Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update node-fetch to 2.6.7 #39741

Merged
merged 1 commit into from Jan 25, 2022
Merged

Update node-fetch to 2.6.7 #39741

merged 1 commit into from Jan 25, 2022

Conversation

BrennanConroy
Copy link
Member

Fixes #39672

@ghost ghost added the area-signalr Includes: SignalR clients and servers label Jan 25, 2022
@BrennanConroy BrennanConroy enabled auto-merge (squash) January 25, 2022 17:18
@BrennanConroy BrennanConroy merged commit fac5a30 into main Jan 25, 2022
@BrennanConroy BrennanConroy deleted the brecon/bumpnodefetch branch January 25, 2022 17:29
@ghost ghost added this to the 7.0-preview1 milestone Jan 25, 2022
@MatanBobi
Copy link

@BrennanConroy Will this patch be only shipped in 7.0-preview? Since this is a vulnerability, I think we should patch it to current version too.. Wdyt?

@ghost
Copy link

ghost commented Jan 26, 2022

Hi @MatanBobi. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

@BrennanConroy
Copy link
Member Author

No, as described in #39672 (comment)

@MatanBobi
Copy link

Thanks for the prompt response @BrennanConroy :)

@ghost
Copy link

ghost commented Jan 26, 2022

Hi @MatanBobi. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

@wtgodbe wtgodbe modified the milestones: 7.0-preview1, 7.0-preview2 Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halter73 halter73 halter73 approved these changes

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

Assignees
No one assigned
Labels
area-signalr Includes: SignalR clients and servers
Projects
None yet
Milestone
7.0-preview2
Development

Successfully merging this pull request may close these issues.

[Component Vulnerability]please consider to upgrade node-fetch in @microsoft/signalr from @^2.x.x to @^3.1.1
5 participants
@BrennanConroy @MatanBobi @halter73 @adityamandaleeka @wtgodbe