
+  version: 0.0.3
+  resolution: "tr46@npm:0.0.3"
+  checksum: 726321c5eaf41b5002e17ffbd1fb7245999a073e8979085dacd47c4b4e8068ff5777142fc6726d6ca1fd2ff16921b48788b87225cbc57c72636f6efa8efbffe3
+  languageName: node
+  linkType: hard
+
 "treeify@npm:^1.1.0":
   version: 1.1.0
   resolution: "treeify@npm:1.1.0"
@@ -10757,6 +10771,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"webidl-conversions@npm:^3.0.0":
+  version: 3.0.1
+  resolution: "webidl-conversions@npm:3.0.1"
+  checksum: c92a0a6ab95314bde9c32e1d0a6dfac83b578f8fa5f21e675bc2706ed6981bc26b7eb7e6a1fab158e5ce4adf9caa4a0aee49a52505d4d13c7be545f15021b17c
+  languageName: node
+  linkType: hard
+
 "webidl-conversions@npm:^4.0.2":
   version: 4.0.2
   resolution: "webidl-conversions@npm:4.0.2"
@@ -10794,6 +10815,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"whatwg-url@npm:^5.0.0":
+  version: 5.0.0
+  resolution: "whatwg-url@npm:5.0.0"
+  dependencies:
+    tr46: ~0.0.3
+    webidl-conversions: ^3.0.0
+  checksum: b8daed4ad3356cc4899048a15b2c143a9aed0dfae1f611ebd55073310c7b910f522ad75d727346ad64203d7e6c79ef25eafd465f4d12775ca44b90fa82ed9e2c
+  languageName: node
+  linkType: hard
+
 "whatwg-url@npm:^6.5.0":
   version: 6.5.0
   resolution: "whatwg-url@npm:6.5.0"