Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade node-fetch to latest version #17317

Merged
merged 2 commits into from Jan 24, 2022
Merged

Upgrade node-fetch to latest version #17317

merged 2 commits into from Jan 24, 2022

Conversation

MatanBobi
Copy link
Contributor

Issue: Upgrade node-fetch version due to a security vulnerability.
This is the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

And it was patched a few hours ago:
node-fetch/node-fetch#1467

What I did

Upgrade the package.json file in the relevant packages.
I might have missed something so please let me know if I have :)

How to test

  • Is this testable with Jest or Chromatic screenshots?
  • Does this need a new example in the kitchen sink apps?
  • Does this need an update to the documentation?

If your answer is yes to any of these, please make sure to include it in your PR.

@nx-cloud
Copy link

nx-cloud bot commented Jan 23, 2022
edited

☁️ Nx Cloud Report

CI ran the following commands for commit d43e854. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

✅ Successfully ran 1 target

Sent with 💌 from NxCloud.

@MatanBobi MatanBobi changed the title chore(security): upgrade node-fetch to latest version fix(security): upgrade node-fetch to latest version Jan 24, 2022
@shilman shilman changed the title fix(security): upgrade node-fetch to latest version Upgrade node-fetch to latest version Jan 24, 2022
@shilman shilman added dependencies patch:yes Bugfix & documentation PR that need to be picked to main branch labels Jan 24, 2022
shilman
shilman approved these changes Jan 24, 2022
View reviewed changes
Copy link
Member

@shilman shilman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome. Thanks @MatanBobi !!! 🙏

@shilman shilman merged commit 2a1c212 into storybookjs:next Jan 24, 2022
@shilman shilman added the patch:done Patch/release PRs already cherry-picked to main/release branch label Jan 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shilman shilman shilman approved these changes

Assignees
No one assigned
Labels
dependencies patch:done Patch/release PRs already cherry-picked to main/release branch patch:yes Bugfix & documentation PR that need to be picked to main branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MatanBobi @shilman