`node-fetch` 2.6.1: security alert (CVE-2022-0235)
brycewray opened this issue · 2 comments
brycewray commented
The presence of node-fetch
2.6.1 in eleventy-cache-assets
is triggering GitHub's Dependabot alerts regarding CVE-2022-0235. Apparently nothing earlier than 3.1.1 is considered safe.
zachleat commented
Hey, I do have plans to update this explicitly but just as disclosure 2.6.7 is also patched and will be applied on a clean install per ^
install rules.
See also https://github.com/node-fetch/node-fetch/blob/HEAD/docs/v3-UPGRADE-GUIDE.md#converted-to-es-module