Bump node-fetch from 2.6.0 to 2.6.7 in /frontend #33

dependabot · 2022-01-22T13:43:44Z

Bumps node-fetch from 2.6.0 to 2.6.7.

Release notes

Sourced from [node-fetch's releases](https://github.com/node-fetch/node-fetch/releases).

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

fix: don't forward secure headers to 3th party by @jimmywarting in [backport of #1449 node-fetch/node-fetch#1453](https://github-redirect.dependabot.com/backport of #1449 node-fetch/node-fetch#1453)

Full Changelog: [https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)

v2.6.6

What's Changed

fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in [fix(URL): prefer built in URL version when available and fallback to whatwg node-fetch/node-fetch#1352](https://github-redirect.dependabot.com/fix(URL): prefer built in URL version when available and fallback to whatwg node-fetch/node-fetch#1352)

Full Changelog: [https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6](https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6)

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See [CHANGELOG](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261) for details.

Changelog

Sourced from [node-fetch's changelog](https://github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md).

Changelog

All notable changes will be recorded here.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

What's Changed

core: update fetch-blob by @jimmywarting in [update fetch-blob node-fetch/node-fetch#1371](https://github-redirect.dependabot.com/update fetch-blob node-fetch/node-fetch#1371)

docs: Fix typo around sending a file by @jimmywarting in [docs: Fix typo around sending a file node-fetch/node-fetch#1381](https://github-redirect.dependabot.com/docs: Fix typo around sending a file node-fetch/node-fetch#1381)

core: (http.request): Cast URL to string before sending it to NodeJS core by @jimmywarting in [fix(http.request): Cast URL to string before sending it to NodeJS core node-fetch/node-fetch#1378](https://github-redirect.dependabot.com/fix(http.request): Cast URL to string before sending it to NodeJS core node-fetch/node-fetch#1378)

core: handle errors from the request body stream by @mdmitry01 in [fix: handle errors from the request body stream node-fetch/node-fetch#1392](https://github-redirect.dependabot.com/fix: handle errors from the request body stream node-fetch/node-fetch#1392)

core: Better handle wrong redirect header in a response by @tasinet in [fix(Redirect): Better handle wrong redirect header in a response node-fetch/node-fetch#1387](https://github-redirect.dependabot.com/fix(Redirect): Better handle wrong redirect header in a response node-fetch/node-fetch#1387)

core: Don't use buffer to make a blob by @jimmywarting in [core: Don't use buffer to make a blob node-fetch/node-fetch#1402](https://github-redirect.dependabot.com/core: Don't use buffer to make a blob node-fetch/node-fetch#1402)

docs: update readme for TS @types/node-fetch by @adamellsworth in [update readme for TS @types/node-fetch node-fetch/node-fetch#1405](https://github-redirect.dependabot.com/update readme for TS @types/node-fetch node-fetch/node-fetch#1405)

core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @maxshirshin in [fix(Request): Fix logical operator priority to disallow GET/HEAD with non-empty body node-fetch/node-fetch#1369](https://github-redirect.dependabot.com/fix(Request): Fix logical operator priority to disallow GET/HEAD with non-empty body node-fetch/node-fetch#1369)

core: Don't use global buffer by @jimmywarting in [core: Don't use global buffer node-fetch/node-fetch#1422](https://github-redirect.dependabot.com/core: Don't use global buffer node-fetch/node-fetch#1422)

ci: fix main branch by @dnalborczyk in [ci: fix main branch node-fetch/node-fetch#1429](https://github-redirect.dependabot.com/ci: fix main branch node-fetch/node-fetch#1429)

core: use more node: protocol imports by @dnalborczyk in [fix: use more node: protocol imports node-fetch/node-fetch#1428](https://github-redirect.dependabot.com/fix: use more node: protocol imports node-fetch/node-fetch#1428)

core: Warn when using data by @jimmywarting in [core: Warn when using data node-fetch/node-fetch#1421](https://github-redirect.dependabot.com/core: Warn when using data node-fetch/node-fetch#1421)

docs: Create SECURITY.md by @JamieSlome in [Create SECURITY.md node-fetch/node-fetch#1445](https://github-redirect.dependabot.com/Create SECURITY.md node-fetch/node-fetch#1445)

core: don't forward secure headers to 3th party by @jimmywarting in [fix(Headers): don't forward secure headers to 3th party node-fetch/node-fetch#1449](https://github-redirect.dependabot.com/fix(Headers): don't forward secure headers to 3th party node-fetch/node-fetch#1449)

