-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update simple-get dependency ^3.0.3 to ^4.0.1 #2223
Conversation
I think it should be replaced by built-in |
That's only in node 17+ This PR bumps up the node version too, but we currently support node 8+, so I don't think we can merge yet. |
Yes, this would be a breaking change.
The way that this package is using Long term it would be nice to use the built-in Node.js 16.x goes end-of-life on the 11th of september: https://nodejs.org/en/blog/announcements/nodejs16-eol If version 3.0.0 of Canvas is released on or after that date we should be able to support only 18+ and thus use the built-in fetch... |
umm... Do you have any other good ideas? |
It's not really a vulnerability if there's no way to exploit it |
I got it. This PR will be closed. Thanks for your support. 🥰 |
I've updated the versionof simple-get module due to security issue.
versions bellow 4.0.1 have a vulnerability that leaks cookie headers to third-party sites.
url: https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31/