Skip to content

Commit

Permalink
fix: update node-fetch
Browse files Browse the repository at this point in the history
This fixes CVE-2022-0235
  • Loading branch information
ardeois committed Mar 4, 2022
1 parent afd0231 commit b63ef24
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 28 deletions.
4 changes: 2 additions & 2 deletions packages/core/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"io-ts": "^2.1.2",
"lodash.chunk": "^4.2.0",
"log-symbols": "^4.0.0",
"node-fetch": "2.6.1",
"node-fetch": "2.6.7",
"parse-author": "^2.0.0",
"parse-github-url": "1.0.2",
"pretty-ms": "^7.0.0",
Expand Down Expand Up @@ -89,7 +89,7 @@
"@types/jest": "~26.0.7",
"@types/lodash.chunk": "^4.2.6",
"@types/node": "^13.1.8",
"@types/node-fetch": "2.5.8",
"@types/node-fetch": "2.6.1",
"@types/semver": "^7.1.0",
"@types/signale": "^1.2.1",
"@types/tinycolor2": "^1.4.1",
Expand Down
2 changes: 1 addition & 1 deletion plugins/microsoft-teams/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
"fp-ts": "^2.5.3",
"https-proxy-agent": "^5.0.0",
"io-ts": "^2.1.2",
"node-fetch": "2.6.1",
"node-fetch": "2.6.7",
"tslib": "2.1.0"
}
}
4 changes: 2 additions & 2 deletions plugins/slack/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,11 @@
"fp-ts": "^2.5.3",
"https-proxy-agent": "^5.0.0",
"io-ts": "^2.1.2",
"node-fetch": "2.6.1",
"node-fetch": "2.6.7",
"tslib": "2.1.0"
},
"devDependencies": {
"@types/node-fetch": "2.5.8",
"@types/node-fetch": "2.6.1",
"@types/url-join": "^4.0.0"
}
}
67 changes: 44 additions & 23 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@
integrity sha512-K1kQv1BZVtMXQqdpNZt9Pgh85KwamsWX9gYyq1xG4cpyb+EacfMiNfumrju16piFXanCUrCR0P1DowPjV2qV/A==

"@auto-it/bot-list@link:packages/bot-list":
version "10.32.0"
version "10.33.0"

"@auto-it/core@link:packages/core":
version "10.32.0"

version "10.33.0"
dependencies:
"@auto-it/bot-list" "link:packages/bot-list"
"@endemolshinegroup/cosmiconfig-typescript-loader" "^3.0.2"
Expand All @@ -43,7 +42,7 @@
io-ts "^2.1.2"
lodash.chunk "^4.2.0"
log-symbols "^4.0.0"
node-fetch "2.6.1"
node-fetch "2.6.7"
parse-author "^2.0.0"
parse-github-url "1.0.2"
pretty-ms "^7.0.0"
Expand All @@ -60,8 +59,7 @@
url-join "^4.0.0"

"@auto-it/npm@link:plugins/npm":
version "10.32.0"

version "10.33.0"
dependencies:
"@auto-it/core" "link:packages/core"
"@auto-it/package-json-utils" "link:packages/package-json-utils"
Expand All @@ -79,15 +77,13 @@
user-home "^2.0.0"

"@auto-it/package-json-utils@link:packages/package-json-utils":
version "10.32.0"

version "10.33.0"
dependencies:
parse-author "^2.0.0"
parse-github-url "1.0.2"

"@auto-it/released@link:plugins/released":
version "10.32.0"

version "10.33.0"
dependencies:
"@auto-it/bot-list" "link:packages/bot-list"
"@auto-it/core" "link:packages/core"
Expand Down Expand Up @@ -2408,15 +2404,6 @@
"@octokit/types" "^6.0.1"
bottleneck "^2.15.3"

"@octokit/[email protected]", "@octokit/request-error@^2.1.0":
version "2.1.0"
resolved "https://registry.yarnpkg.com/@octokit/request-error/-/request-error-2.1.0.tgz#9e150357831bfc788d13a4fd4b1913d60c74d677"
integrity sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==
dependencies:
"@octokit/types" "^6.0.3"
deprecation "^2.0.0"
once "^1.4.0"

