Skip to content

Commit

Permalink
0.36.6 (#1074)
Browse files Browse the repository at this point in the history
* fix: update `node-fetch` to 2.6.7 to fix a security vulnerability (#1072)

* chore: fix a security vulnerability in `node-fetch` prior to 2.6.7

A security issue was found in `node-fetch` versions up to 2.6.6
A fix was patched in 2.6.7:
node-fetch/node-fetch#1467

More about the vulnerability:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0235

* chore(security): update yarn.lock file

* fix: update "@mswjs/cookies" for safe `localStorage` access (#1071)

Co-authored-by: Matan Borenkraout <Matanbobi@gmail.com>
Co-authored-by: Akmurat Saktagan <mr.akmurat@gmail.com>
  • Loading branch information
3 people authored Jan 24, 2022
1 parent 7b8a09a commit fd4625d
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 7 deletions.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
],
"sideEffects": false,
"dependencies": {
"@mswjs/cookies": "^0.1.6",
"@mswjs/cookies": "^0.1.7",
"@mswjs/interceptors": "^0.12.7",
"@open-draft/until": "^1.0.3",
"@types/cookie": "^0.4.1",
Expand All @@ -77,7 +77,7 @@
"inquirer": "^8.2.0",
"is-node-process": "^1.0.1",
"js-levenshtein": "^1.1.6",
"node-fetch": "^2.6.1",
"node-fetch": "^2.6.7",
"path-to-regexp": "^6.2.0",
"statuses": "^2.0.0",
"strict-event-emitter": "^0.2.0",
Expand Down
35 changes: 30 additions & 5 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1574,10 +1574,10 @@
"@types/yargs" "^15.0.0"
chalk "^4.0.0"

"@mswjs/cookies@^0.1.6":
version "0.1.6"
resolved "https://registry.yarnpkg.com/@mswjs/cookies/-/cookies-0.1.6.tgz#176f77034ab6d7373ae5c94bcbac36fee8869249"
integrity sha512-A53XD5TOfwhpqAmwKdPtg1dva5wrng2gH5xMvklzbd9WLTSVU953eCRa8rtrrm6G7Cy60BOGsBRN89YQK0mlKA==
"@mswjs/cookies@^0.1.7":
version "0.1.7"
resolved "https://registry.yarnpkg.com/@mswjs/cookies/-/cookies-0.1.7.tgz#d334081b2c51057a61c1dd7b76ca3cac02251651"
integrity sha512-bDg1ReMBx+PYDB4Pk7y1Q07Zz1iKIEUWQpkEXiA2lEWg9gvOZ8UBmGXilCEUvyYoRFlmr/9iXTRR69TrgSwX/Q==
dependencies:
"@types/set-cookie-parser" "^2.4.0"
set-cookie-parser "^2.4.6"
Expand Down Expand Up @@ -6646,11 +6646,18 @@ nice-try@^1.0.4:
resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==

node-fetch@2.6.1, node-fetch@^2.6.1:
node-fetch@2.6.1:
version "2.6.1"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==

node-fetch@^2.6.7:
version "2.6.7"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
dependencies:
whatwg-url "^5.0.0"

node-forge@^0.10.0:
version "0.10.0"
resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
Expand Down Expand Up @@ -8565,6 +8572,11 @@ tr46@^2.1.0:
dependencies:
punycode "^2.1.1"

tr46@~0.0.3:
version "0.0.3"
resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=

trim-newlines@^3.0.0:
version "3.0.1"
resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-3.0.1.tgz#260a5d962d8b752425b32f3a7db0dcacd176c144"
Expand Down Expand Up @@ -8928,6 +8940,11 @@ wcwidth@^1.0.1:
dependencies:
defaults "^1.0.3"

webidl-conversions@^3.0.0:
version "3.0.1"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=

webidl-conversions@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff"
Expand Down Expand Up @@ -9100,6 +9117,14 @@ whatwg-mimetype@^2.3.0:
resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf"
integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==

whatwg-url@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
dependencies:
tr46 "~0.0.3"
webidl-conversions "^3.0.0"

whatwg-url@^8.0.0:
version "8.4.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.4.0.tgz#50fb9615b05469591d2b2bd6dfaed2942ed72837"
Expand Down

0 comments on commit fd4625d

Please sign in to comment.