New Contributors

@mdmitry01 made their first contribution in [fix: handle errors from the request body stream node-fetch/node-fetch#1392](https://github-redirect.dependabot.com/fix: handle errors from the request body stream node-fetch/node-fetch#1392)

@tasinet made their first contribution in [fix(Redirect): Better handle wrong redirect header in a response node-fetch/node-fetch#1387](https://github-redirect.dependabot.com/fix(Redirect): Better handle wrong redirect header in a response node-fetch/node-fetch#1387)

@adamellsworth made their first contribution in [update readme for TS @types/node-fetch node-fetch/node-fetch#1405](https://github-redirect.dependabot.com/update readme for TS @types/node-fetch node-fetch/node-fetch#1405)

@maxshirshin made their first contribution in [fix(Request): Fix logical operator priority to disallow GET/HEAD with non-empty body node-fetch/node-fetch#1369](https://github-redirect.dependabot.com/fix(Request): Fix logical operator priority to disallow GET/HEAD with non-empty body node-fetch/node-fetch#1369)

@JamieSlome made their first contribution in [Create SECURITY.md node-fetch/node-fetch#1445](https://github-redirect.dependabot.com/Create SECURITY.md node-fetch/node-fetch#1445)

Full Changelog: [https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2](https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2)

3.1.0

What's Changed

fix(Body): Discourage form-data and buffer() by @jimmywarting in [fix(Body): Discourage form-data and buffer() node-fetch/node-fetch#1212](https://github-redirect.dependabot.com/fix(Body): Discourage form-data and buffer() node-fetch/node-fetch#1212)

fix: Pass url string to http.request by @serverwentdown in [fix: Pass url string to http.request node-fetch/node-fetch#1268](https://github-redirect.dependabot.com/fix: Pass url string to http.request node-fetch/node-fetch#1268)

Fix octocat image link by @lakuapik in [Fix octocat image link node-fetch/node-fetch#1281](https://github-redirect.dependabot.com/Fix octocat image link node-fetch/node-fetch#1281)

fix(Body.body): Normalize Body.body into a node:stream by @jimmywarting in [fix(Body.body): Normalize Body.body into a node:stream node-fetch/node-fetch#924](https://github-redirect.dependabot.com/fix(Body.body): Normalize Body.body into a node:stream node-fetch/node-fetch#924)

docs(Headers): Add default Host request header to README.md file by @robertoaceves in [docs(Headers): Add default Host request header to README.md file node-fetch/node-fetch#1316](https://github-redirect.dependabot.com/docs(Headers): Add default Host request header to README.md file node-fetch/node-fetch#1316)

Update CHANGELOG.md by @jimmywarting in [Update CHANGELOG.md node-fetch/node-fetch#1292](https://github-redirect.dependabot.com/Update CHANGELOG.md node-fetch/node-fetch#1292)

Add highWaterMark to cloned properties by @davesidious in [Add highWaterMark to cloned properties node-fetch/node-fetch#1162](https://github-redirect.dependabot.com/Add highWaterMark to cloned properties node-fetch/node-fetch#1162)

Update README.md to fix HTTPResponseError by @thedanfernandez in [Update README.md to fix HTTPResponseError node-fetch/node-fetch#1135](https://github-redirect.dependabot.com/Update README.md to fix HTTPResponseError node-fetch/node-fetch#1135)

docs: switch url to URL by @dhritzkiv in [docs: switch url to URL node-fetch/node-fetch#1318](https://github-redirect.dependabot.com/docs: switch url to URL node-fetch/node-fetch#1318)

fix(types): declare buffer() deprecated by @dnalborczyk in [fix(types): declare buffer() deprecated node-fetch/node-fetch#1345](https://github-redirect.dependabot.com/fix(types): declare buffer() deprecated node-fetch/node-fetch#1345)

chore: fix lint by @dnalborczyk in [chore: fix lint node-fetch/node-fetch#1348](https://github-redirect.dependabot.com/chore: fix lint node-fetch/node-fetch#1348)

refactor: use node: prefix for imports by @dnalborczyk in [refactor: use node: prefix for imports node-fetch/node-fetch#1346](https://github-redirect.dependabot.com/refactor: use node: prefix for imports node-fetch/node-fetch#1346)

Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @dependabot in [Bump data-uri-to-buffer from 3.0.1 to 4.0.0 node-fetch/node-fetch#1319](https://github-redirect.dependabot.com/Bump data-uri-to-buffer from 3.0.1 to 4.0.0 node-fetch/node-fetch#1319)

Bump mocha from 8.4.0 to 9.1.3 by @dependabot in [Bump mocha from 8.4.0 to 9.1.3 node-fetch/node-fetch#1339](https://github-redirect.dependabot.com/Bump mocha from 8.4.0 to 9.1.3 node-fetch/node-fetch#1339)

Referrer and Referrer Policy by @tekwiz in [Referrer and Referrer Policy node-fetch/node-fetch#1057](https://github-redirect.dependabot.com/Referrer and Referrer Policy node-fetch/node-fetch#1057)

Add typing for Response.redirect(url, status) by @c-w in [Add typing for Response.redirect(url, status) node-fetch/node-fetch#1169](https://github-redirect.dependabot.com/Add typing for Response.redirect(url, status) node-fetch/node-fetch#1169)

... (truncated)

Commits

1ef4b56 backport of [#1449](https://github-redirect.dependabot.com/fix(Headers): don't forward secure headers to 3th party node-fetch/node-fetch#1449) ([#1453](https://github-redirect.dependabot.com/backport of #1449 node-fetch/node-fetch#1453))
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json ([#1310](https://github-redirect.dependabot.com/2.x: Specify encoding as an optional peer dependency in package.json node-fetch/node-fetch#1310))
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
b5417ae fix: import whatwg-url in a way compatible with ESM Node ([#1303](https://github-redirect.dependabot.com/fix: import whatwg-url in a way compatible with ESM Node node-fetch/node-fetch#1303))
18193c5 fix v2.6.3 that did not sending query params ([#1301](https://github-redirect.dependabot.com/fix v2.6.3 that did not send query params node-fetch/node-fetch#1301))
ace7536 fix: properly encode url with unicode characters ([#1291](https://github-redirect.dependabot.com/fix: properly encode url with unicode characters node-fetch/node-fetch#1291))
152214c Fix(package.json): Corrected main file path in package.json ([#1274](https://github-redirect.dependabot.com/Fix(package.json): Corrected main file path in package.json node-fetch/node-fetch#1274))
b5e2e41 update version number
2358a6c Honor the size option after following a redirect and revert data uri support
8c197f8 docs: Fix typos and grammatical errors in README.md ([#686](https://github-redirect.dependabot.com/docs: Fix typos and grammatical errors in README.md node-fetch/node-fetch#686))
Additional commits viewable in [compare view](https://github.com/node-fetch/node-fetch/compare/v2.6.0...v2.6.7)

Maintainer changes

This version was pushed to npm by [endless](https://www.npmjs.com/~endless), a new releaser for node-fetch since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

┆Issue is synchronized with this Asana task by Unito

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.0 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 22, 2022

dependabot bot mentioned this pull request Jan 22, 2022

Bump node-fetch from 2.6.0 to 2.6.1 in /frontend #20

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump node-fetch from 2.6.0 to 2.6.7 in /frontend #33

Bump node-fetch from 2.6.0 to 2.6.7 in /frontend #33

dependabot bot commented on behalf of github Jan 22, 2022 •

edited by sync-by-unito bot

Bump node-fetch from 2.6.0 to 2.6.7 in /frontend #33

Are you sure you want to change the base?

Bump node-fetch from 2.6.0 to 2.6.7 in /frontend #33

Conversation

dependabot bot commented on behalf of github Jan 22, 2022 • edited by sync-by-unito bot

v2.6.7

Security patch release

What's Changed

v2.6.6

What's Changed

v2.6.2

v2.6.1

Changelog

What's Changed

New Contributors

3.1.0

What's Changed

dependabot bot commented on behalf of github Jan 22, 2022 •

edited by sync-by-unito bot