"@octokit/request-error@^1.0.2":
version "1.2.1"
resolved "https://registry.yarnpkg.com/@octokit/request-error/-/request-error-1.2.1.tgz#ede0714c773f32347576c25649dc013ae6b31801"
Expand All @@ -2435,6 +2422,15 @@
deprecation "^2.0.0"
once "^1.4.0"

"@octokit/request-error@^2.1.0":
version "2.1.0"
resolved "https://registry.yarnpkg.com/@octokit/request-error/-/request-error-2.1.0.tgz#9e150357831bfc788d13a4fd4b1913d60c74d677"
integrity sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==
dependencies:
"@octokit/types" "^6.0.3"
deprecation "^2.0.0"
once "^1.4.0"

"@octokit/request@^5.2.0", "@octokit/request@^5.3.0", "@octokit/request@^5.4.12":
version "5.4.15"
resolved "https://registry.yarnpkg.com/@octokit/request/-/request-5.4.15.tgz#829da413dc7dd3aa5e2cdbb1c7d0ebe1f146a128"
Expand Down Expand Up @@ -2916,10 +2912,10 @@
dependencies:
"@types/node" "*"

"@types/node-fetch@2.5.8":
version "2.5.8"
resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.5.8.tgz#e199c835d234c7eb0846f6618012e558544ee2fb"
integrity sha512-fbjI6ja0N5ZA8TV53RUqzsKNkl9fv8Oj3T7zxW7FGv1GSH7gwJaNF8dzCjrqKaxKeUpTz4yT1DaJFq/omNpGfw==
"@types/node-fetch@2.6.1":
version "2.6.1"
resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.1.tgz#8f127c50481db65886800ef496f20bbf15518975"
integrity sha512-oMqjURCaxoSIsHSr1E47QHzbmzNR5rK8McHuNb11BOM9cHcIK3Avy0s/b2JlXHoQGTYS3NsvWzV1M0iK7l0wbA==
dependencies:
"@types/node" "*"
form-data "^3.0.0"
Expand Down Expand Up @@ -10652,6 +10648,13 @@ [email protected], node-fetch@^2.5.0, node-fetch@^2.6.0, node-fetch@^2.6.1:
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==

[email protected]:
version "2.6.7"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
dependencies:
whatwg-url "^5.0.0"

node-gyp@^5.0.2:
version "5.1.1"
resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-5.1.1.tgz#eb915f7b631c937d282e33aed44cb7a025f62a3e"
Expand Down Expand Up @@ -14437,6 +14440,11 @@ tr46@^2.0.2:
dependencies:
punycode "^2.1.1"

tr46@~0.0.3:
version "0.0.3"
resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=

traverse@^0.6.6:
version "0.6.6"
resolved "https://registry.yarnpkg.com/traverse/-/traverse-0.6.6.tgz#cbdf560fd7b9af632502fed40f918c157ea97137"
Expand Down Expand Up @@ -15263,6 +15271,11 @@ web-namespaces@^1.0.0, web-namespaces@^1.1.2:
resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-1.1.4.tgz#bc98a3de60dadd7faefc403d1076d529f5e030ec"
integrity sha512-wYxSGajtmoP4WxfejAPIr4l0fVh+jeMXZb08wNc0tMg6xsfZXj3cECqIK0G7ZAqUq0PP8WlMDtaOGVBTAWztNw==

webidl-conversions@^3.0.0:
version "3.0.1"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=

webidl-conversions@^4.0.2:
version "4.0.2"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-4.0.2.tgz#a855980b1f0b6b359ba1d5d9fb39ae941faa63ad"
Expand Down Expand Up @@ -15346,6 +15359,14 @@ whatwg-mimetype@^2.3.0:
resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf"
integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==

whatwg-url@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
dependencies:
tr46 "~0.0.3"
webidl-conversions "^3.0.0"

whatwg-url@^7.0.0:
version "7.1.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-7.1.0.tgz#c2c492f1eca612988efd3d2266be1b9fc6170d06"
Expand Down

0 comments on commit b63ef24

Please sign in to comment.